Claim Missing Document
Check
Articles

Found 1 Documents
Search

Vulnerabilities assessment of a web-based human resources management system using a penetration testing approach (hrms.tic.gov.tl) Idalia Francisca Viegas; Kadek Yota Ernanda Aryanto; I Ketut Resika Arthana
Priviet Social Sciences Journal Vol. 6 No. 5 (2026): May 2026
Publisher : Privietlab

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.55942/pssj.v6i5.1801

Abstract

This study presents mini penetration testing assessment conducted on the Human Resource Management System (HRMS) hosted at https://hrms.tic.gov.tl.  This assessment aims to evaluate the security level of the system by considering the aspects of Confidentiality, Integrity, and Availability (CIA) through several processes, including reconnaissance, vulnerability scanning, and security configuration analysis. The assessment process was conducted using various automated security tools such as Nuclei, Nmap, Subfinder, and Acunetix to identify potential security weaknesses within the web application environment. The testing activities were conducted on November 2025 using passive and semi-active approaches without exploitation activities, in accordance with ethical considerations, organizational authorization, and operational security boundaries. The assessment identified several Low and Informational findings related to missing security headers, insecure cookie configurations, and weak client-side security settings. Although no High or Critical vulnerabilities were identified, the findings should not be interpreted as evidence that the system is fully secure because the assessment scope did not include exploitation or internal infrastructure testing. The results indicate that additional hardening, preventive controls, and continuous security governance mechanisms are still necessary to strengthen the overall security posture of the HRMS environment. Recommendations based on ISO/IEC 27001, Zero Trust principles, and Web Application Firewall protection are proposed to improve organizational cybersecurity resilience.