<![CDATA[Data security in web services is a critical aspect that must be considered to prevent information leakage and unauthorized access. This study aims to analyze the security level of the Universitas Andalas Repository site, specifically regarding its vulnerability to sniffing attacks due to the use of the unencrypted HTTP protocol. The research employs a penetration testing method with an experimental approach. The testing process is carried out in three main stages: reconnaissance using Nmap to identify the services and protocols in use, sniffing using Wireshark to capture and analyze data packets, and evaluation of results based on modern web security standards to assess the level of risks found. The results of the study indicate that the Universitas Andalas Repository site still uses the HTTP protocol in its communication process, meaning that all data transmitted between the client and server can be read in plaintext. The Nmap scan results confirm that the web service operates on port 80 without SSL/TLS encryption support. Meanwhile, the packet analysis results using Wireshark show that both HTTP requests and responses can be captured and directly observed, including request parameters, cookies, and other potentially sensitive information. These findings suggest that the site has significant vulnerabilities to sniffing attacks and man-in-the-middle attacks, posing a potential risk to user data security.]]>
Copyrights © 2026
