<![CDATA[The payroll system plays a critical role in human resource management as it processes and stores sensitive employee data, including personal identity, salary information, financial records, and employment history. The increasing reliance on web-based applications has significantly improved operational efficiency; however, it also increases exposure to cybersecurity threats when security controls are not optimally implemented. This study aims to analyze security vulnerabilities in the payroll system of PT. Vidira Eshan Abadi using the Penetration Testing Execution Standard (PTES) methodology, with OWASP Top 10 2021 used as a vulnerability classification framework. The research stages include pre-engagement interactions, reconnaissance, scanning, enumeration, exploitation, post-exploitation analysis, and reporting. Security testing was conducted using tools such as Nuclei, Gobuster, Dirsearch, Burp Suite, and SQLMap. The results indicate the presence of several vulnerabilities with low to high severity levels, including security misconfiguration, absence of authentication rate limiting, potential SQL injection, and stored Cross-Site Scripting (XSS) vulnerabilities across multiple system modules. This study recommends implementing strict input validation mechanisms, consistent output encoding, improved server configuration, and enhanced authentication protection to strengthen the security posture of the payroll system.]]>
Copyrights © 2026
