<![CDATA[Education is one of the fields that utilize information technology to support both academic and operational activities. Technology that is widely used in education is technology based on web applications. Web-based technology has weaknesses that can be used to exploited by attackers. Web-based systems need to have a good security guarantee to provide a sense of security for its users. Udayana University as an educational organization also uses a web-based application known as SIMAK-NG. SIMAK-NG as a web-based system needs a security test. Security tests with penetration tests. Penetration tests with the ISSAF framework. The penetration test based on the ISSAF framework consists of 9 stages, including information gathering, network mapping, vulnerability identification, penetration, gainning access and privilege escalation, enumerating further, maintaining access and covering tracks. The results of SIMAK-NG penetration testing at the gap identification stage found several system vulnerabilities. The final results of testing at all stages of ISSAF at SIMAK-NG only found 11 vulnerabilities including 3 medium level vulnerabilities, 6 low level vulnerabilities and 2 informational level vulnerabilities. Vulnerabilities that are successfully tested are given recommendations for fixes to close vulnerabilities so that no more vulnerabilities can be used by the attacker]]>
Copyrights © 2020
