Identify Vulnerabilities on the Ministry of Health's Ayo Sehat Website Through Penetration Testing

Abstract

This research identifies security vulnerabilities on the "Ayo Sehat Kemenkes" website managed by the Ministry of Health of the Republic of Indonesia through penetration testing using the ISSAF (Information Systems Security Assessment Framework) framework. The methods used include information gathering, network mapping, vulnerability identification, and exploitation. Tools such as CMD, Whois, Nmap, and Subgraph Vega are used in the testing process. The research results found several vulnerabilities with different levels of severity: a high level vulnerability in the form of a social security number which can cause the risk of identity theft, a medium level vulnerability in the form of a local file system path which provides information about the structure of directories and files on the web server, and a low level vulnerability in the form of lots of email addresses and password forms with an active autocomplete feature. These findings demonstrate the importance of preventative measures to improve website security and protect user data.