<![CDATA[This study aims to analyze and improve the security of the SawitGoDigi Palm Oil Harvest Recording Information System using grey-box and white-box testing approaches. The system is used by farmers, agents, drivers, and administrators to manage land data, harvest results, distribution, and transaction records, which makes it highly exposed to security risks if vulnerabilities are present. The security testing process was conducted based on the OWASP Web Security Testing Guide (WSTG) v4.2 and the OWASP Risk Rating Methodology. The testing stages included reconnaissance, automated scanning using OWASP ZAP, manual exploitation, risk evaluation, implementation of security improvements, and retesting. The results revealed several significant vulnerabilities, including SQL Injection in the search feature, weak session management through the trusted_device cookie, and the absence of a rate-limiting mechanism that enabled brute-force attacks during the login process. The risk assessment indicated that SQL Injection and session hijacking were classified as High risk, while brute-force attacks were categorized as Medium risk. Security improvements were implemented through the use of prepared statements, strengthening cookie attributes, adding security headers, and implementing rate limiting. Retesting results confirmed that all identified vulnerabilities were successfully mitigated and reduced to a Low-risk level. This study demonstrates that a comprehensive security testing approach, which includes exploitation, remediation, and verification through retesting, can significantly enhance the security of agribusiness web applications. Furthermore, the findings show that before remediation, the system contained four vulnerabilities with High and Medium risk levels, namely SQL Injection, Session Hijacking, Brute-Force Login, and Security Misconfiguration. After the remediation and retesting process, all High- and Medium-risk vulnerabilities were successfully reduced to Low risk or marked as Closed, indicating that the system is secure for operational use.]]>
Copyrights © 2026
