Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal Ilmiah Wahana Pendidikan
Rona Febriana
Unknown Affiliation
Religion Education Social Sciences Other

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Blackbox Testing Sistem Informasi Absensi Pegawai Karawang Dengan Metode Top 10 Owasp Attack Rona Febriana
Jurnal Ilmiah Wahana Pendidikan Vol 8 No 12 (2022): Jurnal Ilmiah Wahana Pendidikan
Publisher : Peneliti.net

Show Abstract | Download Original | Original Source | Check in Google Scholar | Full PDF (214.954 KB) | DOI: 10.5281/zenodo.6945632

Abstract

Website-based applications have recently been widely used by the public. As a result, there are more and more data leaks in several website-based applications. In 2021 alone, there have been several cases, such as BPJS Kesehatan which experienced a population data leak of 279 million. Data leaks can occur due to various factors such as Human Error or lack of knowledge of company staff on data privacy. Then another factor is malicious software or what we usually call malware. A software that is inserted into the system to damage and steal important data. Entering malware into the system is very difficult if done manually, therefore usually this malware is entered through the internet network. In this study, the methodology used is Penetration Testing from OWASP with a specific method, namely Penetration Testing Execution Standard (PTES) which was adapted from a group of information security practitioners. After conducting tests to find vulnerabilities in the Employee Attendance Information System using the OWASP TOP 10 (2021) method, 3 categories of vulnerabilities were found, namely Identification and Authentication Failures with medium severity, Insecure Design with low severity, and Security Misconfiguration with critical severity. It is recommended that in the future attack techniques are carried out other than using available applications/tools (open source/official tools), namely social engineering, email spamming, etc.
Co-Authors