EVALUATION OF MAJADIGI WEB APPLICATION VULNERABILITIES BASED ON VAPT FRAMEWORK WITH MITRE ATT&CK MAPPING AND CVSS ASSESSMENT

Putri Salsabila, Belia (2026) EVALUATION OF MAJADIGI WEB APPLICATION VULNERABILITIES BASED ON VAPT FRAMEWORK WITH MITRE ATT&CK MAPPING AND CVSS ASSESSMENT. Undergraduate thesis, UPN Veteran Jawa Timur.

[img] Text (Cover)
22081010311.-cover.pdf
Download (1MB)
[img] Text (Bab 1)
22081010311.-bab1.pdf
Download (98kB)
[img] Text (Bab 2)
22081010311.-bab2.pdf
Restricted to Repository staff only until 17 June 2029.
Download (997kB)
[img] Text (Bab 3)
22081010311.-bab3.pdf
Restricted to Repository staff only until 17 June 2029.
Download (976kB)
[img] Text (Bab 4)
22081010311.-bab4.pdf
Restricted to Repository staff only until 17 June 2029.
Download (5MB)
[img] Text (Bab 5)
22081010311.-bab5.pdf
Download (96kB)
[img] Text (Daftar Pustaka)
22081010311.-daftarpustaka.pdf
Download (909kB)
[img] Text (Lampiran)
22081010311.-lampiran.pdf
Restricted to Repository staff only until 17 June 2029.
Download (194kB)

Abstract

Cybersecurity threats against e-government portals continue to escalate, yet integrated security evaluations of public service systems in Indonesia remain scarce. MAJADIGI (majadigi.jatimprov.go.id), a web application owned by the Department of Communication and Informatics of East Java Province, serves as a Single Sign-On portal managing citizen’s personal data through a centralized authentication service, yet has never undergone systematic security assessment. This study proposes an integrated evaluation approach combining Vulnerability Assessment and Penetration Testing (VAPT) with MITRE ATT&CK Enterprise mapping and CVSS v3.1 scoring simultaneously a combination that has rarely been applied to provincial-level e-government systems. Grey-box testing was conducted under official authorization from the East Java Provincial Department of Communication and Informatics using OWASP ZAP, Nessus, Burp Suite, SQLmap, Nmap, and several supporting tools. Values of the 12 vulnerability indications detected, manual validation confirmed 9 True Positives distributed across three OWASP Top 10:2021 categories: A05:2021-Security Misconfiguration in 6 findings, A01:2021-Broken Access Control in 2 findings, and A07:2021-Identification and Authentication Failures in 1 finding. MITRE ATT&CK mapping identified two interconnected attack chains, while CVSS v3.1 scoring yielded a score range of 4.3-6.9 at Medium risk level. The JWT in Browser localStorage finding, with a score of 6.9, was designated the highest mitigation priority due to its potential to expose user’s personal data protected under Indonesian Law No. 27 of 2022 on Personal Data Protection. The results demonstrate that the integrated approach produces a more comprehensive security evaluation compared to single-framework methods, while also generating structured and technically validated mitigation recommendations. Keywords: VAPT, OWASP Top 10:2021, MITRE ATT&CK, CVSS v3.1, web application security, e-government

Item Type: Thesis (Undergraduate)
Contributors:
ContributionContributorsNIDN/NIDKEmail
Thesis advisorHenni Endah, WahananiNIDN0022097811henniendah.if@upnjatim.ac.id
Thesis advisorAchmad, JunaidiNIDN0710117803achmadjunaidi.if@upnjatim.ac.id
Subjects: T Technology > T Technology (General)
Divisions: Faculty of Computer Science > Departemen of Informatics
Depositing User: Belia Putri Salsabila
Date Deposited: 17 Jun 2026 03:45
Last Modified: 17 Jun 2026 03:58
URI: https://repository.upnjatim.ac.id/id/eprint/54012

Actions (login required)

View Item View Item