Penetration Testing Pada Sistem Informasi Jabatan Universitas Hayam Wuruk Perbanas
DOI:
https://doi.org/10.22441/incomtech.v12i2.15093Abstract
Keamanan pada sisi server merupakan salah satu upaya untuk mencegah terjadinya pembobolan sistem oleh pihak yang tidak bertanggung jawab. Pencegahan dapat dilakukan oleh sistem administrator untuk melindungi informasi pengguna dengan terlebih dahulu melakukan pengujian. Universitas Hayam Wuruk Perbanas menyimpan data-data dari pihak-pihak yang mempunyai jabatan seperti data mahasiswa, keuangan, penjaminan mutu dan lain-lain karena menjadi bagian kelangsungan proses bisnis perguruan tinggi. Sehingga data-data tersebut bersifat penting. Berbagai macam ancaman serangan yang berpotensi dihadapi seperti Cross Site Scripting (XSS), Denial of Services, SQL Injection dan lain sebagainya. Oleh sebab itu dilakukan pengujian untuk mengetahui kelemahan-kelemahan domain jabatan. Pihak pengelola menginginkan pengujian berfokus pada perangkat lunak dan informasi awal yang diberikan hanya alamat domain sehingga pengujian dilakukan dengan metode berjenis black box. Keunggulan metode tersebut berfokus pada pengujian kualitas perangkat lunak seperti untuk menemukan kesalahan pada struktur data dan fungsi sistem. Pengujian dilakukan dengan menggunakan beberapa tools seperti NMAP dan Acunetix. Hasil yang diperoleh ditemukan beberapa celah keamanan pada sistem seperti celah XSS yang dapat merubah tampilan. Selain itu shell backdoor masih dapat diunggah pada form dengan ekstensi pdf. Adapun domain jabatan belum mempunyai sertifikat SSL sehingga lalu lintas data dapat terbaca. Temuan-temuan tersebut sebagai masukan ke pengelola sistem agar dilakukan perbaikan. Penelitian selanjutnya dapat menggunakan metode white box yang membuat penguji dapat menguji tahapan yang belum tarcapai dengan metode black box dengan secara lebih dalam dan menyeluruh.
Downloads
References
I. Riadi, A. Yudhana, and M. C. F. Putra, “Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method,” Sci. J. Inform., vol. 5, no. 2, pp. 235–247, 2018, doi: 10.15294/sji.v5i2.16545.
E. Kurniawan and I. Riadi, “Security level analysis of academic information systems based on standard ISO 27002: 2003 using SSE-CMM,” ArXiv Prepr. ArXiv180203613, 2018, doi: 10.48550/arXiv.1802.03613.
F. Fachri, A. Fadlil, and I. Riadi, “Analisis Keamanan Webserver Menggunakan Penetration Test,” J. Inform., vol. 8, no. 2, pp. 183–190, 2021, doi: 10.31294/ji.v8i2.10854.
M. Nurudin, W. Jayanti, R. D. Saputro, M. P. Saputra, and Y. Yulianti, “Pengujian Black Box pada Aplikasi Penjualan Berbasis Web Menggunakan Teknik Boundary Value Analysis,” J. Inform. Univ. Pamulang, vol. 4, no. 4, pp. 143–148, 2019, doi: 10.32493/informatika.v4i4.3841.
R. Pangalila, A. Noertjahyana, and J. Andjarwirawan, “Penetration Testing Server Sistem Informasi Manajemen dan Website Universitas Kristen Petra,” J. Infra, vol. 3, no. 2, pp. 271–276, 2015.
S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),” J. Algoritma, vol. 18, no. 1, pp. 77–86, 2021, doi: 10.33364/algoritma/v.18-1.827.
S. Sahren, R. A. Dalimuthe, and M. Amin, “Penetration Testing Untuk Deteksi Vulnerability Sistem Informasi Kampus,” in Prosiding Seminar Nasional Riset Information Science (SENARIS), 2019, vol. 1, pp. 994–1001, doi: 10.30645/senaris.v1i0.109.
S. R. Zeebaree, K. Jacksi, and R. R. Zebari, “Impact analysis of SYN flood DDoS attack on HAProxy and NLB cluster-based web servers,” Indones J Electr Eng Comput Sci, vol. 19, no. 1, pp. 510–517, 2020, doi: 10.11591/ijeecs.v19.i1.pp505-512.
F. C. Ningrum, D. Suherman, S. Aryanti, H. A. Prasetya, and A. Saifudin, “Pengujian Black Box pada Aplikasi Sistem Seleksi Sales Terbaik Menggunakan Teknik Equivalence Partitions,” J. Inform. Univ. Pamulang, vol. 4, no. 4, pp. 125–130, 2019, doi: 10.32493/informatika.v4i4.3782.
R. Sahtyawan, “Penerapan zero entry hacking didalam security misconfiguration pada VAPT (vulnerability assessment and penetration testing),” J. Inf. Syst. Manag. JOISM, vol. 1, no. 1, pp. 18–22, 2019, doi: 10.24076/joism.2019v1i1.18.
A. R. Kelrey and A. Muzaki, “Pengaruh Ethical Hacking Bagi Keamanan Data Perusahaan,” Cyber Secur. Dan Forensik Digit., vol. 2, no. 2, pp. 77–81, 2019, doi: 10.14421/csecurity.2019.2.2.1625.
D. Wahyudi, “Keamanan Jaringan Komputer: Reconnaissance,” Keamanan Jar. Komput. Reconnaiss., vol. 7, no. 7, pp. 1–7, 2017.
Balbix, “What is Vulnerability Scanning,” Balbix, Jan. 24, 2020. https://www.balbix.com/insights/what-is-vulnerability-scanning/ (accessed Feb. 09, 2022).
H. Herdianti and F. Umar, “Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning,” INFORMAL Inform. J., vol. 5, no. 2, pp. 43–48, 2020 doi: 10.19184/isj.v5i2.18941.
F. Wibowo, H. Harjono, and A. P. Wicaksono, “Uji Vulnerability pada Website Jurnal Ilmiah Universitas Muhammadiyah Purwokerto Menggunakan OpenVAS dan Acunetix WVS,” J. Inform., vol. 6, no. 2, pp. 212–217, 2019 doi: 10.31294/ji.v6i2.5925.
H. Azis and F. Fattah, “Analisis Layanan Keamanan Sistem Kartu Transaksi Elektronik Menggunakan Metode Penetration Testing,” Ilk. J. Ilm., vol. 11, no. 2, pp. 167–174, 2019, doi: 10.33096/ilkom.v11i2.447.167-174.
B. V. Tarigan, A. Kusyanti, and W. Yahya, “Analisis Perbandingan Penetration Testing Tool Untuk Aplikasi Web,” J. Pengemb. Teknol. Inf. Dan Ilmu Komput. E-ISSN, vol. 2548, p. 964X, 2017.
Downloads
Published
How to Cite
Issue
Section
License
The copyright to this article is transferred to Universitas Mercu Buana (UMB) if and when the article is accepted for publication. The undersigned hereby transfers any and all rights in and to the paper including without limitation all copyrights to UMB. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment.
We declare that:
1. This paper has not been published in the same form elsewhere.
2. It will not be submitted anywhere else for publication prior to acceptance/rejection by this Journal.
3. A copyright permission is obtained for materials published elsewhere and which require this permission for reproduction.
Furthermore, I/We hereby transfer the unlimited rights of publication of the above mentioned paper in whole to UMB. The copyright transfer covers the exclusive right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online) or any other reproductions of similar nature.
The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.
Retained Rights/Terms and Conditions
1. Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
2. Authors may reproduce or authorize others to reproduce the Work or derivative works for the authors personal use or for company use, provided that the source and the UMB copyright notice are indicated, the copies are not used in any way that implies UMB endorsement of a product or service of any employer, and the copies themselves are not offered for sale.
3. Although authors are permitted to re-use all or portions of the Work in other works, this does not include granting third-party requests for reprinting, republishing, or other types of re-use.
