Article Per Year (5 Year)
p-Index From 2020 - 2025
0.817
P-Index
This Author published in this journals
All Journal Edu Komputika Journal Teknika Jurnal Pelita Pengabdian
Sunaringtyas, Septia Ulfa
Unknown Affiliation
Religion Aerospace Engineering Agriculture, Biological Sciences & Forestry Humanities Astronomy Civil Engineering, Building, Construction & Architecture Computer Science & IT Education Electrical & Electronics Engineering Engineering

Published : 4 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 4 Documents
Search

 1 
Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On Sunaringtyas, Septia Ulfa; Prayoga, Djodi Surya
Edu Komputika Journal Vol 8 No 1 (2021): Edu Komputika Journal
Publisher : Jurusan Teknik Elektro Universitas Negeri Semarang

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.15294/edukomputika.v8i1.47179

Abstract

Increasing the use of single sign-on technology by electronic-based service providers in addition to providing benefits also creates vulnerability. Penetration testing needed to identify vulnerabilities and test system security by exploiting those vulnerabilities. This research implements the Penetration Testing Execution Standard (PTES) for penetration testing of single singn-on services. Seven stages of the penetration test had done and 12 vulnerabilities were identified, consisting of 3 medium vulnerabilities, 6 low vulnerabilities and 3 information vulnerabilities. Six cyberattacks have been carried out to exploit the vulnerability with the result of 3 successful attacks and 3 failed attacks. Based on the results of the vulnerability and exploitation analysis, recommendations are given consist of regular updating and patching efforts, configuration of the CSP header and content-type-option header on the web server and application server, validation of the host header configuration, x-content-type-options header and deactivation. x-forwarded- hosted on every web page, configure 'secure' flag on cookies, add metacharacter filter feature in source code, and limit login attempts. The results of the PTES’s implementation are proven to make it easier for testers to carry out penetration tests and effectively prevent disputes between testers and clients due to differences in the scope of testing.
Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On Sunaringtyas, Septia Ulfa; Prayoga, Djodi Surya
Edu Komputika Journal Vol 8 No 1 (2021): Edu Komputika Journal
Publisher : Jurusan Teknik Elektro Universitas Negeri Semarang

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.15294/edukomputika.v8i1.47179

Abstract

Increasing the use of single sign-on technology by electronic-based service providers in addition to providing benefits also creates vulnerability. Penetration testing needed to identify vulnerabilities and test system security by exploiting those vulnerabilities. This research implements the Penetration Testing Execution Standard (PTES) for penetration testing of single singn-on services. Seven stages of the penetration test had done and 12 vulnerabilities were identified, consisting of 3 medium vulnerabilities, 6 low vulnerabilities and 3 information vulnerabilities. Six cyberattacks have been carried out to exploit the vulnerability with the result of 3 successful attacks and 3 failed attacks. Based on the results of the vulnerability and exploitation analysis, recommendations are given consist of regular updating and patching efforts, configuration of the CSP header and content-type-option header on the web server and application server, validation of the host header configuration, x-content-type-options header and deactivation. x-forwarded- hosted on every web page, configure 'secure' flag on cookies, add metacharacter filter feature in source code, and limit login attempts. The results of the PTES’s implementation are proven to make it easier for testers to carry out penetration tests and effectively prevent disputes between testers and clients due to differences in the scope of testing.
Cyberaksi 3.0 Empowering Cybersecurity Skill Arizal; Amiruddin; Priambodo, Dimas Febriyan; Sidabutar, Jeckson; Hikmah, Ira Rosianal; Sunaringtyas, Septia Ulfa; Yulita, Tiyas
Jurnal Pelita Pengabdian Vol. 2 No. 2 (2024): Juli 2024
Publisher : DPPM Universitas Pelita Bangsa

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.37366/jpp.v2i2.4870

Abstract

Kesadartahuan terhadap keamanan siber menjadi salah satu hal yang perlu dimiliki oleh masyarakat seiring dengan perkembangan teknologi yang semakin pesat. Salah satunya pemanfaatan teknologi jaringan 5G selain meningkatkan kualitas layanan berbasis internet, juga memberikan ancaman baru yang patut diwaspadai. Program kesadartahuan dilaksanakan untuk meningkatkan pengetahuan dan kepedulian masyarakat terkait pemanfaatan teknologi 5G, berbagai ancaman keamanan siber yang muncul akibat adanya teknologi ini serta rekomendasi aksi yang bisa dilaksakan untuk memitigasi risiko yang muncul. Program pengabdian masyarakat ini disampaikan dalam bentuk webinar dilengkapi dengan workshop Capture The Flag untuk meningkatkan kemampuan peserta mengidentifikasi kerawanan. Dari hasil analisis pretest-posttest sejumlah 544 peserta, dinyatakan bahwa program kesadartahuan Cyberaksi 3.0 dengan tema empowering cybersecurity skill efektif meningkatkan pengetahuan peserta dengan nilai t_((0,025;107))=1,98.
Security Testing of XYZ Website Application Using ISSAF and OWASP WSTG v4.2 Methods Yusuf, Muhammad Firdaus; Hikmah, Ira Rosianal; Amiruddin; Sunaringtyas, Septia Ulfa
Teknika Vol. 14 No. 1 (2025): March 2025
Publisher : Center for Research and Community Service, Institut Informatika Indonesia (IKADO) Surabaya

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.34148/teknika.v14i1.1156

Abstract

The research focuses on improving the security of information systems in ABC City, specifically on the XYZ website application developed by the Communication and Informatics Office ABC to assist in governmental administration and manage various critical data. This study is motivated by the high incidence of cybersecurity threats in the governmental administration sector, as reported by Badan Siber dan Sandi Negara in November 2023. The primary objective of this research is to identify security vulnerabilities within the XYZ website application. The research employs the Information Systems Security Assessment Framework (ISSAF) as the primary security testing framework and the OWASP Web Security Testing Guide (WSTG) version 4.2 as the guide for the penetration testing phase, one of the stages in ISSAF for validating vulnerabilities. Validated vulnerabilities are further assessed for severity using the OWASP Risk Rating guidelines to estimate the risk and impact of potential attacks on the Communication and Informatics Office ABC. The research methodology uses a black-box testing approach. To ensure a structured approach, it provides security recommendations using the SMAACT method. This research includes a report on the identified vulnerabilities and recommendations that the Communication and Informatics Office ABC can implement to address these vulnerabilities. The findings of this study are expected to provide insights into existing security vulnerabilities within the website application and practical recommendations for improvement, benefiting both the practical context of enhancing information security at the Communication and Informatics Office ABC and the theoretical context as a reference for similar future research.
Co-Authors Amiruddin Dimas Febriyan Priambodo Ira Rosianal Hikmah Jeckson Sidabutar Prayoga, Djodi Surya Tiyas Yulita Yusuf, Muhammad Firdaus