<![CDATA[Currently, websites are widely used in various fields, including government. However, government websites are often the target of hacking. The XY Regency Communication and Information Agency experienced a website breach in 2023, which affected one of its subdomains, e-office.xy-regency.go.id, which stored employee data. This hack resulted in the leakage of sensitive data, user account takeovers, service disruptions, and a decline in public trust. The purpose of this study was to identify and test the vulnerabilities of the e-office.xy-regency.go.id website using the NIST SP 800-115 method, which includes the planning, discovery, attack, and reporting phases. Vulnerabilities were classified using the Common Vulnerability Scoring System (CVSS) and the OWASP Top 10 standard. This study identified two high-level vulnerabilities, namely Cross-Site Scripting (XSS) with a CVSS score of 8.2, classified as High severity, and Cross-Site Request Forgery (CSRF) with a CVSS score of 9.3, classified as Critical severity. These vulnerabilities could allow hackers to execute malicious scripts and manipulate users without their knowledge. Recommendations include implementing input validation on text boxes by limiting characters to letters or combinations of letters and numbers, and ensuring that all forms and endpoints that handle sensitive data are protected with unique and unpredictable CSRF tokens. Future research should focus on analyzing domain vulnerabilities, identifying the origin and potential of attacks, and developing effective protection and recovery strategies.]]>
Copyrights © 2025
