ANALISIS PENGUJIAN PENETRASI PADA LAYANAN HOSTING MENGGUNAKAN METODE BLACK BOX
DOI:
https://doi.org/10.54757/fs.v14i1.238Keywords:
Hosting, OWASP, ZAP, XSS, CSRFAbstract
Analyzing the security of hosting services is important to ensure website security. This research was conducted to test the
security level of the Village website. By using 15 samples with 5 websites each, on each Hosting service such as Wordpress,
Blogspot, and Shared Hosting. With the Black Box method and Google dork to find the target website to be tested. Open Web
Application Security Project (OWASP) Zed Attack Proxy (ZAP) to find security holes by scanning websites. The results
obtained are usually 3 types of vulnerabilities, namely Cross Site Scripting (XSS), Cross-Site Request Forgery (CSRF)
Tokens, and Clickjacking. After that, analyze the results by seeing how many warnings you get from the scanning process to
find out which hosting service has the highest level of security.
This research aims to help the village government build a secure village website. By choosing a safe hosting service and
knowing how to find security holes on the website that has been made, so that you can fix these security holes.
Keywords : Hosting, OWASP, ZAP, XSS, CSRF.
References
L. P. Simarmata, “PERKEMBANGAN TEKNOLOGI TERHADAP DESA TERPENCIL,” J. Lex Justitia, vol. 1, no. 1, Art. no. 1, Jul. 2019, doi: 10.22303/lex.
“SURAT KABAR DAN PERKEMBANGAN TEKNOLOGI: SEBUAH TINJAUAN KOMUNIKATIF | Jurnal Ilmu Politik dan Komunikasi.” https://ojs.unikom.ac.id/index.php/jipsi/article/vie w/3086 (accessed Oct. 12, 2022).
S. E. D. Kurniawan, A. Widodo, and A. Nugroho, “Meningkatkan Sistem Layanan Pelanggan Dengan Pendekatan Framework ITIL,” JOINTECS J. Inf. Technol. Comput. Sci., vol. 7, no. 1, Art. no. 1, Feb. 2022, doi: 10.31328/jointecs.v7i1.2550.
M. Y. Dm, V. Yola, D. Maiharani, and E. Dwi, “Analisis Terhadap Modus-Modus Dalam Hukum Cyber Crime,” J. Huk. Polit. DAN ILMU Sos., vol. 1, no. 2, Art. no. 2, Jun. 2022, doi: 10.55606/jhpis.v1i2.725.
I. Rosydi, A. Nugroho, and A. Ambarwati, “Sistem Monitoring BTS Pada Perusahaan Telekomunikasi Seluler Berbasis Aplikasi Mobile,” JOINTECS J. Inf. Technol. Comput. Sci., vol. 7, no. 3, Art. no. 3, Oct. 2022, doi: 10.31328/jointecs.v7i3.3782.
S. A. M. Babys, “ANCAMAN PERANG SIBER DI ERA DIGITAL DAN SOLUSI KEAMANAN NASIONAL INDONESIA,” Oratio Directa, vol. 3, no. 1, Art. no. 1, Nov. 2021, Accessed: Oct. 12, 2022. [Online]. Available: https://www.ejurnal.ubk.ac.id/index.php/oratio/ar ticle/view/163
S. F. Maulana and H. Suhendi, “PENGUJIAN CELAH KEAMANAN JARINGAN KOMPUTER PT. JIONA SEJATI DENGAN NETWORK PENETRATION TESTING,” EProsiding Tek. Inform. Prot., vol. 2, no. 1, Art. no. 1, Jul. 2021.
Zulkifli, Samsir, and A. Sirait, “Implementasi Max Length dan Input Type Number Pada Form Login Website Untuk Mencegah Penetrasi SQL Injeksi Secara Paksa,” U-NET J. Tek. Inform., vol. 4, no. 1, Art. no. 1, 2020, doi: 10.52332/u-net.v4i1.223.
A. P. Habibi and A. Nugroho, “AUDIT KEAMANAN SISTEM INFORMASI BERDASARKAN STANDAR ISO/IEC 27001: 2005 (STUDI KASUS: PT. APLIKANUSA LINTASARTA)”.
E. I. Alwi, H. Herdianti, and F. Umar, “Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning,” INFORMAL Inform. J., vol. 5, no. 2, pp. 43–48, Aug. 2020, doi: 10.19184/isj.v5i2.18941.
A. Jimi, “Rancang Bangun Sistem Informasi Desa Berbasis Website (Studi Kasus Desa Netpala),” J. Pendidik. Teknol. Inf.
JUKANTI, vol. 2, no. 1, Art. no. 1, May 2019, doi: 10.37792/jukanti.v2i1.17.
N. Singh, V. Meherhomji, and B. R. Chandavarkar, “Automated versus Manual Approach of Web Application Penetration Testing,” in 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Jul. 2020, pp. 1–6. doi: 10.1109/ICCCNT49239.2020.9225385.
Y. W, R. Anto, D. T. Yuwono, and Y. Yuliadi, “DETEKSI SERANGAN VULNERABILITY PADA OPEN JURNAL SYSTEM MENGGUNAKAN METODE BLACK-BOX,” J. Inform. Dan Rekayasa Elektron., vol. 4, no. 1, pp. 68–77, Apr. 2021, doi: 10.36595/jire.v4i1.365.
M. I. Kurniansyah and S. Sinurat, “Sistem Pendukung Keputusan Pemilihan Server Hosting Dan Domain Terbaik Untuk WEB Server Menerapkan Metode VIKOR,” J. Sist. Komput. Dan Inform. JSON, vol. 2, no. 1, Art. no. 1, Sep. 2020, doi: 10.30865/json.v2i1.2450.
M. Hasibuan and A. M. Elhanafi, “Penetration Testing Sistem Jaringan Komputer Menggunakan Kali Linux untuk Mengetahui Kerentanan Keamanan Server dengan Metode Black Box: Studi Kasus Web Server Diva Karaoke.co.id,” Sudo J. Tek. Inform., vol. 1, no. 4, Art. no. 4, Dec. 2022, doi: 10.56211/sudo.v1i4.160.
A. O. Bryushinin, A. V. Dushkin, and M.
A. Melshiyan, “Automation of the Information Collection Process by Osint Methods for Penetration Testing During Information Security Audit,” in 2022 Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus), Jan. 2022, pp. 242–246. doi: 10.1109/ElConRus54750.2022.9755812.
Nurbojatmiko, A. Lathifah, F. Bil Amri, and A. Rosidah, “Security Vulnerability Analysis of the Sharia Crowdfunding Website Using OWASP-ZAP,” in 2022 10th International Conference on Cyber and IT Service Management
(CITSM), Sep. 2022, pp. 1–5. doi: 10.1109/CITSM56380.2022.9935837.
Y. Putra, Y. Yuhandri, and S. Sumijan, “Meningkatkan Keamanan Web Menggunakan Algoritma Advanced Encryption Standard (AES) terhadap Seragan Cross Site Scripting,” J. Sistim Inf. Dan Teknol., pp. 56–63, Sep. 2021, doi: 10.37034/jsisfotek.v3i2.44.
M. Z. Zakaria and R. Kadir, “Risk Assessment of Web Application Penetration Testing on Cross-Site Request Forgery (CSRF) Attacks and Server-Side Includes (SSI) Injections,” in 2021 International Conference on Data Science and Its Applications (ICoDSA), Oct. 2021, pp. 85–90. doi: 10.1109/ICoDSA53588.2021.9617554.
L. E. Nilwanda, N. P. J. Maharani, A. N. Cahyani, and A. R. I. S, “KESADARAN ANCAMAN PRIVASI SERTA PERILAKU PERLINDUNGAN PRIVASI DALAM MENGGUNAKAN SOSIAL MEDIA:,” Pros. Semin. Nas. Teknol. Dan Sist. Inf., vol. 1, no. 1, Art. no. 1, 2021.
F. Ö. Sönmez and B. G. Kiliç, “Holistic Web Application Security Visualization for Multi- Project and Multi-Phase Dynamic Application Security Test Results,” IEEE Access, vol. 9, pp. 25858–25884, 2021, doi: 10.1109/ACCESS.2021.3057044.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Aditya Bimandaru
This work is licensed under a Creative Commons Attribution 4.0 International License.