Optimalisasi dalam Penetrasi Testing Keamanan Website Menggunakan Teknik SQL Injection dan XSS

Risky, Muhammad Arif Zikir; Yuhandri, Y

doi:10.37034/jsisfotek.v3i4.68

Cited by 2 publications

(5 citation statements)

References 16 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Injeksi SQL dilakukan dengan memodifikasi perintah SQL di formulir masukan aplikasi, memungkinkan penyerang mengirim sintaks ke basis data aplikasi. [8] Hal ini memungkinkan penyerang untuk melihat data yang tidak perlu mereka lihat, seperti data yang dimiliki oleh pengguna lain atau data lain yang dapat diakses oleh aplikasi itu sendiri. Dalam beberapa kasus, pelaku dapat mengubah atau menghapus data dan melakukan perubahan pada konten atau aplikasi.…”

Section: Penetration Testingunclassified

“…Penetration test akan menggunakan url https://db.essajaka.web.id/app/tampilprofil?id=1, ketika mencoba menambahkan karakter (') setelah angka 1, querynya memberikan kesalahan dan ditampilkan di browser. [8] Jika kesalahan seperti itu terjadi, itu tidak akan ditampilkan kepada pengguna. Ini karena ketika terjadi kesalahan dalam query basis data dan ditampilkan di browser, pengguna akan dapat melihat salah satu nama tabel.…”

Section: Gambar 6 Tampilan Dashboard Admin Ketika Berhasil Login Meng...unclassified

“…Contohnya : https://db.essajaka.web.id/app/tampilprofil?id=1%27 +and+0+/*!12345union*/+select+1,2,3,4,make_set( 6,@:=0x0a,(select(1)from(information_schema./**/c olumns)where@:=make_set(511,@,0x3c6c693e,0x 5b20,table_schema,0x205d2d2d3e20,table_name,0x3 a3a,column_name)),@), 6,7,8,9,10,11,12…”

Section: Gambar 6 Tampilan Dashboard Admin Ketika Berhasil Login Meng...mentioning

confidence: 99%

See 2 more Smart Citations

Pengembangan Keamanan Website Menggunakan Teknik Penetration Testing dan DAST (Dynamic Application Security Testing)

Abdillah

Khoriyah

Abqariy

et al. 2022

MJI

View full text Add to dashboard Cite

This article aims to develop a website security system, using Penetration Testing and DAST (Dynamic Application Security Testing) techniques. Solutions to minimize hacking. the author created the noInjection plugin using the test material for the db.essajaka.web.id website. This article was written using the quantitative method by formulating the background, formulating the problem, determining the theoretical basis, formulating hypotheses, and collecting data. The steps taken by the author are through Scope (determining the scope), Reconnaissance (collecting information about the web), Vulnerability Detaction (searching for target security holes), Information Analysis and Planning (testing planning), Penetration Testing (attacks on targets based on analysis and planning) , Security System Development. The primary data sources in this article are several books and journals that are relevant to the theme. The results of this research are website security with the DAST (Dynamic Application Security Testing) technique on the db.essajaka.web.id website, there are two loopholes, namely Cross Side Scripting, and Sql Injection in Penetration testing which uses the Sql Injection technique through entering a character ( ') in the id in the last url and will get an error in the database query which can be seen in the browser application. Evaluation that can be done is to add the noInjection plugin to the website application.

show abstract

Section: Penetration Testingunclassified

Section: Gambar 6 Tampilan Dashboard Admin Ketika Berhasil Login Meng...unclassified

Section: Gambar 6 Tampilan Dashboard Admin Ketika Berhasil Login Meng...mentioning

confidence: 99%

See 1 more Smart Citation

Pengembangan Keamanan Website Menggunakan Teknik Penetration Testing dan DAST (Dynamic Application Security Testing)

Abdillah

Khoriyah

Abqariy

et al. 2022

MJI

View full text Add to dashboard Cite

show abstract

“…Therefore, according to [1], [6], and [7] penetration testing is very necessary to be able to find out the security holes that exist in a system in order to improve a system, including the website system. Penetration testing itself is an activity to evaluate the security of a system.…”

Section: Introductionmentioning

confidence: 99%

“…Research conducted by [8] uses the ISSAF framework to analyze website security, according to him, the ISSAF framework is suitable for doing penetration testing on websites because there are structured guidelines so that testing gets complete and clear directions. While the research conducted by [6] and [9] used the OSSTMM framework as a penetration testing method. The OSSTMM framework is considered better and more thorough in penetration testing because it is comprehensive globally because it does work on the front-end.…”

Section: Introductionmentioning

confidence: 99%

Analysis and Implementation of the ISSAF Framework on OSSTMM on Website Security Vulnerabilities Testing in Polinema

Nabila

Mas’udia

Saptono

2023

Jartel

View full text Add to dashboard Cite

Along with the increasing number of websites circulating on the Internet, the security holes that arise are also increasing. The Electrical Engineering Department's website is no exception, especially on the Electrical Engineering Department's website which has never been audited to scan for security holes on the Electrical Engineering Department's website so the level of reliability of the Electrical Engineering Department's website cannot be known. On this basis, a study entitled "Analysis and Implementation of the ISSAF Framework for OSSTMM in Testing Website Security Gaps at Polynema" will be carried out. In this study, the authors tested security holes on the website at Polinema using the ISSAF and OSSTMM frameworks to scan for security holes on the Electrical Engineering Network website. Then from the test results, recommendations will be given to website managers to overcome existing security holes. Before giving recommendations, the author will try to update website security and re-test the updated website. This is done to prove whether updates made to website security can work effectively in overcoming security holes that were previously found. Based on the research that has been done, it is known that on the Electrical Engineering Department's website there are 21 security holes with 7 of them at medium level when testing for security holes using the ISSAF framework. And there are 17 security holes when testing security holes using the OSSTMM framework. The security holes include 10 open ports, DoS, brute-force, and there are security holes in the library used.

show abstract

Optimalisasi dalam Penetrasi Testing Keamanan Website Menggunakan Teknik SQL Injection dan XSS

Cited by 2 publications

References 16 publications

Pengembangan Keamanan Website Menggunakan Teknik Penetration Testing dan DAST (Dynamic Application Security Testing)

Pengembangan Keamanan Website Menggunakan Teknik Penetration Testing dan DAST (Dynamic Application Security Testing)

Analysis and Implementation of the ISSAF Framework on OSSTMM on Website Security Vulnerabilities Testing in Polinema

Contact Info

Product

Resources

About