Website security analysis using penetration testing method

Article Sidebar

PDF
Published: Mar 30, 2025
DOI: https://doi.org/10.35335/idss.v8i1.284
Keywords:
Network security;, Vulnerability;, Penetration, Testing, Website
Issue
Vol. 8 No. 1 (2025): March: Intelligent Decision Support System
Section
Articles
Statistics Article
Article View : 517 Times

Main Article Content

siti anisah
Universitas Indraprasta PGRI, Indonesia
Suwaebatul Aslamiyah
Universitas Indraprasta PGRI, Indonesia

Abstract

Website security is one of the main focuses in information system management, especially with the increasing cyber threats that can damage the integrity and confidentiality of data. One way to identify security gaps through penetration testing is widely used using automated tools to improve efficiency and accuracy. Identifying potential vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and configuration failures in This study involved implementing automated tools on several website tests, where the test results were then analyzed to determine potential security risks. The study found vulnerabilities in the form of Application Error Disclosure, Content Security Policy (CSP), hidden files found, servers leaking information via x-power-by, servers leaking version information via the server, x-content-type-options headers missing, and user agent fuzzier These findings contribute to efforts to improve the quality of automated security testing, as well as optimizing potential threat mitigation actions. Evaluate and disable components that are not needed in production, Disable or restrict closing the “X-Powered-By” and “Server” headers, Check for different responses based on User Agent, and use the HTTPS protocol throughout the application to improve its security

Downloads

Download data is not yet available.

Article Details

How to Cite
Anisah, S. ., & Aslamiyah, S. . (2025). Website security analysis using penetration testing method. Journal of Intelligent Decision Support System (IDSS), 8(1), 1-8. https://doi.org/10.35335/idss.v8i1.284
References
Antasari, I. W. (2020). Membuat Website/Blog Profesional sebagai Sarana Penyebaran Informasi Sekolah. Journal Perpusnas, 24 no.2, 25–30. Https://Ejournal.Perpusnas.Go.Id/Mp/Article/View/10%0
Anugrah Utama, D., & Supardi, R. (2024). Analisis Keamanan Website Menggunakan PTES (Penetration Testing Execution And Standart). Jurnal Media Infotama, 20(0736), 106–112. http://info.cern.ch.
Burhani, L. F., & Priyawati, D. (2024). ANALISIS PENGUJIAN KEAMANAN WEBSITE PENGELOLAAN INTERNET DESA KRAGAN MENGGUNAKAN METODE PENETRATION TESTING EXECUTION STANDARD (PTES). JIPI (Jurnal Ilmiah Penelitian Dan Pembelajaran Informatika), 9(1), 307–319. https://doi.org/10.29100/jipi.v9i1.4455
Christina Sari, N., Solichan, A., Ansor, B., Putra Ramdani, A., Zainudin Al Amin, M., Khaira, M., & Rohman Riquelme Al Ubaidah, A. (2024). Deteksi Kerentanan SQL Injection pada Website Menggunakan Vulnerability Assessment. Journal of Data Insights, 2(1), 9–17. https://doi.org/10.26714/jodi
Fachri, F., Fadlil, A., Riadi, I., Dahlan, A., Jln Soepomo, Y., & Artikel, I. (2021). Analisis Keamanan Webserver Menggunakan Penetration Test. JURNAL INFORMATIKA, 8(2). http://ejournal.bsi.ac.id/ejurnal/index.php/ji
Fadhli, M. (2024). Comprehensive Analysis of Penetration Testing Frameworks and Tools: Trends, Challenges, and Opportunities. 4(June), 15–22.
Guntoro, Costaner, L., & Musfawati. (2020). ANALISIS KEAMANAN WEB SERVER OPEN JOURNAL SYSTEM (OJS) MENGGUNAKAN METODE ISSAF DAN OWASP (STUDI KASUS OJS UNIVERSITAS LANCANG KUNING). JIPI (Jurnal Ilmiah Penelitian Dan Pembelajaran Informatika), 05, 45–55.
Hardani, M. S., & Ramli, K. (2022). Perancangan Manajemen Risiko Keamanan Sistem Informasi Manajemen Sumber Daya dan Perangkat Pos dan Informatika (SIMS) Menggunakan Metode NIST 800-30. JURIKOM (Jurnal Riset Komputer), 9(3), 591. https://doi.org/10.30865/jurikom.v9i3.4181
Hasibuan, A. F., Tommy, & Handoko, D. (2023). Analisis Keretanan Website Dengan Aplikasi Owasp Zap. Jurnal Ilmu Komputer Dan Sistem Informasi (JIRSI), 2, 257. http://creativecommons.org/licenses/by-sa/4.0/
Herman, H., Riadi, I., Kurniawan, Y., & Rafiq, I. A. (2023). Analisis Keamanan Website Menggunakan Information System Security Asessment Framework(ISSAF). Jurnal Teknologi Informatika Dan Komputer, 9(1), 126–136. https://doi.org/10.37012/jtik.v9i1.1439
Natanael, Y., Felicia, R., & Sakti, E. M. S. (2024). Analisis Keamanan Informasi Bagi Pengguna Website Menggunakan Kalilinux Melalui Teknik SQL Injection. Jurnal Ilmiah Teknik Informatika …, 25(1), 123–132.
Nurelasari, E., Gumilang, D., & Farabi, A. (2024). ANALISIS KEAMANAN SISTEM WEBSITE MENGGUNAKAN METODE OPEN WEB APPLICATION SECURITY PROJECT (OWASP) PADA SIMANTEP.ID. Jurnal Mahasiswa Teknik Informatika, 8(3), 3049–3054.
Prihandoyo, M. T. (2020). Unified Modeling Language (UML) Model Untuk Pengembangan Sistem Informasi Akademik Berbasis Web. Jurnal Pengembangan IT (JPIT), 03, No.1, 126–129.
Purnomo, M. D., & Chusyairi, A. (2024). Pengujian Keamanan Sistem Mengunakan Metode Penetration Testing di Website Diskominfostandi Kota Bekasi. Jurnal Ilmiah Sistem Informasi, 1(1), 92–101. https://doi.org/10.69533
Rizkayanti, T., & W, Y. (2023). ANALISIS KEAMANAN WEBSITE SISTEM INFORMASI ADMINISTRASI KEPENDUDUKAN MENGGUNAKAN METODE VULNERABILITY ASSESMENT. Teknologi Informatika Dan Komputer, 1(1), 1–9. https://doi.org/10.xxxxx
Sandag, G. A., Leopold, J., & Ong, V. F. (2020). Klasifikasi Malicious Websites Menggunakan Algoritma K-NN Berdasarkan Application Layers dan Network Characteristics Malicious Websites Classification Using K-NN Algorithm Based on Application Layers and Network Characteristics. Cogito Smart Journal, 4(1).
Setyaningrum, I. (2023). PENGEMBANGAN APLIKASI MONITORING KEAMANAN UNTUK PENGUJIAN CELAH KEAMANAN APLIKASI LAPORAN PELAKSANAAN ANGGARAN BERBASIS WEBSITE DENGAN STANDARISASI OWASP. Researchgate.Net, 10115277.
Simanjuntak, C. P., Dyah Arsanti, U., & Sudarmana, L. (2024). ANALISIS KEAMANAN SISTEM MENGGUNAKAN METODE PENETRATION TESTING PADA WEBSITE. SEMINAR NASIONAL AMIKOM, 1236–1246. https://kekampus.umri.ac.id/.
Sulisnawati, N. (2023). Implementation of Open Web Application Security Project for Penetration Testing on Educational Institution Websites. Jurnal Ilmiah Teknik Elektro Komputer Dan Informatika (JITEKI), 9(2), 250–267. https://doi.org/10.26555/jiteki.v9i2.25987
Rosaliah, Y. T. A., Jayanta, & Hananto, B. (2021). Pengujian Celah Keamanan Website Menggunakan Teknik Penetration Testing dan Metode OWASP TOP 10 pada Website SIM xxx. In Seminar Nasional Mahasiswa Ilmu Komputer dan Aplikasinya (SENAMIKA) Jakarta-Indonesia.
Ujung, A. M., Irwan, M., & Nasution, P. (2023). Pentingnya Sistem Keamanan Database untuk melindungi data pribadi. JISKA: Jurnal Sistem Informasi Dan Informatika, 1(2), 44. http://jurnal.unidha.ac.id/index.php/jteksis
Umasugi, M. R., Satra, R., Widya, A., & Gaffar, M. (2024). Analisis Keamanan Website dengan Metode Penetration Testing pada PT. PLN (Persero). Literatur Informatika & Komputer, 1(3), 293–301. https://doi.org/10.33096/linier.vxix.xxxx

Copyright and Licensing
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.