Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal JURNAL ELEKTRO DAN INFORMATIKA SWADHARMA (JEIS)
Arief, Mizar Ismu
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
ANALISIS KERENTANAN WEBSITE MELALUI PENDEKATAN PENETRATION TESTING BERDASARKAN STANDAR OWASP TOP 10 STUDI KASUS SIMPELMAS UNIVERSITAS XYZ Arief, Mizar Ismu; Anwar, Dede Syahrul; Supriatman, Agus
JEIS: Jurnal Elektro dan Informatika Swadharma Vol 5, No 2 (2025): JEIS EDISI JULI 2025
Publisher : Institut Teknologi dan Bisnis Swadharma

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.56486/jeis.vol5no2.798

Abstract

SIMPELMAS was a web-based information system used by the LP2M of XYZ University to manage research and community service data. A hacking incident on the simpelmas.universitas-xyz.ac.id subdomain indicated security vulnerabilities that needed further investigation. This research aimed to analyse the vulnerability level of the subdomain using a penetration testing approach based on the Open Web Application Security Project (OWASP) Top 10 2021 edition standards. A black-box testing method was implemented through data collection, vulnerability scanning, exploitation testing, and report preparation stages, utilising OWASP ZAP, Burp Suite, and SQLMap tools. The results revealed two principal vulnerabilities: Security Misconfiguration in the form of active APP_DEBUG on the production server, and Identification and Authentication Failures due to the absence of login attempt restrictions (rate limiting). This research provides technical recommendations for mitigation and can serve as a reference for security improvements in similar information systems within academic environments.SIMPELMAS adalah sistem informasi berbasis web yang digunakan LP2MUniversitas XYZ untuk pengelolaan data penelitian dan pengabdian masyarakat. Insiden peretasan pada subdomain simpelmas.universitas-xyz.ac.id mengindikasikan adanya celah keamanan yang perlu diteliti. Penelitian ini menganalisis kerentanan subdomain tersebut menggunakan pendekatan penetration testing berdasarkan standar OWASP Top 10 edisi 2021. Metode blackbox testing diterapkan melalui tahapan pengumpulan data, pemindaian kerentanan, pengujian eksploitasi, dan penyusunan laporan dengan memanfaatkan tools OWASP ZAP, Burp Suite, dan SQLMap. Hasil penelitian menemukan dua kerentanan utama: Security Misconfiguration berupa aktifnya APP_DEBUG di server produksi dan Identification and Authentication Failures karena tidak adanya pembatasan percobaan login. Penelitian ini menyediakan rekomendasi teknis untuk mitigasi dan dapat menjadi rujukan perbaikan keamanan sistem informasi di lingkungan akademik.
Co-Authors Agus Supriatman Dede Syahrul Anwar, Dede Syahrul