Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal KARMAPATI (Kumpulan Artikel Mahasiswa Pendidikan Teknik Informatika) ISSN: 2252-9063
Nabila Aulia Azizah
Universitas Pendidikan Ganesha
Computer Science & IT Education

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Penetration Testing for Cross-Site Scripting (XSS) Detection Using Penetration Testing Execution Standard (PTES) Methodology: A Case Study of Information Systems in Institution X Nabila Aulia Azizah; Gede Arna Jude Saskara; Gede Saindra Santyadiputra
KARMAPATI (Kumpulan Artikel Mahasiswa Pendidikan Teknik Informatika) Vol. 15 No. 2 (2026): [ONGOING] Karmapati Vol 15 No 2 Tahun 2026
Publisher : Universitas Pendidikan Ganesha

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.23887/karmapati.v15i2.114689

Abstract

Web-based information systems in educational institutions store and process sensitive data, turning them into a perfect target for cybercriminals, particularly Cross-Site Scripting (XSS). This research aims to identify and evaluate XSS vulnerabilities across twelve web-based information systems at Institution X using Penetration Testing Execution Standard (PTES) methodology, combined with grey-box technique and black-box technique, and OWASP Risk Rating Methodology to assess the risk of the vulnerabilities. The testing was conducted by the researcher as an insider tester with student-level access, applying black-box testing for systems inaccessible to students and grey-box testing for systems accessible to students. The combination of automated tools including passive reconnaissance, active reconnaissance and manual testing was employed to minimize false positive and validated the vulnerabilities. The total of eleven XSS vulnerabilities across the twelve tested systems, consist of five Reflected XSS and six Stored XSS. No DOM-Based XSS vulnerabilities were confirmed across all the tested systems. All of identified vulnerabilities were assessed as medium risk based on the OWASP Risk Rating Methodology. These findings demonstrate that XSS vulnerabilities are still present within the educational institution environment indicates that secure input handling was inconsistently implemented across systems. The result highlights the importance of adopting remediation to secure coding practices, implementing proper input sanitization, output encoding, securing HTTP Headers, and Content Security Policy (CSP), as well as conducting regular security assessment to strengthen the overall security posture in an information system within educational institution.
Co-Authors Gede Arna Jude Saskara Gede Saindra Santyadiputra