Pengembangan Keamanan Website Menggunakan Teknik Penetration Testing dan DAST (Dynamic Application Security Testing)
نویسندگان
چکیده
Artikel ini bertujuan untuk melakukan pengembangan sistem keamanan website, dengan menggunakan Teknik Penetration Testing dan DAST (Dynamic Application Security Testing). Solusi dalam meminimalisir peretasan. penulis menciptakan plugin noInjection bahan uji coba website db.essajaka.web.id. ditulis metode kualitatif, melalui pengumpulan data yang berupa Observasi, Wawancara Studi Pustaka. Langkah dilakukan yaitu Scope (menentukan ruang lingkup), Reconnaissance (pengumpulan informasi tentang web), Vulnerability Detaction (pencarian celah target), Information Analysis and Planning (perencanaan pengujian), (serangan terhadap target berdasarkan analisis perencanaan), Pengembangan System Keamanan. Sumber primer artikel adalah beberapa buku, jurnal relevan tema. Hasil dari penilitian dengan- teknik- (Dynamic-Application Testing) di- db.essajaka.web.id terdapat dua celah,yaitu Cross Side Scripting, Sql Injection testing teknik masuknya sebuah karakter (‘) pada id ada di url terakhir akan mendapatkan maslaah (error) query database dapat dilihat aplikasi browser. Evaluasi menambahkan website.
منابع مشابه
Penetration Testing for Libyan Government Website
APSTRACT: The study explores the security issues in the Libyan Government websites focusing on assessing the vulnerability and security weaknesses of various websites of the Libyan Government ministries. The study is divided into three stages. In the first stage, literature review was conducted to understand the nature of the problem. Data were collected in the second and third stage of study. ...
متن کاملOptimal Information Security Investment with Penetration Testing
Penetration testing, the deliberate search for potential vulnerabilities in a system by using attack techniques, is a relevant tool of information security practitioners. This paper adds penetration testing to the realm of information security investment. Penetration testing is modeled as an information gathering option to reduce uncertainty in a discrete time, finite horizon, player-versus-nat...
متن کاملPenetration Testing: A Roadmap to Network Security
Network penetration testing identifies the exploits and vulnerabilities those exist within computer network infrastruc‐ ture and help to confirm the security measures. The objective of this paper is to explain methodology and methos behind penetra‐ tion testing and illustrate remedies over it, which will provide substantial value for network security Penetration testing should model r...
متن کاملSecurity testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملPenetration Testing
The TCB shall be found resistant to penetration. Near flawless penetration testing is a requirement for high-rated secure systems — those rated above B1 based on the Trusted Computer System Evaluation Criteria (TCSEC) and its Trusted Network and Database Interpretations (TNI and TDI). Unlike security functional testing, which demonstrates correct behavior of the product's advertised security co...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Media jurnal informatika
سال: 2022
ISSN: ['2477-2542']
DOI: https://doi.org/10.35194/mji.v14i2.2546