Analisis Security Mitigation dengan Metode Vulnerability Assesment and Penetration Testing (VAPT) (Kasus Website Kerja Praktek dan Pengabdian Masyarakat)

Muhammad Iqbal Fadillah(1*), Umar Yunan Kurnia Sept Yanto(2), Muhammad Fathinuddin(3),

(1) Universitas Telkom, Indonesia
(2) Universitas Telkom, Indonesia
(3) Universitas Telkom, Indonesia
(*) Corresponding Author

Abstract


The current development of technology is progressing rapidly in line with the ease of accessing information through various means, whether through mobile applications or websites. This convenience has had a significant impact on various industries, governments, and educational institutions that utilize websites as information support for learning and teaching activities, including at XYZ Faculty. The website is used to manage student activities in Internship and Community Service (ICS). In previous research, vulnerability assessment was conducted to identify vulnerabilities on the website; however, no mitigation was implemented for the vulnerabilities found. Therefore, security mitigation is needed to address the risks associated with these vulnerabilities. The method used in this process is Vulnerability Assessment and Penetration Testing (VAPT) with gray box testing techniques, as well as the tools Burp Suite, Acunetix, and Nessus. Vulnerability analysis was performed on the identified vulnerabilities on the website to determine a list of vulnerabilities for further exploitation. Through testing on this ICS website, nine vulnerabilities were found, including one high-level vulnerability, four medium-level vulnerabilities, and four low-level vulnerabilities. These vulnerabilities were then mitigated, and the results showed that four out of the nine vulnerabilities were successfully mitigated, improving the website's security compared to before.

Full Text:

PDF

References


J. T. Umar, L. Baja, K. Batam-Indonesia, P. Kelengkapan, R. Al Amin, and E. A. Wibowo, “Pengaruh Kelengkapan Data ,Ketelitian, Kecepatan Terhadap Kepuasan Konsumen Pada Pt. Federal International Finance (FIF) Cabang Batam,” Jurnal Manajemen dan Kewirausahaan, vol. 1, no. 1, 2021.

S. Shah and B. M. Mehtre, “A Modern Approach to Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing,” International Journal of Electronics Communication and Computer Engineering, vol. 4, no. 6, 2013.

J. N. Goel and B. M. Mehtre, “Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology,” in Procedia Computer Science, 2015. doi: 10.1016/j.procs.2015.07.458.

J. T. Umar, L. Baja, K. Batam-Indonesia, P. Kelengkapan, R. Al Amin, and E. A. Wibowo, “Pengaruh Kelengkapan Data ,Ketelitian, Kecepatan Terhadap Kepuasan Konsumen Pada Pt. Federal International Finance (FIF) Cabang Batam,” Jurnal Manajemen dan Kewirausahaan, vol. 1, no. 1, 2021.

S. Shah and B. M. Mehtre, “A Modern Approach to Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing,” International Journal of Electronics Communication and Computer Engineering, vol. 4, no. 6, 2013.




DOI: http://dx.doi.org/10.30645/j-sakti.v7i2.683

Refbacks

  • There are currently no refbacks.



J-SAKTI (Jurnal Sains Komputer & Informatika)
Published Papers Indexed/Abstracted By:


Jumlah Kunjungan :

View My Stats