<![CDATA[Websites, being dynamic platforms, undergo regular updates and continuous usage. Consequently, methods employed in website attacks evolve in tandem with increased security measures implemented in website systems, aiming to exploit both the website itself and its users. Website systems and features must remain prepared for potential future attacks at all times. To ensure this, penetration testing needed to be done consistently to keep up with security standards. This research aims to prove the various vulnerabilities that can be found from penetration testing in order to create recommendations on what to improve within a website. This research involves black box penetration testing of a computerized psychological testing website, developed by PT Dwi Purwa Teknologi hereinafter referred to as the client. The penetration testing simulated attacks by a foreign entity unfamiliar with the website's structure. The assessment focused on seven attack vectors: SQL injection, RCE, URL manipulation, CSRF, SSRF, XSS, and Broken Authentication and Session. Vulnerabilities resulted from poorly sanitized input forms, leading to SQL injection and RCE risks. Inadequate input validation enabled cross-site scripting attacks, while missing CSRF tokens exposed the website to CSRF threats. The research underscores the importance of penetration testing to identify and address security weaknesses, empowering the client to fortify their website against potential cyber threats.]]>
Copyrights © 2024
