利用渗透测试执行标准(PTES)方法进行信息系统安全分析，确定服务器安全漏洞

2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS Pub Date : 2021-10-28 DOI:10.1109/ICIMCIS53775.2021.9699285

Alvita Izana Kusumarini, H. Seta

{"title":"利用渗透测试执行标准(PTES)方法进行信息系统安全分析，确定服务器安全漏洞","authors":"Alvita Izana Kusumarini, H. Seta","doi":"10.1109/ICIMCIS53775.2021.9699285","DOIUrl":null,"url":null,"abstract":"Server security is indispensable as part of the protection and prevention of information theft measures. This aspect ignored by some agencies that already feel safe with the security conditions of the server network owned by installing antivirus or firewall on the server. There are still considerable agencies such as universities that constantly have not tightened the security of information on the server. Therefore, penetration testing required to determine vulnerabilities in the server by using Penetration Testing Execution Standard (PTES) method to find security gaps in an agency in this case, namely employee data servers at VWX University were in this research found vulnerabilities involves Cross-Site Tracing (CST) attacks, Sensitive Data Exposure, Password Guessing, DDoS Attack, and Sniffing activities that inflict access to the server system.","PeriodicalId":250460,"journal":{"name":"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Information System Security Analysis to Determine Server Security Vulnerability with Penetration Testing Execution Standard (PTES) Method at VWX University\",\"authors\":\"Alvita Izana Kusumarini, H. Seta\",\"doi\":\"10.1109/ICIMCIS53775.2021.9699285\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Server security is indispensable as part of the protection and prevention of information theft measures. This aspect ignored by some agencies that already feel safe with the security conditions of the server network owned by installing antivirus or firewall on the server. There are still considerable agencies such as universities that constantly have not tightened the security of information on the server. Therefore, penetration testing required to determine vulnerabilities in the server by using Penetration Testing Execution Standard (PTES) method to find security gaps in an agency in this case, namely employee data servers at VWX University were in this research found vulnerabilities involves Cross-Site Tracing (CST) attacks, Sensitive Data Exposure, Password Guessing, DDoS Attack, and Sniffing activities that inflict access to the server system.\",\"PeriodicalId\":250460,\"journal\":{\"name\":\"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS\",\"volume\":\"63 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIMCIS53775.2021.9699285\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIMCIS53775.2021.9699285","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

服务器安全是保护和预防信息盗窃不可或缺的一部分措施。在服务器上安装杀毒软件或防火墙所拥有的服务器网络的安全条件已经感到安全的一些机构忽略了这一点。目前仍有相当多的大学等机构一直没有加强服务器信息的安全性。因此，渗透测试需要通过使用渗透测试执行标准(PTES)方法来确定服务器中的漏洞，从而在本案例中找到机构中的安全漏洞，即VWX大学的员工数据服务器，在本研究中发现漏洞涉及跨站点跟踪(CST)攻击，敏感数据暴露，密码猜测，DDoS攻击和嗅探活动，从而对服务器系统进行访问。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Information System Security Analysis to Determine Server Security Vulnerability with Penetration Testing Execution Standard (PTES) Method at VWX University

Server security is indispensable as part of the protection and prevention of information theft measures. This aspect ignored by some agencies that already feel safe with the security conditions of the server network owned by installing antivirus or firewall on the server. There are still considerable agencies such as universities that constantly have not tightened the security of information on the server. Therefore, penetration testing required to determine vulnerabilities in the server by using Penetration Testing Execution Standard (PTES) method to find security gaps in an agency in this case, namely employee data servers at VWX University were in this research found vulnerabilities involves Cross-Site Tracing (CST) attacks, Sensitive Data Exposure, Password Guessing, DDoS Attack, and Sniffing activities that inflict access to the server system.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS

自引率

0.00%

发文量