{"title":"使用渗透测试执行标准(PTES)方法在网站上进行渗透测试","authors":"B. Kurniawan, Ikhwan Ruslianto","doi":"10.24114/cess.v8i2.47096","DOIUrl":null,"url":null,"abstract":"Indonesia merupakan salah satu negara yang memiliki tingkat kejahatan siber yang sangat tinggi di dunia. Masalah tersebut timbul akibat sumber daya manusia yang kurang memadai dan kurangnya perawatan berkala pada sistem digital di Indonesia. Salah satu perawatan yang dapat dilakukan adalah Penetration Testing sebagai evaluasi sistem digital agar lebih baik dan terhindar dari serangan siber. Metode yang dapat membantu dalam melakukan Penetration Testing adalah dengan metode Penetration Testing Execution Standard (PTES). Hasil yang didapatkan dari penelitian ini bahwa website https://k*****.go.id memiliki tiga belas kerentanan. Sehingga dari tiga belas kerentanan yang didapatkan dilakukan dengan tiga jenis serangan yang berbeda yaitu Clickjacking, SQL Injection, dan Cross Site Scripting (XSS). Ketiga jenis serangan tersebut hanya serangan Clickjacking yang berhasil dilakukan pada website https://k*****.go.id. Diperoleh kesimpulan bahwa website memiliki risiko kerentanan dan terjadinya serangan bernilai sedang dilihat berdasarkan OWASP ZAP Risk Rating Methodology.Indonesia is a country that has a very high cybercrime rate in the world. This problem arises due to inadequate human resources and a lack of regular maintenance of digital systems in Indonesia. One of the treatments that can be done is Penetration Testing as an evaluation of digital systems to make them better and avoid cyber attacks. A method that can assist in carrying out Penetration Testing is the Penetration Testing Execution Standard (PTES) method. The results obtained from this research are that the website https://k*****.go.id has thirteen vulnerabilities. So that the thirteen vulnerabilities found were carried out with three different types of attacks, namely Clickjacking, SQL Injection, and Cross Site Scripting (XSS). The only three types of attacks are clickjacking attacks that were successfully carried out on the https://k*****.go.id website. It is concluded that the website has a risk of vulnerability and the occurrence of attacks is worth being seen based on the OWASP ZAP Risk Rating Methodology.","PeriodicalId":53361,"journal":{"name":"CESS Journal of Computer Engineering System and Science","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Implementation of Penetration Testing on the Website Using the Penetration Testing Execution Standard (PTES) Method\",\"authors\":\"B. Kurniawan, Ikhwan Ruslianto\",\"doi\":\"10.24114/cess.v8i2.47096\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Indonesia merupakan salah satu negara yang memiliki tingkat kejahatan siber yang sangat tinggi di dunia. Masalah tersebut timbul akibat sumber daya manusia yang kurang memadai dan kurangnya perawatan berkala pada sistem digital di Indonesia. Salah satu perawatan yang dapat dilakukan adalah Penetration Testing sebagai evaluasi sistem digital agar lebih baik dan terhindar dari serangan siber. Metode yang dapat membantu dalam melakukan Penetration Testing adalah dengan metode Penetration Testing Execution Standard (PTES). Hasil yang didapatkan dari penelitian ini bahwa website https://k*****.go.id memiliki tiga belas kerentanan. Sehingga dari tiga belas kerentanan yang didapatkan dilakukan dengan tiga jenis serangan yang berbeda yaitu Clickjacking, SQL Injection, dan Cross Site Scripting (XSS). Ketiga jenis serangan tersebut hanya serangan Clickjacking yang berhasil dilakukan pada website https://k*****.go.id. Diperoleh kesimpulan bahwa website memiliki risiko kerentanan dan terjadinya serangan bernilai sedang dilihat berdasarkan OWASP ZAP Risk Rating Methodology.Indonesia is a country that has a very high cybercrime rate in the world. This problem arises due to inadequate human resources and a lack of regular maintenance of digital systems in Indonesia. One of the treatments that can be done is Penetration Testing as an evaluation of digital systems to make them better and avoid cyber attacks. A method that can assist in carrying out Penetration Testing is the Penetration Testing Execution Standard (PTES) method. The results obtained from this research are that the website https://k*****.go.id has thirteen vulnerabilities. So that the thirteen vulnerabilities found were carried out with three different types of attacks, namely Clickjacking, SQL Injection, and Cross Site Scripting (XSS). The only three types of attacks are clickjacking attacks that were successfully carried out on the https://k*****.go.id website. It is concluded that the website has a risk of vulnerability and the occurrence of attacks is worth being seen based on the OWASP ZAP Risk Rating Methodology.\",\"PeriodicalId\":53361,\"journal\":{\"name\":\"CESS Journal of Computer Engineering System and Science\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"CESS Journal of Computer Engineering System and Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.24114/cess.v8i2.47096\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"CESS Journal of Computer Engineering System and Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.24114/cess.v8i2.47096","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Implementation of Penetration Testing on the Website Using the Penetration Testing Execution Standard (PTES) Method
Indonesia merupakan salah satu negara yang memiliki tingkat kejahatan siber yang sangat tinggi di dunia. Masalah tersebut timbul akibat sumber daya manusia yang kurang memadai dan kurangnya perawatan berkala pada sistem digital di Indonesia. Salah satu perawatan yang dapat dilakukan adalah Penetration Testing sebagai evaluasi sistem digital agar lebih baik dan terhindar dari serangan siber. Metode yang dapat membantu dalam melakukan Penetration Testing adalah dengan metode Penetration Testing Execution Standard (PTES). Hasil yang didapatkan dari penelitian ini bahwa website https://k*****.go.id memiliki tiga belas kerentanan. Sehingga dari tiga belas kerentanan yang didapatkan dilakukan dengan tiga jenis serangan yang berbeda yaitu Clickjacking, SQL Injection, dan Cross Site Scripting (XSS). Ketiga jenis serangan tersebut hanya serangan Clickjacking yang berhasil dilakukan pada website https://k*****.go.id. Diperoleh kesimpulan bahwa website memiliki risiko kerentanan dan terjadinya serangan bernilai sedang dilihat berdasarkan OWASP ZAP Risk Rating Methodology.Indonesia is a country that has a very high cybercrime rate in the world. This problem arises due to inadequate human resources and a lack of regular maintenance of digital systems in Indonesia. One of the treatments that can be done is Penetration Testing as an evaluation of digital systems to make them better and avoid cyber attacks. A method that can assist in carrying out Penetration Testing is the Penetration Testing Execution Standard (PTES) method. The results obtained from this research are that the website https://k*****.go.id has thirteen vulnerabilities. So that the thirteen vulnerabilities found were carried out with three different types of attacks, namely Clickjacking, SQL Injection, and Cross Site Scripting (XSS). The only three types of attacks are clickjacking attacks that were successfully carried out on the https://k*****.go.id website. It is concluded that the website has a risk of vulnerability and the occurrence of attacks is worth being seen based on the OWASP ZAP Risk Rating Methodology.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
