Article Per Year (5 Year)
p-Index From 2021 - 2026
7.03
P-Index
This Author published in this journals
All Journal Syntax Jurnal Informatika CommIT (Communication & Information Technology) Scan : Jurnal Teknologi Informasi dan Komunikasi Proceeding International Conference on Information Technology and Business Jurnal Teknologi Informasi dan Ilmu Komputer International conference on Information Technology and Business (ICITB) Jurnal Sistem Informasi dan Bisnis Cerdas Informatika Mulawarman: Jurnal Ilmiah Ilmu Komputer INTEGER: Journal of Information Technology JIEET (Journal of Information Engineering and Educational Technology) JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika) JASIEK (Jurnal Aplikasi Sains, Informasi, Elektronika dan Komputer) Jurnal Teknologi Informasi dan Multimedia Jurnal Informatika dan Rekayasa Elektronik bit-Tech Journal of Appropriate Technology for Community Services JATI (Jurnal Mahasiswa Teknik Informatika) CICES (Cyberpreneurship Innovative and Creative Exact and Social Science) Jurnal Layanan Masyarakat (Journal of Public Service) Jifosi Nusantara Science and Technology Proceedings International Journal Of Computer, Network Security and Information System (IJCONSIST) KERNEL: Jurnal Riset Inovasi Bidang Informatika dan Pendidikan Informatika Abdimas Altruis: Jurnal Pengabdian Kepada Masyarakat Jurnal Informatika Dan Tekonologi Komputer (JITEK) East Asian Journal of Multidisciplinary Research (EAJMR) Jurnal Teknik Informatika dan Teknologi Informasi Jurnal Krisnadana JUSIFOR : Jurnal Sistem Informasi dan Informatika Jurnal Pepadu Jurnal Ilmiah Teknik Informatika dan Komunikasi Jurnal Krisnadana Jurnal Informatika Polinema (JIP) Router : Jurnal Teknik Informatika dan Terapan Bridge: Jurnal Publikasi Sistem Informasi dan Telekomunikasi Repeater: Publikasi Teknik Informatika dan Jaringan Prosiding Seminar Nasional Ilmu Teknik Router : Jurnal Teknik Informatika dan Terapan Jurnal Informatika Dan Tekonologi Komputer
Henni Endah Wahanani
Unknown Affiliation
Religion Agriculture, Biological Sciences & Forestry Humanities Chemical Engineering, Chemistry & Bioengineering Civil Engineering, Building, Construction & Architecture Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Economics, Econometrics & Finance Education Electrical & Electronics Engineering Engineering Environmental Science Industrial & Manufacturing Engineering Languange, Linguistic, Communication & Media Law, Crime, Criminology & Criminal Justice Library & Information Science Materials Science & Nanotechnology Mathematics Mechanical Engineering Medicine & Pharmacology Social Sciences Other

Published : 81 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 81 Documents
Search

 5   6   7   8   9 
Uncovering Hidden Security Risks in Government Web Portals Using Penetration Testing and Attack Modeling Salsabila, Belia Putri; Endah Wahanani, Henni; Junaidi, Achmad
bit-Tech Vol. 8 No. 3 (2026): bit-Tech
Publisher : Komunitas Dosen Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.32877/bt.v8i3.3776

Abstract

Government web portals that consolidate public services and process personally identifiable data are prime targets for cyber adversaries. However, many existing assessments rely on single-framework methodologies that provide limited adversarial context and insufficient prioritization guidance. This study evaluates the security posture of System X, a public-facing government portal in Indonesia, using a grey-box penetration testing approach that integrates OWASP Top 10:2021, CVSS v3.1, and MITRE ATT&CK. Automated scanning using OWASP ZAP and Nessus identified 12 potential vulnerabilities, which were subsequently validated through manual testing using Burp Suite, cURL, SQLmap, and browser developer tools. The validation process confirmed nine True Positives and three False Positives, resulting in a 25% false positive rate, consistent with prior studies on government web applications. The identified vulnerabilities fall within Broken Access Control, Security Misconfiguration, and Identification and Authentication Failures, with CVSS Base Scores ranging from 4.2 to 6.1. Unlike traditional severity-based assessments, the integration of MITRE ATT&CK enables adversarial behavior mapping and reveals dependency relationships between vulnerabilities. For example, a single Content Security Policy (CSP) misconfiguration was found to enable multiple attack techniques (T1059.007), demonstrating that addressing one root cause can mitigate several related vulnerabilities simultaneously. This integrated approach enhances vulnerability prioritization by providing both severity and attacker-context insights, offering more actionable remediation strategies compared to single-framework methods. The findings contribute to improving practical security assessment methodologies for government systems and support evidence-based cybersecurity decision-making.
Co-Authors Abdi, Harris Cipta Abiyan Naufal Hilmi Achmad Junaidi Achmad Junaidi, Achmad Aditia Mieka Darminta Adityawati, Dewi Affro, Salma Agung Mustika Rizki Agung Mustika Rizki, Agung Mustika Agussalim Agussalim Agussalim, Agussalim Akbar, Fawwaz Ali Al Afgany, Muhammad Iqbal Al Hamda, Veqqy Ananda Azra Razali Andreas Nugroho Sihananto Anggraini Puspita Sari Anggraini Puspitasari Sari Ani Dijah Rahajoe Aniisah Eka Rahmawati Arif Saifudin, Muhamad Arif, M. Arimawan, Kesya Sakha Nesya Arrosyid, Muhammad Habib Arum Prabowo, Galih Aulia, Rhimba Az-zahra, Firlie Aurellia Bagaskara, Bregas Arya Bariq Satrio Yudoko Basuki Rahmat Masdi Siduppa Budi Mukhamad Mulyo Budi Nugroho Budianto Budianto Chystia Aji Putra Darminta, Aditia Mieka Eka Zuni Selviana Endang Sholihatin Erlangga Wicaksono, Dewa Erlina Diah Karisma Eva Yulia Puspaningrum Fadhilasari, Annisa Fetty Tri Anggraeny Fikri Dwilaksono Firza Prima Aditiawan Fitriansyah, Muhammad Daffa Hamzah Dimas Syah Reza Hermawan, Oky I Made Suartana I Nyoman Sujana idhom, Mohammad IMANDAYANTI, NUR EZA Intan Yuniar Purbasari inthan anggraini, dieas Islah Rachmawati Kristiawan, Kiki Yuniar Lina Nurlaili, Afina Made Hanindia Prami Swari Mandyartha, Eka Prakarsa Mohamad Ilham Prasetyo Raharjo Mohammad Idhom Muchammad Syamsu Huda Muhammad Abdullah Hafizh Muhammad Idhom Muhammad Rizki Alamsyah Muhammad, rizal Muttaqin, Faisal Nafa Nabila El Indri naufal firdaus, ahmad Nugroho, Budi Nugroho, Budi Nugroho, Budi Nur Firmansyah, Taufik Nurlaili, Afina Lina Phitria, Shaum Prakoso, Galih Indo Putra, Chrystia Aji Putra, Chystia Aji Putri, Della Atika Raditya Dimas Libriawan Rahmawati, Aniisah Eka Ramadhaniar, Alfi Rayhan Rizal Mahendra Retno Mumpuni Retno Mumpuni Rhiziqo Adjie Syahputra Salsabila, Belia Putri Sandy Rizkyando Sandy, Aditya Noor Saputra, Wahyu S.J. Saputro, Fajar Arif Eko Shabika Aqmarina, Azzuraa Sitompul, Pelean Alexander Jonas Soedarto, Teguh Suartana, I Made Sugiarto Sugiarto - SUGIARTO - Sukirmiyadi, Sukirmiyadi Swasti, Ika Korika TATI NURHAYATI Thohir, A. Zaki Thomas Andrew Imanzaghi Vierino, Farrel Tiuraka Vita Via, Yisti Wahono, Bari Hade Variant Yudha Asmara, I Wayan Zaim, Mohammad Syarifuz