<![CDATA[Information security in e-commerce applications is a crucial aspect in maintaining the integrity, confidentiality, and availability of user data. The method used is penetration testing with a black-box and grey-box approach, referring to the Penetration Testing Execution Standard (PTES) and the OWASP Top 10 framework for 2021. The testing was conducted through the seven PTES phases: Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post-Exploitation, and Reporting. The testing environment was run locally using tools such as Burp Suite, OWASP ZAP, Nikto, SQLMap, and Nmap. The testing results identified 20 vulnerabilities with high, medium, and low risk levels, including Cross-Site Scripting (XSS), SQL Injection, Broken Access Control, and Security Misconfiguration. Mitigation recommendations are based on ISO/IEC 27001:2022 controls, specifically Annex A.5 (information security policy), A.8 (asset management), and A.12 (operational security). This research contributes to the understanding and application of standards-based security testing in simulation applications, while emphasizing the importance of input validation, secure system configuration, and regular updates as mitigation measures against cyber threats.]]>
Copyrights © 2025
