<![CDATA[Website security is one of the main focuses in information system management, especially with the increasing cyber threats that can damage the integrity and confidentiality of data. One way to identify security gaps through penetration testing is widely used using automated tools to improve efficiency and accuracy. Identifying potential vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and configuration failures in This study involved implementing automated tools on several website tests, where the test results were then analyzed to determine potential security risks. The study found vulnerabilities in the form of Application Error Disclosure, Content Security Policy (CSP), hidden files found, servers leaking information via x-power-by, servers leaking version information via the server, x-content-type-options headers missing, and user agent fuzzier These findings contribute to efforts to improve the quality of automated security testing, as well as optimizing potential threat mitigation actions. Evaluate and disable components that are not needed in production, Disable or restrict closing the “X-Powered-By” and “Server” headers, Check for different responses based on User Agent, and use the HTTPS protocol throughout the application to improve its security]]>
Copyrights © 2025
