Garuda - Garba Rujukan Digital

Article Per Year (5 Year)

p-Index From 2021 - 2026

0.23

P-Index

This Author published in this journals

All Journal Jurnal Pilar Nusa Mandiri

Monas Tarigan

Nusamandiri University

Author-ID : 9859388

Computer Science & IT

Published : 1 Documents Claim Missing Document

Claim Missing Document

Articles

SECURITY ANALYSIS OF PAYROLL SYSTEM USING THE PENETRATION TESTING EXECUTION STANDARD (PTES) AND OWASP TOP 10 2021 Monas Tarigan
Jurnal Pilar Nusa Mandiri Vol. 22 No. 1 (2026): Pilar Nusa Mandiri : Journal of Computing and Information System Publishing Pe
Publisher : LPPM Universitas Nusa Mandiri

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.33480/pilar.v22i1.8267

The payroll system plays a critical role in human resource management as it processes and stores sensitive employee data, including personal identity, salary information, financial records, and employment history. The increasing reliance on web-based applications has significantly improved operational efficiency; however, it also increases exposure to cybersecurity threats when security controls are not optimally implemented. This study aims to analyze security vulnerabilities in the payroll system of PT. Vidira Eshan Abadi using the Penetration Testing Execution Standard (PTES) methodology, with OWASP Top 10 2021 used as a vulnerability classification framework. The research stages include pre-engagement interactions, reconnaissance, scanning, enumeration, exploitation, post-exploitation analysis, and reporting. Security testing was conducted using tools such as Nuclei, Gobuster, Dirsearch, Burp Suite, and SQLMap. The results indicate the presence of several vulnerabilities with low to high severity levels, including security misconfiguration, absence of authentication rate limiting, potential SQL injection, and stored Cross-Site Scripting (XSS) vulnerabilities across multiple system modules. This study recommends implementing strict input validation mechanisms, consistent output encoding, improved server configuration, and enhanced authentication protection to strengthen the security posture of the payroll system.

Co-Authors

Title

Found 1 Documents
Search

Abstract

Title Search

Found 1 Documents Search

Abstract

Title

Found 1 Documents
Search