Analisis Keamanan Website Sipatca Menggunakan Metode Penetration Testing Berbasis ISSAF dan OWASP WSTG V4.2

Arganta, Muhammad Rafi (2026) Analisis Keamanan Website Sipatca Menggunakan Metode Penetration Testing Berbasis ISSAF dan OWASP WSTG V4.2. Undergraduate thesis, Universitas Pembangunan Nasional Veteran Jawa Timur.

[img]
Preview
 Text (cover)
cover br.pdf
Download (839kB) | Preview
[img]
Preview
 Text (Bab 1)
Bab 1.pdf
Download (270kB) | Preview
[img] Text (Bab 2)
Bab 2.pdf
Restricted to Repository staff only until 26 May 2028.
Download (484kB)
[img] Text (Bab 3)
Bab 3.pdf
Restricted to Repository staff only until 26 May 2028.
Download (355kB)
[img] Text (Bab 4)
Bab 4.pdf
Restricted to Repository staff only until 26 May 2028.
Download (2MB)
[img]
Preview
 Text (Bab 5)
Bab 5.pdf
Download (252kB) | Preview
[img]
Preview
 Text (Daftar Pustaka)
Daftar Pustaka.pdf
Download (194kB) | Preview
[img] Text (Lampiran)
Lampiran.pdf
Restricted to Repository staff only
Download (3MB)

Abstract

The SIPATCA Website (Integrated Academic Community Administrative Service Information System) of the Faculty of Computer Science, Universitas Pembangunan Nasional “Veteran” East Java, is used as an administrative correspondence service that potentially manages sensitive data. Therefore, security testing is required to identify potential vulnerabilities that may cause risks such as data leakage and unauthorized access. This research aims to analyze the security of the SIPATCA Website using a penetration testing method with a black box approach based on the Information System Security Assessment Framework (ISSAF) and the OWASP Web Security Testing Guide (WSTG) v4.2. The results of the study indicate that the system still has several security vulnerabilities related to server configuration and client-side security, such as the absence of security headers implementation, the use of autocomplete features in password fields, browser cache weaknesses, and disclosure of server version information and internal website structure. These vulnerabilities may increase the risk of information leakage and browser-based attacks. However, no critical vulnerabilities such as SQL Injection, Cross Site Scripting (XSS), or authentication bypass were found. Based on the analysis results, the SIPATCA Website is categorized as having a low to medium risk level and requires periodic improvements in security configuration, server hardening, and overall website security

Item Type: Thesis (Undergraduate)
Contributors:
ContributionContributorsNIDN/NIDKEmail
Thesis advisorWahyuni, Eka DyarNIDN0001128406ekawahyuni.si@upnjatim.ac.id
Thesis advisorMukhlis, Iqbal RamadhaniNIDN0705039304Iqbal.ramadhani.fasilkom@upnjatim.ac.id
Subjects: Q Science > Q Science (General)
T Technology > T Technology (General)
Divisions: Faculty of Computer Science > Departemen of Information Systems
Depositing User: Muhammad Rafi Arganta
Date Deposited: 26 May 2026 02:45
Last Modified: 26 May 2026 04:57
URI: https://repository.upnjatim.ac.id/id/eprint/52567

Actions (login required)

View Item View Item