Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Journal of Innovation Information Technology and Application (JINITA)
Ilham Akbar
Amikom Purwokerto University
Computer Science & IT Decision Sciences, Operations Research & Management Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Penetration Testing Through NIST SP 800-115 and OWASP TOP 10 With Risk Analysis Using CVSS on the XY Diskominfo Website Ilham Akbar; Khairunnisak Nur Isnaini; Banu Dwi Putranto
Journal of Innovation Information Technology and Application (JINITA) Vol 7 No 2 (2025): JINITA, December 2025
Publisher : Politeknik Negeri Cilacap

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.35970/jinita.v7i2.2907

Abstract

Currently, websites are widely used in various fields, including government. However, government websites are often the target of hacking. The XY Regency Communication and Information Agency experienced a website breach in 2023, which affected one of its subdomains, e-office.xy-regency.go.id, which stored employee data. This hack resulted in the leakage of sensitive data, user account takeovers, service disruptions, and a decline in public trust. The purpose of this study was to identify and test the vulnerabilities of the e-office.xy-regency.go.id website using the NIST SP 800-115 method, which includes the planning, discovery, attack, and reporting phases. Vulnerabilities were classified using the Common Vulnerability Scoring System (CVSS) and the OWASP Top 10 standard. This study identified two high-level vulnerabilities, namely Cross-Site Scripting (XSS) with a CVSS score of 8.2, classified as High severity, and Cross-Site Request Forgery (CSRF) with a CVSS score of 9.3, classified as Critical severity. These vulnerabilities could allow hackers to execute malicious scripts and manipulate users without their knowledge. Recommendations include implementing input validation on text boxes by limiting characters to letters or combinations of letters and numbers, and ensuring that all forms and endpoints that handle sensitive data are protected with unique and unpredictable CSRF tokens. Future research should focus on analyzing domain vulnerabilities, identifying the origin and potential of attacks, and developing effective protection and recovery strategies.
Co-Authors Banu Dwi Putranto Khairunnisak Nur Isnaini