Treffer: The Effect of Penetration Testing in Testing Security Holes on Websites (Case Study: Population and Civil Registration Office Kediri City) ; Pengaruh Penetration Testing Dalam Menguji Celah Keamanan Pada Website (Studi Kasus: Dinas Kependudukan dan Pencatatan Sipil Kota Kediri)

Title:
The Effect of Penetration Testing in Testing Security Holes on Websites (Case Study: Population and Civil Registration Office Kediri City) ; Pengaruh Penetration Testing Dalam Menguji Celah Keamanan Pada Website (Studi Kasus: Dinas Kependudukan dan Pencatatan Sipil Kota Kediri)
Authors:
Yudo, Yudo Bismo Utomo
Source:
MULTINETICS ; Vol. 10 No. 2 (2024): MULTINETICS Nopember (2024); 121-128 ; 2443-2334 ; 2443-2245 ; 10.32722/multinetics.v10i2
Publisher Information:
POLITEKNIK NEGERI JAKARTA
Publication Year:
2024
Subject Terms:
Penetration Testing, Website, Security Holes, Celah Keamanan
Document Type:
Fachzeitschrift article in journal/newspaper
File Description:
application/pdf
Language:
Indonesian
Relation:
http://jurnal.pnj.ac.id/index.php/multinetics/article/view/6633/3359; http://jurnal.pnj.ac.id/index.php/multinetics/article/view/6633
Availability:
http://jurnal.pnj.ac.id/index.php/multinetics/article/view/6633
Rights:
Copyright (c) 2024 MULTINETICS ; https://creativecommons.org/licenses/by-nc-sa/4.0
Accession Number:
edsbas.7641DF07
Database:
BASE

Weitere Informationen

In all-digital era now, every population data is stored and processed through the website. With this website, the flow of information and communication between residents and government can be done easily. However, behind these advantages, there are also several weaknesses, namely security holes that can be accessed by irresponsible people, as well as data leakage cases that often occur. Seeing these problems, the author tested security gaps using the penetration testing method on the Information Technology-Based Population Administration System Service (SAKTI) on website. The results obtained from this research, the SAKTI website managed by the Kediri City disdukcapil found the impact of an open response code gap with the possibility of sensitive data exposure and found upload pages for RCE (Remote Code Excecution) exploitation and malware inject. For the CVSS assessment, the Base Score gets 8.1 points at the High level. While the recommendation is in the form of improving unrestricted file upload and sensitive data exposure or information disclosure by restricting public access. ; Di era serba digital saat ini, setiap data kependudukan disimpan dan diolah melalui website. Dengan adanya website tersebut aliran informasi dan komunikasi antara penduduk dan pemerintahan dapat dilakukan dengan mudah. Akan tetapi dibalik kelebihan tersebut, terdapat juga beberapa kelemahan yaitu celah keamanan yang bisa akses oleh orang yang tidak bertanggung jawab, seperti halnya kasus kebocoran data yang sering terjadi. Melihat permasalahan tersebut, penulis melakukan uji celah keamanan menggunakan metode penetration testing pada website Pelayanan Sistem Administrasi Kependudukan Berbasis Teknologi Informasi (SAKTI). Hasil yang diperoleh dari penelitian ini, website SAKTI yang dikelola oleh disdukcapil Kota Kediri ditemukan impact adanya celah response code terbuka yang mengizinkan penyerang untuk menyisipkan file berupa malware maupun shellcode, eksekusi jarak jauh (RCE) dan serangan XSS yang menyebabkan terjadinya sensitive data ...