Analisis Celah Keamanan Website Dinas Sosial Surabaya Menggunakan Metode Penetration Testing OWASP Top 10 Dan MITRE ATT&CK

Bagaskara, Bregas Arya (2025) Analisis Celah Keamanan Website Dinas Sosial Surabaya Menggunakan Metode Penetration Testing OWASP Top 10 Dan MITRE ATT&CK. Undergraduate thesis, UPN Veteran Jawa Timur.

[img] Text (Cover)
20081010108.-cover.pdf
Download (932kB)
[img] Text (Bab 1)
20081010108.-bab1.pdf
Download (24kB)
[img] Text (Bab 2)
20081010108.-bab2.pdf
Restricted to Repository staff only until 11 March 2027.
Download (548kB)
[img] Text (Bab 3)
20081010108.-bab3.pdf
Restricted to Repository staff only until 11 March 2027.
Download (799kB)
[img] Text (Bab 4)
20081010108.-bab4.pdf
Restricted to Repository staff only until 11 March 2027.
Download (6MB)
[img] Text (Bab 5)
20081010108.-bab5.pdf
Download (83kB)
[img] Text (Daftar pustaka)
20081010108.-daftarpustaka.pdf
Download (102kB)
[img] Text (Lampiran)
20081010108.-lampiran.pdf
Restricted to Repository staff only
Download (389kB)

Abstract

Information system security is a crucial aspect of technological development, especially in public service applications such as the Surabaya Social Service website. Technological advancements increase the potential for security vulnerabilities that can be exploited by malicious actors. This study aims to identify and analyze vulnerabilities on the website using penetration testing methods with the OWASP Top 10 and MITRE ATT&CK approaches. The testing process involves five main stages: information gathering, footprinting & scanning, vulnerability assessment, exploitation, and analyze & report. The OWASP Top 10 approach is used to evaluate the ten most critical vulnerabilities in web applications, while MITRE ATT&CK helps understand relevant attack tactics and techniques. The testing results show that out of 17 identified vulnerabilities, six major vulnerabilities were confirmed, namely Browsable Web Directories, web.config File Information Disclosure, Content Security Policy (CSP) Header Not Set, Strict-Transport-Security (HSTS) Header Not Set, Timestamp Disclosure - Unix, and X-Content-Type-Options Header Missing. To address these vulnerabilities, the implementation of security headers such as CSP, HSTS, and X-Content-Type-Options: nosniff is recommended, along with securing directories and sensitive configuration files to minimize data leakage risks. This study provides valuable insights into improving information system security in the government sector, ensuring better protection of user data from cyber threats.

Item Type: Thesis (Undergraduate)
Contributors:
ContributionContributorsNIDN/NIDKEmail
Thesis advisorIdhom, MohammadNIDN0010038305idhom@upnjatim.ac.id
UNSPECIFIEDWahanani, Henni EndahNIDN0022097811henniendah@upnjatim.ac.id
Subjects: T Technology > T Technology (General) > T385 Computer Graphics
T Technology > T Technology (General) > T58.6-58.62 Management Information Systems
Divisions: Faculty of Computer Science > Departemen of Informatics
Depositing User: Bregas Arya Bagaskara
Date Deposited: 12 Mar 2025 04:31
Last Modified: 12 Mar 2025 04:31
URI: https://repository.upnjatim.ac.id/id/eprint/35449

Actions (login required)

View Item View Item