Deteksi Tingkat Kerentanan Keamanan Website dengan Metode Manual Pentest dan Tools Xspear

Ahmad Jazuli; Irma Salamah; Sopian Soim

doi:10.29408/edumatic.v8i2.27109

Authors

Ahmad Jazuli Program Studi Sarjana Terapan Teknik Telekomunikasi, Politeknik Negeri Sriwijaya
Irma Salamah Program Studi Sarjana Terapan Teknik Telekomunikasi, Politeknik Negeri Sriwijaya
Sopian Soim Program Studi Sarjana Terapan Teknik Telekomunikasi, Politeknik Negeri Sriwijaya

DOI:

https://doi.org/10.29408/edumatic.v8i2.27109

Keywords:

sql injection, vulnerability, website, xspear

Abstract

Currently, the internet has evolved into a source of information across various fields and demographics, making it easily accessible to many people. SQL injection and XSS payloads are among the most common types. The objective of this research is to detect the level of vulnerability of security gaps found and provide recommendations to the host for mitigating those risks. This research is qualitative in nature, focused on detecting the security gap levels on the Hotel Embryo website. The study uses vulnerability evaluation and penetration testing methods, with a manual penetration testing approach targeting specific URLs and vulnerability scanning using the Xspear tool. The research stages begin with gathering information from relevant sources through case studies and literature reviews of scientific articles, software and tools installation, followed by the core phase, which involves exploitation through pentest techniques and documenting the analysis results of the vulnerabilities found. The research subject is the Hotel Embryo website, and the research object is the security vulnerabilities detected on the website. Our findings identified a parameter in the room menu of the Hotel Embryo website, where 10 vulnerabilities with a HIGH status were discovered, posing significant risks, particularly to important data such as administrative information, personal data, institutional details, and more, which could be hacked and misused by cyber attackers.

References

Allo, A. K., & Widiasari, I. R. (2024). Analisis Keamanan Website SIASAT Menggunakan Teknik Footprinting dan Vulnerability Scanning. Jurnal JTIK (Jurnal Teknologi Informasi Dan Komunikasi), 8(2), 316-323. https://doi.org/10.35870/jtik.v8i2.1723

Andarini, R. Y., Hendradi, P., & Nugroho, S. (2023). Meningkatkan Keamanan Terhadap SQL Injection Studi Kasus Sistem Kepegawaian BNN. Indonesian Journal of Business Intelligence (IJUBI), 6(1), 34-42. https://doi.org/10.21927/ijubi.v6i1.3161

Anwari, Z. A., Wedana, I. G. P., Deva, J., Widyaputra, K. D. D., Saskara, G. A. J., & Listartha, I. M. E. (2022). Analisis Kerentanan Pada Suatu Website Menggunakan Tools Xspear, Xsscon, Dan Pwnxss. Jurnal Informatika Teknologi Dan Sains, 4(4), 406–412. https://doi.org/10.51401/jinteks.v4i4.2104

Armadhani, A. P., Nofriansyah, D., & Ibnutama, K. (2022). Analisis Keamanan Untuk Mengetahui Vulnerability Pada DVWA Lab esting Menggunakan Penetration Testing Standart OWASP. Jurnal SAINTIKOM (Jurnal Sains Manajemen Informatika Dan Komputer), 21(2), 80. https://doi.org/10.53513/jis.v21i2.6119

Armando, R., Melyantara, I. G. A. K. A., Elfariani, R., Latuconsina, D. F. A., & Nasrullah, M. (2022). IT Support Website Security Evaluation Using Vulnerability Assessment Tools. Journal of Information Systems and Informatics, 4(4), 949–957. https://doi.org/10.51519/journalisi.v4i4.330

Astriani, T. (2021). Analisa Kerentanan Pada Vulnerable Docker Menggunakan Scanner Openvas Dan Docker Scan Dengan Acuan Standar Nist 800-115. JATISI (Jurnal Teknik Informatika Dan Sistem Informasi), 8(4), 2041–2050. https://doi.org/10.35957/jatisi.v8i4.1232

Cahyo, M. N. (2022). Implementation of Search Engine Optimalization (SEO) on the Village-Owned Enterprises Luhur Sembada Website. Edumatic: Jurnal Pendidikan Informatika, 6(2), 186-194. https://doi.org/10.29408/edumatic.v6i2.6259

Dasmen, R. N., Rasmila, R., Widodo, T. L., Kundari, K., & Farizky, M. T. (2023). Pengujian Penetrasi Pada Website Elearning2.Binadarma.Ac.Id Dengan Metode Ptes (Penetration Testing Execution Standard). Jurnal Komputer Dan Informatika, 11(1), 91–95. https://doi.org/10.35508/jicon.v11i1.9809

Herawati, N., Budiyanto, V., & Uminingsih. (2023). Analisis Keamanan Sebuah Domain Menggunakan Open Web Application Security Project (OWASP) Zap. Jurnal Teknologi Technoscientia, 15(2), 27–36. https://doi.org/10.34151/technoscientia.v15i2.4013

Laksono, A. T., & Santoso, J. D. (2021). Analysis of Website Security of SMKN 1 Pangandaran Against SQL Injection Attack Using OWASP Method. The IJICS (International Journal of Informatics and Computer Science), 5(2), 209. https://doi.org/10.30865/ijics.v5i2.3208

Nugraha, L. A., Kautsar, I. A., & Fitrani, A. S. (2024). SQL Injection: Analisis Efektivitas Uji Penetrasi dalam Aplikasi Web. Smatika Jurnal, 14(01), 111–123. https://doi.org/10.32664/smatika.v14i01.1224

Pranata, E. J. (2023). Optimalisasi Keamanan Jaringan Komputer Pada Web E-Commerce Menggunakan Netfilter. Cyber Security Dan Forensik Digital, 6(1), 18–24. https://doi.org/10.14421/csecurity.2023.6.1.2337

Pratama, I. P. A. E., & Wiradarma, A. A. B. A. (2019). Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company). International Journal of Computer Network and Information Security, 11(7), 8–12. https://doi.org/10.5815/ijcnis.2019.07.02

Ramadhan, R. S., Widjajarto, A., & Almaarif, A. (2022). Vulnerability Management Pada Vulnerable Docker Menggunakan Clair Scanner Dan Joomscan Berdasarkan Standar GSA CIO-IT Security-17-80. Jurnal Sistem Komputer Dan Informatika (JSON), 4(1), 85-93. https://doi.org/10.30865/json.v4i1.4789

Riyanti, A., Rahmanto, B. M., Hardianto, D. R., Yuristiawan, R. D. A., & Setiawan, A. (2024). Uji Penetrasi Injeksi SQL terhadap Celah Keamanan Database Website menggunakan SQLmap. Journal of Internet and Software Engineering, 1(4), 1-9. https://doi.org/10.47134/pjise.v1i4.2623

Sanjaya, I. G. A. S., Sasmita, G. M. A., & Sri Arsa, D. M. (2020). Information technology risk management using ISO 31000 based on issaf framework penetration testing (Case study: Election commission of x city). International Journal of Computer Network and Information Security, 12(4), 30–40. https://doi.org/10.5815/ijcnis.2020.04.03

Sansena, Y., & Samsudin, S. (2023). Aplikasi Perhitungan Penyusutan Inventaris Barang menggunakan Decreasing Charge Method Berbasis Website. Edumatic: Jurnal Pendidikan Informatika, 7(1), 169-177. https://doi.org/10.29408/edumatic.v7i1.17572

Soewoeh, C. A. J., Tenda, E., Ketaren, E., Kalengkongan, W. W., & Takaendengan, M. I. (2023). Analisa Kerentanan Website Fmipa Unsrat Berdasarkan Open Web Application Security Project Top 10 Framework. Journal of Engineering, Computer Science and Information Technology (JECSIT), 2(2), 137–143. https://doi.org/10.33365/jecsit.v2i2.251

Suhaila, D., Muhammad Karim Bachtiar, & Tedi Kurniawan. (2024). Ananlisis Vulnerabilitas dan Pengujian Terhadap Google Gruyere. Journal of Internet and Software Engineering, 1(3), 1-10. https://doi.org/10.47134/pjise.v1i3.2574

Sutabri, T., Wijaya, A., Herdiansyah, M. I., & Negara, E. S. (2024). Evaluasi Risiko Celah Keamanan Aplikasi E-Office menggunakan Metode OWASP. Edumatic: Jurnal Pendidikan Informatika, 8(1), 113-122. https://doi.org/10.29408/edumatic.v8i1.25463

Zabar, A. A., & Novianto, F. (2015). Keamanan Http Dan Https Berbasis Web Menggunakan Sistem Operasi Kali Linux. Komputa : Jurnal Ilmiah Komputer Dan Informatika, 4(2), 69–74. https://doi.org/10.34010/komputa.v4i2.2427

Zirwan, A. (2022). Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner. Jurnal Informasi Dan Teknologi, 4(1), 70–75. https://doi.org/10.37034/jidt.v4i1.19

Deteksi Tingkat Kerentanan Keamanan Website dengan Metode Manual Pentest dan Tools Xspear

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

addmenu

template_bar

Certificate

info

Edumatic: Jurnal Pendidikan Informatika