UTOMO, MOCH. WAHYU SAMPURNO (2026) SECURITY ANALYSIS USING THE HYBRID OWASP AND NIST SP 800-115 METHOD IN THE EAST JAVA DISKOMINFO SUBDOMAIN. Undergraduate thesis, UPN Veteran Jawa Timur.
|
Text (Cover)
22081010046.-Cover.pdf Download (755kB) | Preview |
|
|
Text (bab 1)
22081010046.-Bab1.pdf Download (266kB) | Preview |
|
![[img]](https://repository.upnjatim.ac.id/style/images/fileicons/text.png) |
Text (bab 2)
22081010046.-Bab2.pdf Restricted to Repository staff only until 13 April 2029. Download (1MB) | Request a copy |
|
|
Text (bab 3)
22081010046.-Bab3.pdf Restricted to Repository staff only until 13 April 2029. Download (942kB) | Request a copy |
|
|
Text (bab 4)
22081010046.-Bab4.pdf Restricted to Repository staff only until 13 April 2029. Download (3MB) | Request a copy |
|
|
Text (bab 5)
22081010046.-Bab5.pdf Restricted to Repository staff only until 13 April 2029. Download (171kB) | Request a copy |
|
|
Text (daftar pustaka)
22081010046.-Daftar Pustaka.pdf Download (231kB) | Preview |
|
|
Text (Lampiran)
22081010046.-Lampiran.pdf Restricted to Repository staff only until 13 April 2029. Download (265kB) | Request a copy |
Abstract
Government agencies’ increasing reliance on web technology has raised the risk of cyber threats. According to the 2023 report from the National Cyber and Crypto Agency, Indonesia experienced more than 370 million cyber incidents in 2022, with government institutions among the primary targets. This study aims to identify security vulnerabilities, evaluate security control compliance, and provide mitigation recommendations for the website of the Trenggalek Regional Forest Service Branch under Dinas Komunikasi dan Informatika of East Java Province. This research applies a grey-box penetration testing approach using a hybrid framework that integrates OWASP Top Ten 2021, OWASP WSTG, OWASP ASVS Level 2, NIST SP 800-115, and CVSS v3.1. The testing process consists of Planning, Discovery, Attack, and Reporting stages. Tools used include Nmap, Burp Suite, SQLMap, OWASP ZAP, Nuclei, and Wappalyzer. The results identified ten vulnerabilities mapped to the OWASP Top Ten 2021 categories. High-risk vulnerabilities were found in Broken Access Control, Cryptographic Failures, Identification and Authentication Failures, Software and Data Integrity Failures, and Security Logging and Monitoring Failures, with CVSS scores ranging from 7.3 to 8.8. Medium-risk vulnerabilities were also identified in several categories. This study demonstrates that the proposed hybrid framework provides a comprehensive and systematic approach for evaluating government website security.
| Item Type: | Thesis (Undergraduate) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Contributors: |
|
||||||||||||
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76.6 Computer Programming |
||||||||||||
| Divisions: | Faculty of Computer Science > Departemen of Informatics | ||||||||||||
| Depositing User: | Wahyu Sampurno Utomo | ||||||||||||
| Date Deposited: | 22 May 2026 06:41 | ||||||||||||
| Last Modified: | 22 May 2026 06:41 | ||||||||||||
| URI: | https://repository.upnjatim.ac.id/id/eprint/52162 |
Actions (login required)
 |
View Item |