PENETRATION TESTING WEBSITE RUMAH POTONG HEWAN SURABAYA MENGGUNAKAN OWASP TOP 10 DAN NIST SP 800-115

Vierino, Farrel Tiuraka (2026) PENETRATION TESTING WEBSITE RUMAH POTONG HEWAN SURABAYA MENGGUNAKAN OWASP TOP 10 DAN NIST SP 800-115. Undergraduate thesis, UPN Veteran Jawa Timur.

[img] Text (Cover)
21081010222.-cover.pdf
Download (912kB)
[img] Text (Bab 1)
21081010222.-bab1.pdf
Download (184kB)
[img] Text (Bab 2)
21081010222.-bab2.pdf
Restricted to Repository staff only until 9 January 2029.
Download (856kB) | Request a copy
[img] Text (Bab 3)
21081010222.-bab3.pdf
Restricted to Repository staff only until 9 January 2029.
Download (446kB) | Request a copy
[img] Text (Bab 4)
21081010222.-bab4.pdf
Restricted to Repository staff only until 9 January 2029.
Download (2MB) | Request a copy
[img] Text (Bab 5)
21081010222.-bab5.pdf
Download (192kB)
[img] Text (Daftar pustaka)
21081010222.-daftarpustaka.pdf
Restricted to Repository staff only
Download (236kB) | Request a copy
[img] Text (Lampiran)
21081010222.-lampiran.pdf
Restricted to Repository staff only until 9 January 2029.
Download (512kB) | Request a copy

Abstract

Websites are one of the important media for delivering information and public services; therefore, security aspects are crucial to be considered. The RPH Surabaya website, which serves as a public information platform, has potential security risks if regular testing is not conducted. This study aims to analyze security vulnerabilities on the RPH Surabaya website using penetration testing methods based on the OWASP Top 10 2021 standard as a reference for vulnerability classification and NIST SP 800 115 as the testing methodology guideline. The testing stages include information gathering, vulnerability scanning, and an attack stage to validate the identified vulnerabilities. The vulnerability scanning stage detected 13 vulnerabilities categorized under OWASP Top 10 2021. After validation in the attack stage, 10 vulnerabilities were confirmed as valid, namely Absence of Anti-CSRF Tokens, Directory Browsing, Content Security Policy Header Not Set, Missing Anti clickjacking Header, Vulnerable JavaScript Library, Cookie No HttpOnly Flag, Cookie Without SameSite Attribute, Strict-Transport-Security Header Not Set, X Content-Type-Options Header Missing, and User Controllable HTML Element Attribute (Potential XSS). Most of the identified vulnerabilities fall into the categories of A05: Security Misconfiguration and A03: Injection. Based on the research results, it can be concluded that the RPH Surabaya website still has weaknesses in security aspects; therefore, the implementation of improvement recommendations is required to enhance security levels and minimize the risk of future cyber attacks.

Item Type: Thesis (Undergraduate)
Contributors:
ContributionContributorsNIDN/NIDKEmail
Thesis advisorWahanani, Henni EndahNIDN0022097811henniendah@upnjatim.ac.id
Thesis advisorJunaidi, AchmadNIDN0710117803achmadjunaidi.if@upnjatim.ac.id
Subjects: T Technology > T Technology (General)
Divisions: Faculty of Computer Science > Departemen of Informatics
Depositing User: Farrel Tiuraka Vierino
Date Deposited: 09 Feb 2026 07:40
Last Modified: 10 Feb 2026 03:39
URI: https://repository.upnjatim.ac.id/id/eprint/49324

Actions (login required)

View Item View Item