Analisis Keamanan Sistem Informasi Website SMA Negeri 1 Sokaraja Menggunakan Metode Penetration Testing Execution Standard (PTES)
Abstract
Technological developments in the world continue to advance along with current developments. It is also in line with the development of the internet today, where users are increasingly increasing. That way, it will be very vulnerable to hacker attacks. An attack that is often used by hackers to break into a database using SQL Injection techniques. SQL Injection is a hacking technique used to enter or infiltrate a website's database system, which aims to find out the contents of the database and the information contained on the site. In this research, researchers used the Penetration Testing Execution Standard (PTES) method to analyze vulnerabilities and also penetrate the SMA Negeri 1 Sokaraja website. The Penetraton Testing Execution Standard (PTES) method has 7 stages. The results of the security analysis of the SMA Negeri 1 Sokaraja website, found 11 vulnerabilities which were successfully scanned using the OWASP ZAP tool. Of the 11 vulnerabilities that were successfully scanned, there was 1 vulnerability that had the highest risk. This vulnerability is found in SQL Injection attacks. In this study, researchers managed to enter the MySQL database system of the SMA Negeri 1 Sokaraja website using the SQL Injection attack technique. In the SMA Negeri 1 Sokaraja website database, researchers managed to find important data such as the SMA Negeri 1 Sokaraja website admin username and password.
References
“Top 20 Countries with The Highest Number of Internet Users”. https://www.internetworldstats.com/top20.htm. (Diakses pada 18 Januari 2023).
H. Alfidzar and B. Parga Zen, “Journal of Informatics, Information System, Software Engineering and Applications Implementasi HoneyPy Dengan Malicious Traffic Detection System (Maltrail) Guna Mendeteksi Serangan DOS Pada Server,” vol. 4, no. 2, pp. 32–045, doi: 10.20895/INISTA.V4I2.
“Honeynet Project Bssn-Ihp Laporan Tahunan,” 2021. https://cloud.bssn.go.id/s/q5Hx6ifSj86cKnA#pdfviewer. (Diakses pada 18 Januari 2022).
Y. Mulyanto and E. Haryanti, “Sumbawa Menggunakan Metode Vulnerability Asesement”, JINTEKS, vol. 3, no. 3, 2021, doi: 10.51401.
A. M. Elu, “Rancang Bangun Aplikasi Pendeteksian Vulnerability Structured Query Language (Sql) Injection Untuk Keamanan Website”.
B. P. Zen, R. A. G. Gultom, A. H. S. Reksoprodjo, P. T. Penginderaan, T. Pertahanan, and U. Pertahanan, “Analisis Security Assessment Menggunakan Metode Penetration Testing Dalam Menjaga Kapabilitas Keamanan Teknologi Informasi Pertahanan Negara Security Assessment Analysis Using Penetration Testing Methods In Maintaining The Security Capability Of National Defense Information Technology”.
S. Utoro et al., “Analisis Keamanan Website E-Learning SMKN 1 Cibatu Menggunakan Metode Penetration Testing Execution Standard”.
Zen, B. P., Gultom, R. A., & Reksoprodjo, A. H, “Analisis Security Assessment Menggunakan Metode Penetration Testing dalam Menjaga Kapabilitas Keamanan Teknologi Informasi Pertahanan Negara,” Teknologi Penginderaan, vol 2, no. 1, pp. 105-122, 2020.
A. Kerentanan Keamanan, W. Menggunakan, D. Aryanti, N. Dan, and J. N. Utamajaya, “Metode Owasp (Open Web Application Security Project) Pada Dinas Tenaga Kerja,” 2021.
M. Yunus, “Analisis Kerentanan Aplikasi Berbasis Web Menggunakan Kombinasi Security Tools Project Berdasarkan Framework Owasp Versi 4,” Jurnal Ilmiah Informatika Komputer, vol. 24, no. 1, pp. 37–48, 2019, doi: 10.35760/ik.2019.v24i1.1988.
I. Riadi, A. Yudhana, and P. Korspondensi, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment,” vol. 7, no. 4, 2020, doi: 10.25126/jtiik.202071928.
A. Elanda and R. Lintang Buana, “Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada Stmik Rosma Dengan Menggunakan Owasp Top 10,” 2021.
E. Irawadi Alwi and F. Umar, “Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning,” 2020.
Purwanto Eko. “Keamanan Informasi”. https://bpptik.kominfo.go.id/2014/03/24/404/keamanan-informasi/. (Diakses pada 20 Desember 2022).
D. Napitupulu and M. Kom, “Kajian Peran Cyber Law Dalam Memperkuat Keamanan Sistem Informasi Nasional”.
Copyright (c) 2023 Muhammad Nur Fikri, Bita Parga Zen, Rifki Adhitama, Eryan Ahmad Firdaus
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
Under the following terms:
-
Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
-
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
-
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation.
-
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.