Analisis Keamanan Website SMA Negeri 2 Sumbawa Besar Menggunakan Metode Penetration Testing (Pentest)
- Yudi Mulyanto Universitas Teknologi Sumbawa, Sumbawa, Indonesia
-
Mohammad Taufan Asri Zaen
*
STMIK Lombok, Lombok Tengah,
Indonesia
https://orcid.org/0000-0002-9640-1735
- Yuliadi Yuliadi Universitas Teknologi Sumbawa, Sumbawa, Indonesia
- Safwan Sihab Universitas Teknologi Sumbawa, Sumbawa, Indonesia (*) Corresponding Author
Abstract
Website security is becoming a very important aspect along with the increasing volume of data exchanged on the internet. High School 2 Sumbawa Besar provides information on a website, both information for school introductions or information related to schools can be through several media. Some time ago the school's website was attacked by information criminals who caused the appearance of the website to change and steal some important school data. Weak website security systems can be easy targets for cyber criminals. They know various ways to get into the website security system and perform various actions that can harm the organization. Based on the conditions that occurred on the school's website, a research was conducted to analyze the level of security and look for loopholes in the weaknesses of the High School 2 Sumbawa Besar website. In this analysis, researchers tested the school's website using the Penetration Testing method. Test is carried out in several stages, namely Footprinting, Scanning Fingerprinting, Exploit and Reporting. The process of testing the website security of High School 2 Sumbawa Besar found several loopholes that detected 13 sub-file vulnerabilities with low and medium status. Results of this study are the results of security testing in the form of a list of vulnerabilities that can be a recommendation for the school in improving website security.
Downloads
References
R. Rodianto, I. Idham, Y. Yuliadi, M. T. A. Zaen, and W. Ramadhan, “Penerapan Network Development Life Cycle (NDLC) Dalam Pengembangan Jaringan Komputer Pada Badan Pengelolaan Keuangan dan Aset Daerah (BPKAD) Provinsi NTB,” J. Ilm. FIFO, vol. 14, no. 1, p. 35, 2022, doi: 10.22441/fifo.2022.v14i1.004.
J. R. Situmorang, “Pemanfaatan Internet Sebagai New Media Dalam Bidang Politik, Bisnis, Pendidikan dan Sosial Budaya,” J. Adm. Bisnis, vol. 8, no. 1, pp. 77–91, 2012, doi: 10.26593/jab.v8i1.418.
M. Reni Sehaffudin, N. Indrihastuti, and E. Gunawan, “Pengisi Air Minum Otomatis Dengan Gelas Khusus Berbasis Arduino Uno,” Cahaya Bagaskara J. Ilm. Tek. Elektron., vol. 2, no. 1, pp. 17–23, 2017, [Online]. Available: https://journal.trunojoyo.ac.id/jim/article/download/3958/2883
M. H. Ali, “Cyber Crime Menurut Undang-Undang Republik Indonesia Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik (Perspektif Hukum Pidana Islam),” UIN ALAUDDIN MAKASSAR, 2012. [Online]. Available: http://repositori.uin-alauddin.ac.id/5756/1/Tesis_Moh. Haidar Ali_opt.pdf
F. Fachri, A. Fadlil, and I. Riadi, “Analisis Keamanan Webserver menggunakan Penetration Test,” J. Inform., vol. 8, no. 2, pp. 183–190, 2021, doi: 10.31294/ji.v8i2.10854.
I. Riadi, A. Yudhana, and Y. W, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment,” J. Teknol. Inf. dan Ilmu Komput., vol. 7, no. 4, p. 853, 2020, doi: 10.25126/jtiik.2020701928.
I. SMANDA, “Website SMANDA Laman Resmi SMA Negeri 2 Sumbawa Besar,” 2018. https://sman2sumbawabesar.sch.id/ (accessed Jan. 23, 2018).
B. Wicaksono, Y. R. Kusumaningsih, and C. Iswahyudi, “Pengujian Celah Keamanan Aplikasi Berbasis Web Menggunakan Teknik Penetration Testing Dan Dast (Dynamic Application Security Testing),” Jarkom, vol. 8, no. 1, pp. 1–9, 2020, [Online]. Available: http://bagusw.win.
I. G. A. S. Sanjaya, G. M. A. Sasmita, and D. M. S. Arsa, “Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF,” J. Ilm. Merpati (Menara Penelit. Akad. Teknol. Informasi), vol. 8, no. 2, p. 113, 2020, doi: 10.24843/jim.2020.v08.i02.p05.
F. Yudha, A. Muhammad, and P. Muryadi, “Perancangan Aplikasi Pengujian Celah Keamanan Pada Aplikasi Berbasis Web,” vol. 1, no. 1, pp. 1–6, 2018, [Online]. Available: https://ejournal.uin-suka.ac.id/saintek/cybersecurity/article/view/1101/1153
Y. Yunanri.W, Doddy Teguh Yuwono, Rodianto and 134Program, “Deteksi Serangan Vulnerability Pada Open Jurnal System Menggunakan Metode Black-Box,” J. Dea Mas, vol. 4, no. 1, pp. 68–77, 2021, [Online]. Available: www.uts.ac.id
Y. C. Ika Yusnita Sari, Muttaqin, Jamaludin, Janner Simarmata, M. Arif Rahman, AKbar Iskandar, ANdrew Fernando Pakpahan, Abdul Karim, Sugianto, Keamanan Data dan Informasi, Cetakan 1. Yayasan Kita Menulis. [Online]. Available: https://www.google.co.id/books/edition/Keamanan_Data_dan_Informasi/WFoMEAAAQBAJ?hl=en&gbpv=1&dq=keamanan+data+dan+informasi&pg=PA96&printsec=frontcover
A. M. Elu, “Rancang Bangun Aplikasi Pendeteksian Vulnerability Structured Query Language (SQL) Injection Untuk Keamanan Website,” J. Teknol. Inf., vol. VII, no. 1, pp. 111–124, 2013, [Online]. Available: https://jti.respati.ac.id/index.php/jurnaljti/article/download/53/46
D. K. Abdul Kholiq, “Analisis Keamanan Wireless Local Area Network (WLAN) Dengan Metode Penetration Testing Execution Standard (PTES) (Studi Kasus : PT. Win Prima Logistik),” 46 J. Ilm. Fak. Tek. LIMIT’S Vol.15, vol. 15, no. 1, pp. 46–55, 2019, [Online]. Available: https://teknik.usni.ac.id/jurnal/ABDUL KHOLIQ.pdf
B. V. Tarigan, A. Kusyanti, and W. Yahya, “Analisis Perbandingan Penetration Testing Tool Untuk Aplikasi Web,” J. Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 1, no. 3, pp. 206–214, 2017, [Online]. Available: http://j-ptiik.ub.ac.id/index.php/j-ptiik/article/download/73/37
F. Y. Fauzan, “Analisis Metode Web Security PTES ( Penetration Testing Execution And Standart ) Pada Aplikasi E-Learning Universitas Negeri Padang dari keamanan web adalah sebanyak 96 dengan disimpulkan Acunetix Threat Level 2 yaitu pada level Medium yang artinya tidak,” J. Vocat. Tek. Elektron. dan Inform., vol. 9, no. 2, 2021, [Online]. Available: http://ejournal.unp.ac.id/index.php/voteknika/article/download/111778/105248
Bila bermanfaat silahkan share artikel ini
Berikan Komentar Anda terhadap artikel Analisis Keamanan Website SMA Negeri 2 Sumbawa Besar Menggunakan Metode Penetration Testing (Pentest)
Pages: 202-209
Copyright (c) 2022 Yudi Mulyanto, Mohammad Taufan Asri Zaen, Yuliadi Yuliadi, Safwan Sihab
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).
