Nur Siti Aisyah, Fasya Zulia Puspitasari, Kalpin Oktavianus Angga, Brili Rey Shandi
{"title":"通过渗透测试识别卫生部 Ayo Sehat 网站的漏洞","authors":"Nur Siti Aisyah, Fasya Zulia Puspitasari, Kalpin Oktavianus Angga, Brili Rey Shandi","doi":"10.47191/etj/v9i07.11","DOIUrl":null,"url":null,"abstract":"This research identifies security vulnerabilities on the \"Ayo Sehat Kemenkes\" website managed by the Ministry of Health of the Republic of Indonesia through penetration testing using the ISSAF (Information Systems Security Assessment Framework) framework. The methods used include information gathering, network mapping, vulnerability identification, and exploitation. Tools such as CMD, Whois, Nmap, and Subgraph Vega are used in the testing process. The research results found several vulnerabilities with different levels of severity: a high level vulnerability in the form of a social security number which can cause the risk of identity theft, a medium level vulnerability in the form of a local file system path which provides information about the structure of directories and files on the web server, and a low level vulnerability in the form of lots of email addresses and password forms with an active autocomplete feature. These findings demonstrate the importance of preventative measures to improve website security and protect user data.","PeriodicalId":507832,"journal":{"name":"Engineering and Technology Journal","volume":"91 7","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Identify Vulnerabilities on the Ministry of Health's Ayo Sehat Website Through Penetration Testing\",\"authors\":\"Nur Siti Aisyah, Fasya Zulia Puspitasari, Kalpin Oktavianus Angga, Brili Rey Shandi\",\"doi\":\"10.47191/etj/v9i07.11\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This research identifies security vulnerabilities on the \\\"Ayo Sehat Kemenkes\\\" website managed by the Ministry of Health of the Republic of Indonesia through penetration testing using the ISSAF (Information Systems Security Assessment Framework) framework. The methods used include information gathering, network mapping, vulnerability identification, and exploitation. Tools such as CMD, Whois, Nmap, and Subgraph Vega are used in the testing process. The research results found several vulnerabilities with different levels of severity: a high level vulnerability in the form of a social security number which can cause the risk of identity theft, a medium level vulnerability in the form of a local file system path which provides information about the structure of directories and files on the web server, and a low level vulnerability in the form of lots of email addresses and password forms with an active autocomplete feature. These findings demonstrate the importance of preventative measures to improve website security and protect user data.\",\"PeriodicalId\":507832,\"journal\":{\"name\":\"Engineering and Technology Journal\",\"volume\":\"91 7\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Engineering and Technology Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.47191/etj/v9i07.11\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Engineering and Technology Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.47191/etj/v9i07.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Identify Vulnerabilities on the Ministry of Health's Ayo Sehat Website Through Penetration Testing
This research identifies security vulnerabilities on the "Ayo Sehat Kemenkes" website managed by the Ministry of Health of the Republic of Indonesia through penetration testing using the ISSAF (Information Systems Security Assessment Framework) framework. The methods used include information gathering, network mapping, vulnerability identification, and exploitation. Tools such as CMD, Whois, Nmap, and Subgraph Vega are used in the testing process. The research results found several vulnerabilities with different levels of severity: a high level vulnerability in the form of a social security number which can cause the risk of identity theft, a medium level vulnerability in the form of a local file system path which provides information about the structure of directories and files on the web server, and a low level vulnerability in the form of lots of email addresses and password forms with an active autocomplete feature. These findings demonstrate the importance of preventative measures to improve website security and protect user data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
