<![CDATA[Website security is a crucial aspect of ensuring data integrity, confidentiality, and availability, especially in the face of increasingly sophisticated cyber threats. E-Pinter, a digital licensing service platform, is highly vulnerable to cyberattacks such as SQL Injection and Cross-Site Scripting (XSS), both of which can potentially compromise its system and the sensitive information stored within. This study aims to evaluate the security level of the E-Pinter website against these two types of attacks through a combination of manual and automated penetration testing methods designed to identify existing vulnerabilities. The SQL Injection tests involved inserting various payloads into input parameters to assess whether the database could be manipulated, while the XSS tests were conducted by embedding malicious scripts into unvalidated inputs to determine the likelihood of user interface exploitation. The results revealed several weaknesses that attackers could exploit, potentially leading to data leaks, unauthorized access, and disruptions to system operations. These findings highlight that the E-Pinter platform, as a critical public service system, requires immediate strengthening of its security protocols. As a mitigation effort, the research recommends the implementation of prepared statements to protect against SQL Injection attacks and the use of functions such as htmlspecialchars() to prevent the execution of malicious XSS scripts. Furthermore, it emphasizes the importance of continuous security monitoring, regular penetration testing, and proper input validation as essential practices for sustainable website protection. By adopting these measures, the security of E-Pinter can be significantly enhanced, ensuring the safety of user data, improving public trust in digital government services, and reducing the risk of exploitation in the future, especially as digital transformation accelerates in public administration and service delivery.]]>
Copyrights © 2025
