Wibowo, Arif Setyo (2026) Security Testing of PT. XYZ E-Commerce Website Using PTES Method Based on NIST SP 800-115 and OWASP Top 10. Undergraduate thesis, UPN Veteran Jawa Timur.
|
Text (Cover)
21081010057-coverr.pdf Download (598kB) | Preview |
|
|
Text (Bab 1)
21081010057-bab1.pdf Download (164kB) | Preview |
|
|
Text (Bab 2)
21081010057-bab2.pdf Restricted to Repository staff only until 7 July 2029. Download (708kB) | Request a copy |
||
|
Text (Bab 3)
21081010057-bab3.pdf Restricted to Repository staff only until 7 July 2029. Download (517kB) | Request a copy |
||
|
Text (Bab 4)
21081010057-bab4.pdf Restricted to Repository staff only until 7 July 2029. Download (3MB) | Request a copy |
||
|
Text (Bab 5)
21081010057-bab5.pdf Download (154kB) | Preview |
|
|
Text (Daftar Pustaka)
21081010057-daftarpustaka.pdf Download (343kB) | Preview |
|
|
Text (Lampiran)
21081010057-lampiran.pdf Restricted to Repository staff only until 7 July 2029. Download (1MB) | Request a copy |
Abstract
The rapid growth of e-commerce in Indonesia has led to an increase in cybersecurity threats, with the National Cyber and Crypto Agency (BSSN) recording 610.63 million cyberattacks throughout 2024. PT. XYZ, a mattress manufacturer that recently launched its first e-commerce platform, has received 18,788 visitors in the first three months since launch, yet has never undergone any security testing, potentially exposing both the company and its customers to significant risks. This study aims to identify security vulnerabilities in the PT. XYZ e-commerce website using the Penetration Testing Execution Standard (PTES) method, carried out through seven stages from pre-engagement to reporting, guided by NIST SP 800-115 as the technical reference and OWASP Top 10 as the vulnerability classification framework. Automated scanning using OWASP ZAP identified 48 alerts consisting of 1 High, 14 Medium, 19 Low, and 14 Informational. The 14 Informational alerts were excluded as they did not indicate exploitable security weaknesses. Combined with 3 findings from manual scanning, a total of 37 vulnerabilities were successfully mapped to the OWASP Top 10 2021 categories, comprising 1 High, 16 Medium, and 20 Low. Of the 37 findings, six vulnerabilities were actively exploited: Clickjacking, CSP Header Not Set, Vulnerable JS Library, Cross-Domain Misconfiguration, Source Code Disclosure, and Username Enumeration & Brute Force. Five of these were categorized as medium risk and one as high risk. Each finding is accompanied by technical remediation recommendations to serve as a mitigation basis for PT. XYZ.
| Item Type: | Thesis (Undergraduate) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Contributors: |
|
||||||||||||
| Subjects: | T Technology > T Technology (General) | ||||||||||||
| Divisions: | Faculty of Computer Science > Departemen of Informatics | ||||||||||||
| Depositing User: | ARIF WIBOWO | ||||||||||||
| Date Deposited: | 07 Jul 2026 08:26 | ||||||||||||
| Last Modified: | 07 Jul 2026 08:43 | ||||||||||||
| URI: | https://repository.upnjatim.ac.id/id/eprint/54721 |
Actions (login required)
![]() |
View Item |
