CFP last date
20 November 2024
Call for Paper
December Edition
IJCA solicits high quality original research papers for the upcoming December edition of the journal. The last date of research paper submission is 20 November 2024

Submit your paper
Know more
Reseach Article

Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing

by Dinda Aulia Rizki, Imam Riadi
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 186 - Number 45
Year of Publication: 2024
Authors: Dinda Aulia Rizki, Imam Riadi
10.5120/ijca2024924085

Dinda Aulia Rizki, Imam Riadi . Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing. International Journal of Computer Applications. 186, 45 ( Oct 2024), 11-21. DOI=10.5120/ijca2024924085

@article{ 10.5120/ijca2024924085,
author = { Dinda Aulia Rizki, Imam Riadi },
title = { Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing },
journal = { International Journal of Computer Applications },
issue_date = { Oct 2024 },
volume = { 186 },
number = { 45 },
month = { Oct },
year = { 2024 },
issn = { 0975-8887 },
pages = { 11-21 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume186/number45/security-analysis-of-village-website-against-cross-site-scripting-attacks/ },
doi = { 10.5120/ijca2024924085 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-10-26T00:55:48.945248+05:30
%A Dinda Aulia Rizki
%A Imam Riadi
%T Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing
%J International Journal of Computer Applications
%@ 0975-8887
%V 186
%N 45
%P 11-21
%D 2024
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The internet is the main source for obtaining various information, both useful and not. A website, also known as a site or portal, is a digital platform consisting of a collection of pages designed to present information in various formats, such as text, still and moving images, animations, and sound. This website serves as an important platform for public services, so it is crucial to protect it from cyber threats. This research aims to analyze and improve the security vulnerabilities of websites against Cross-Site Scripting (XSS) attacks using the Penetration Testing method. The research methodology used in this study includes four essential steps to address potential XSS vulnerabilities on the Purwobakti website. The first step is Preparation, which involves a thorough analysis of the security issues and the development of action plans to address any identified threats. The second step, Scanning, involves a comprehensive scan of all data collected in the previous phase. The third step is Testing, where an in-depth analysis is conducted to identify and evaluate the existing security weaknesses on the website. Finally, the Reporting phase compiles the security testing results into a comprehensive report that provides a complete overview the website security status. The results of this study identified 8 findings: 1 high-risk threat of Server-Side Template Injection (Blind), 1 medium-risk of Content Security Policy (CSP) Header Not Set, Absence Of Anti-CSRF Tokens, and Missing Anti-clickjacking Header, one low-risk threat of Strict-Transport-Security Header Not Set, and 3 informational-level risks, including User Controllable HTML Element Attribute (Potential XSS), Re-examine Cache-control Directives, and Modern Web Application.

References
  1. J. J. B. H. Yum Thurfah Afifa Rosaliah, “Pengujian Celah Keamanan Website Menggunakan Teknik Penetration Testing dan Metode OWASP TOP 10 pada Website SIM,” Senamika, vol. 2, no. September, pp. 752–761, 2021.
  2. J. T. Elektro and P. N. Medan, “Perancangan Website Pada Pt. Ratu Enim Palembang,” pp. 15–27,
  3. Muhammad Isfa Hany, Adhitya Bhawiyuga, and Ari Kusyanti, “Implementasi Cross Site Scripting Vulnerability Assessment Tools berdasarkan OWASP Code Review,” J. Pengemb. Teknol. Inf. dan Ilmu Komput, vol. 5, no. 9, pp. 3745–3753, 2021.
  4. B. Sakti, A. Aziz, and A. Doewes, “Uji Kelayakan Implementasi SSH sebagai Pengaman FTP Server dengan Penetration Testing,” J. Teknol. Inf. ITSmart, vol. 2, no. 1, p. 44, 2016, doi: 10.20961/its.v2i1.620.
  5. I. M. Edy Listartha, I. M. A. Premana Mitha, M. W. Aditya Arta, and I. K. W. Yuda Arimika, “Analisis Kerentanan Website SMA Negeri 2 Amlapura Menggunakan Metode OWASP (Open Web Application Security Project),” Simkom, vol. 7, no. 1, pp. 23–27, 2022, doi: 10.51717/simkom.v7i1.63.
  6. F. Fachri, A. Fadlil, and I. Riadi, “Analisis Keamanan Webserver menggunakan Penetration Test,” J. Inform., vol.8,no.2,pp.183–190,2021,doi:10.31294/ji.v8i2.1085 4.
  7. H. Azis and F. Fattah, “Analisis Layanan Keamanan Sistem Kartu Transaksi Elektronik Menggunakan Metode Penetration Testing,” Ilk. J. Ilm., vol. 11, no. 2,pp.167–174,2019,doi:10.33096/ilkom.v11i2.447.1 67-174.
  8. Y. A. Pohan, “Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar,” J. SistimInf.danTeknol.,vol.3,pp.16,2021,doi:10.37034/jsisfotek.v3i1.3 6.
  9. S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),” J. Algoritm.,vol.18,no.1,pp77–86,2021,doi:10.33364/alg oritma/v.18-1.827.
  10. I. O. Riandhanu, “Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi,” J. Inf. dan Teknol., vol. 4, no. 3, pp. 160–165, 2022, doi: 10.37034/jidt.v4i3.236.
  11. S. Nurul, S. Anggrainy, and S. Aprelyani, “Faktor-Faktor Yang Mempengaruhi Keamanan Sistem Informasi\ : Keamanan Informasi , Teknologi Informasi Dan Network ( Literature Review Sim ),” J. Ekon. Manaj. Sist. Inf., vol. Vol. 3, no. No. 5, pp. 564–573, 2022.
  12. A. H. Harahap, C. Difa Andani, A. Christie, D. Nurhaliza, and A. Fauzi, “Pentingnya Peranan CIA Triad Dalam Keamanan Informasi dan Data Untuk Pemangku Kepentingan atau Stakholder,” J. Manaj. dan Pemasar. Digit., vol. 1, no. 2, pp. 73–83, 2023.
  13. M. Kamil, B. Rahmat, and O. Primadianti, “Perancangan Dan Implementasi Web Server Untuk Pemantauan Kualitas Air Berbasis Iot,” e-Proceeding Eng., vol. 8, no. 6, p. 3515, 2022.
  14. Y. Mulyanto and A. A. Fari, “Analisis Keamanan Login Router Mikrotik dari Serangan Brute Force Menggunakan Metode Penetration Testing,” J. Inform. Teknol. dan Sains, vol. 4, no. No.3, pp. 145–155, 2022.
  15. M. D. Al Vriano, “Pengujian Keamanan Web Juice Shop Dengan Metode Pentesting Berbasis Owasp Top 10,” J. Multidisiplin Saintek, vol. 1, no. 06, pp. 81–90, 2023.
  16. M. Hasibuan and A. M. Elhanafi, “Penetration Testing Sistem Jaringan Komputer Menggunakan Kali Linux untuk Mengetahui Kerentanan Keamanan Server dengan Metode Black Box,” sudo J. Tek. Inform., vol. 1,no.4,pp.171–177, 2022, doi: 10.56211/sudo.v1i4.160.
  17. C. Alderi Jeffta Soewoeh et al., “Analisa Kerentanan Website FMIPA UNSRAT Berdasarkan Open Web Application Security Project Top 10 Framework,” JECSIT J. Eng. Comput. Sci. Inf. Technol., vol. 2, no. 2, pp. 2797–5045, 2022, [Online]. Available:http: //jurnal.teknokrat.ac.id/index.php/JECSIT/article/view/251.
  18. M. A. Mu’min, A. Fadlil, and I. Riadi, “Analisis Keamanan Sistem Informasi Akademik Menggunakan Open Web Application Security Project Framework,” J. Media Inform. Budidarma, vol. 6, no. 3, p. 1468, 2022, doi: 10.30865/mib.v6i3. 4099.
  19. H. Haikal Muhammad, A. Id Hadiana, and H. Ashaury, “Pengamanan Aplikasi Web Dari Serangan Sql Injection Dan Cross Site Scripting Menggunakan Web Application Firewall,” JATI (Jurnal Mhs. Tek. Inform., vol.7,no.5,pp.3265–3273,2024,doi:10.36040/jati.v7i5. 7320.
  20. B. I. Dewangkara, K. S. Santi, V. A. Putri, and I. M. E. Listartha, “Penerapan Analisis Kerentanan XSS dan Rate Limiting pada Situs Web MTsN 3 Negara Menggunakan OWASP ZAP,” J. Inform. Upgris, vol.8,no.1,pp.92–97,2022,doi:10.26877/jiu.v8i1.102 66.
  21. S. Suroto and A. Asman, “Ancaman Terhadap Keamanan Informasi Oleh Serangan Cross-Site Scripting (Xss) Dan Metode Pencegahannya,” Zo. Komput.,vol.11,no.1,pp.1119,2021,[Online].Available:http://www.hackers.com ?yid=
  22. I. M. Suartana, H. Endah Wahanani, and A. Noor Sandy, “Sistem Pengaman Web Server Dengan Application Firewall (WAF),” Scan, vol. X, no. 1, pp. 3–8, 2015
  23. A. S. Hakim, T. A. Cahyanto, and H. Azizah, “Serangan cross-site scripting (XSS) berdasarkan base metric CVSS V.2,” J. Smart Teknol., vol. 2, no. 1, 2020.
  24. N. I. Aspriantama, “Pengujian Keamanan Sistem Informasi Uajy Menggunakan Penetration Testing,” 2021,[Online].Available:http://ejournal.uajy.ac.id/id/eprint/24753
  25. Harry Dwi Sabdho and Ulfa Maria, “Analisis Keamanan Jaringan Wireless Menggunakan Metode Penetration Testing Pada Kantor PT. Mora Telematika Indonesia Regional Palembang,” Semhavok, vol. 1, no. 1, pp. 15–24, 2018.
Index Terms

Computer Science
Information Sciences

Keywords

Cross-Site Scripting Information security Open Web Application Security Project Penetration Testing Website