Testing posketanmu website with google penetration testing and OWASP Top 10
Main Article Content
Abstract
Data integrity has become vital in the quickly evolving digital era, pushing cybersecurity to a critical concern. Securing cybersecurity is crucial for systems such as the Posketanmu website in Mojokerto Regency, as it is responsible for safeguarding sensitive personal information. The objective of this research is to detect, evaluate, and exploit on any security weaknesses present on the Posketanmu website. The methodology combines the Google Penetration Testing strategy with the latest OWASP Top 10 2021 criteria. The penetration testing procedure comprises five distinct steps: Initially, the process involves collecting data and comprehending the platform by utilizing several programs such as Nmap, Nslookup, Wappalizer, Whatweb, Whois, and Google Hacking. Furthermore, the process involves utilizing ZAP to do vulnerability scanning, resulting in the creation of thorough reports. Furthermore, doing a vulnerability assessment, which involves manual testing and classification according to OWASP standards. Furthermore, effectively capitalizing on all eleven identified vulnerabilities. Ultimately, the task involves adhering to the OWASP Top 10 2021 standards by documenting, reporting, and suggesting solutions for any identified issues. This investigation found and resolved four significant security vulnerabilities on the Posketanmu website: stored XSS, unset CSP header, unset Strict-Transport-Security header, and open redirect. The implementation of Google Penetration Testing and adherence to the OWASP Top 10 2021 criteria have greatly improved the security of the Posketanmu website, ensuring the protection of Mojokerto Regency citizens' data.
Downloads
Article Details
Baballe, M. A., Polytechnic, K. S., & Polytechnic, K. S. (2022). Review of Computer Engineering Research. 9(May), 1–22.
Charles J. Brooks, Christopher Grow, Philip Craig, D. S. (2018). Cybersecurity Essentials. John Wiley & Sons, Inc. https://doi.org/10.1002/9781119369141
Dayan, R., Muhyidin, Y., & Singasatia, D. (2023). Analisis Keamanan Jaringan Pada Wireless Local Area Network Terhadap Serangan Brute Force Menggunakan Metode Penetration Testing. JATI (Jurnal Mahasiswa Teknik Informatika), 7(3), 2051–2056. https://doi.org/10.36040/jati.v7i3.7097
Deng, G., Liu, Y., Mayoral-Vilches, V., Liu, P., Li, Y., Xu, Y., Zhang, T., Liu, Y., Pinzger, M., & Rass, S. (2023). PentestGPT: An LLM-empowered Automatic Penetration Testing Tool. 1–17.
EITCA. (2023). What is Google hacking and how is it used in penetration testing for web applications? Eitca.Org.
Fachri, F. (2023). Optimasi Keamanan Web Server Terhadap Serangan Brute-Force Menggunakan Penetration Testing. Jurnal Teknologi Informasi Dan Ilmu Komputer, 10(1), 51–58. https://doi.org/10.25126/jtiik.20231015872
Febriani, P. (2023). BSSN Catat 370,02 Juta Serangan Siber ke Indonesia pada 2022. DataIndonesia.Id.
Gary Mcgraw Brad Arkin, S. S. (2005). Building Security In - Software penetration testing. Software Penetration Testing.
Kendek Allo, A., & Widiasari, I. R. (2024). Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning. Jurnal JTIK (Jurnal Teknologi Informasi Dan Komunikasi), 8(2), 316–323. https://doi.org/10.35870/jtik.v8i2.1723
Kominfo. (2018). Indonesia Negara Ketiga Paling Sering Terkena Serangan Siber. Kominfo.Go.Id.
KOMINFO. (2016). Kebijakan Keamanan dan Pertahanan Siber. Aptika.Kominfo.Go.Id.
Long, J. (2004). Google Hacking for Penetration Testers (D. Bordwell (Ed.)). Andrew Wiliam.
M. Ferdy Adriant, I. M. (2015). 172890-ID-none. Implementasi Wireshark Untuk Penyadapan (Sniffing) Paket Data Jaringan, 224–228.
Mada, M. (2021). Install Bettercap di Kali Linux 2020.x. Medium.Com.
Mundalik, S. S. (2015). Penetration Testing: An Art of Securing the System (Using Kali Linux). International Journal of Advanced Research in Computer Science and Software Engineering, 5(10), 235–242.
Odun-Ayo, I., Owoka, E., Okuoyo, O., Ogunsola, O., Ikoh, O., Adeosun, O., Etukudo, D., Robert, V., & Oyeyemi, G. (2022). Evaluating Common Reconnaissance Tools and Techniques for Information Gathering. Journal of Computer Science, 18(2), 103–115. https://doi.org/10.3844/jcssp.2022.103.115
OWASP Top Ten. (n.d.). OWASP.
Pram, E. (2023). Apa itu Wappalyzer? dan Cara Menggunakannya. Prameko.Com.
Prasad, P. (2016). Mastering Modern Web Penetration Testing. Packt Publishing.
Priambodo, D. F., Rifansyah, A. D., & Hasbi, M. (2023). Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating. Teknika, 12(1), 33–46. https://doi.org/10.34148/teknika.v12i1.571
Thaoqid, H. (2023). Pelayanan Administrasi Kependudukan di Kabupaten Mojokerto Dikeluhkan Warga. Jatim.Times.Co.Id.
Umar, R., Riadi, I., & Elfatiha, M. I. A. (2023). Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF. Jutisi: Jurnal Ilmiah Teknik Informatika Dan Sistem Informasi, 12(1).
Wang, L., Abbas, R., Almansour, F. M., Gaba, G. S., Alroobaea, R., & Masud, M. (2021). An empirical study on vulnerability assessment and penetration detection for highly sensitive networks. Journal of Intelligent Systems, 30(1), 592–603. https://doi.org/10.1515/jisys-2020-0145
Zen Munawar, S. T., Kom, S., Kom, M., Putri, N. I., Kharisma, I. L., Kom, M., Insany, G. P., ST, S., Kom, M., & Nurhadi, S. (2023). Keamanan Sistem Informasi: Prinsip Dasar, Teori, dan Rekayasa Penerapan Konsep. Kaizen Media Publishing.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.