Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing

Dinda Aulia Rizki; Imam Riadi

Call for Paper

February Edition

IJCA solicits high quality original research papers for the upcoming February edition of the journal. The last date of research paper submission is 20 January 2025

Submit your paper

Know more

The week's pick

SFLA-Based Line Balancing and Task Optimization in Master-Slave Controlled Hanger Transportation Systems for Garment Production

Duc Hoang Nguyen

Random Articles

A Proposed Paradigm for Enhancing Customer Retention using Web Usage Mining

Jan

2020

Review of Digital Watermarking Techniques

January

2015

Volatile Memory Forensics: A Legal Perspective

Dec

2016

Assessing the Significance of Incorporating User Profiles in Social Book Search

Feb

2018

Reseach Article

Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing

by Dinda Aulia Rizki, Imam Riadi

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 186 - Number 45

Year of Publication: 2024

Authors: Dinda Aulia Rizki, Imam Riadi

10.5120/ijca2024924085

Dinda Aulia Rizki, Imam Riadi . Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing. International Journal of Computer Applications. 186, 45 ( Oct 2024), 11-21. DOI=10.5120/ijca2024924085

@article{ 10.5120/ijca2024924085,

author = { Dinda Aulia Rizki, Imam Riadi },

title = { Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing },

journal = { International Journal of Computer Applications },

issue_date = { Oct 2024 },

volume = { 186 },

number = { 45 },

month = { Oct },

year = { 2024 },

issn = { 0975-8887 },

pages = { 11-21 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume186/number45/security-analysis-of-village-website-against-cross-site-scripting-attacks/ },

doi = { 10.5120/ijca2024924085 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-10-26T00:55:48.945248+05:30

%A Dinda Aulia Rizki

%A Imam Riadi

%T Security Analysis of Village Government Website Against Cross-Site Scripting Attacks using Penetration Testing

%J International Journal of Computer Applications

%@ 0975-8887

%V 186

%N 45

%P 11-21

%D 2024

%I Foundation of Computer Science (FCS), NY, USA

Abstract

The internet is the main source for obtaining various information, both useful and not. A website, also known as a site or portal, is a digital platform consisting of a collection of pages designed to present information in various formats, such as text, still and moving images, animations, and sound. This website serves as an important platform for public services, so it is crucial to protect it from cyber threats. This research aims to analyze and improve the security vulnerabilities of websites against Cross-Site Scripting (XSS) attacks using the Penetration Testing method. The research methodology used in this study includes four essential steps to address potential XSS vulnerabilities on the Purwobakti website. The first step is Preparation, which involves a thorough analysis of the security issues and the development of action plans to address any identified threats. The second step, Scanning, involves a comprehensive scan of all data collected in the previous phase. The third step is Testing, where an in-depth analysis is conducted to identify and evaluate the existing security weaknesses on the website. Finally, the Reporting phase compiles the security testing results into a comprehensive report that provides a complete overview the website security status. The results of this study identified 8 findings: 1 high-risk threat of Server-Side Template Injection (Blind), 1 medium-risk of Content Security Policy (CSP) Header Not Set, Absence Of Anti-CSRF Tokens, and Missing Anti-clickjacking Header, one low-risk threat of Strict-Transport-Security Header Not Set, and 3 informational-level risks, including User Controllable HTML Element Attribute (Potential XSS), Re-examine Cache-control Directives, and Modern Web Application.

References

J. J. B. H. Yum Thurfah Afifa Rosaliah, “Pengujian Celah Keamanan Website Menggunakan Teknik Penetration Testing dan Metode OWASP TOP 10 pada Website SIM,” Senamika, vol. 2, no. September, pp. 752–761, 2021.
J. T. Elektro and P. N. Medan, “Perancangan Website Pada Pt. Ratu Enim Palembang,” pp. 15–27,
Muhammad Isfa Hany, Adhitya Bhawiyuga, and Ari Kusyanti, “Implementasi Cross Site Scripting Vulnerability Assessment Tools berdasarkan OWASP Code Review,” J. Pengemb. Teknol. Inf. dan Ilmu Komput, vol. 5, no. 9, pp. 3745–3753, 2021.
B. Sakti, A. Aziz, and A. Doewes, “Uji Kelayakan Implementasi SSH sebagai Pengaman FTP Server dengan Penetration Testing,” J. Teknol. Inf. ITSmart, vol. 2, no. 1, p. 44, 2016, doi: 10.20961/its.v2i1.620.
I. M. Edy Listartha, I. M. A. Premana Mitha, M. W. Aditya Arta, and I. K. W. Yuda Arimika, “Analisis Kerentanan Website SMA Negeri 2 Amlapura Menggunakan Metode OWASP (Open Web Application Security Project),” Simkom, vol. 7, no. 1, pp. 23–27, 2022, doi: 10.51717/simkom.v7i1.63.
F. Fachri, A. Fadlil, and I. Riadi, “Analisis Keamanan Webserver menggunakan Penetration Test,” J. Inform., vol.8,no.2,pp.183–190,2021,doi:10.31294/ji.v8i2.1085 4.
H. Azis and F. Fattah, “Analisis Layanan Keamanan Sistem Kartu Transaksi Elektronik Menggunakan Metode Penetration Testing,” Ilk. J. Ilm., vol. 11, no. 2,pp.167–174,2019,doi:10.33096/ilkom.v11i2.447.1 67-174.
Y. A. Pohan, “Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar,” J. SistimInf.danTeknol.,vol.3,pp.16,2021,doi:10.37034/jsisfotek.v3i1.3 6.
S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),” J. Algoritm.,vol.18,no.1,pp77–86,2021,doi:10.33364/alg oritma/v.18-1.827.
I. O. Riandhanu, “Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi,” J. Inf. dan Teknol., vol. 4, no. 3, pp. 160–165, 2022, doi: 10.37034/jidt.v4i3.236.
S. Nurul, S. Anggrainy, and S. Aprelyani, “Faktor-Faktor Yang Mempengaruhi Keamanan Sistem Informasi\ : Keamanan Informasi , Teknologi Informasi Dan Network ( Literature Review Sim ),” J. Ekon. Manaj. Sist. Inf., vol. Vol. 3, no. No. 5, pp. 564–573, 2022.
A. H. Harahap, C. Difa Andani, A. Christie, D. Nurhaliza, and A. Fauzi, “Pentingnya Peranan CIA Triad Dalam Keamanan Informasi dan Data Untuk Pemangku Kepentingan atau Stakholder,” J. Manaj. dan Pemasar. Digit., vol. 1, no. 2, pp. 73–83, 2023.
M. Kamil, B. Rahmat, and O. Primadianti, “Perancangan Dan Implementasi Web Server Untuk Pemantauan Kualitas Air Berbasis Iot,” e-Proceeding Eng., vol. 8, no. 6, p. 3515, 2022.
Y. Mulyanto and A. A. Fari, “Analisis Keamanan Login Router Mikrotik dari Serangan Brute Force Menggunakan Metode Penetration Testing,” J. Inform. Teknol. dan Sains, vol. 4, no. No.3, pp. 145–155, 2022.
M. D. Al Vriano, “Pengujian Keamanan Web Juice Shop Dengan Metode Pentesting Berbasis Owasp Top 10,” J. Multidisiplin Saintek, vol. 1, no. 06, pp. 81–90, 2023.
M. Hasibuan and A. M. Elhanafi, “Penetration Testing Sistem Jaringan Komputer Menggunakan Kali Linux untuk Mengetahui Kerentanan Keamanan Server dengan Metode Black Box,” sudo J. Tek. Inform., vol. 1,no.4,pp.171–177, 2022, doi: 10.56211/sudo.v1i4.160.
C. Alderi Jeffta Soewoeh et al., “Analisa Kerentanan Website FMIPA UNSRAT Berdasarkan Open Web Application Security Project Top 10 Framework,” JECSIT J. Eng. Comput. Sci. Inf. Technol., vol. 2, no. 2, pp. 2797–5045, 2022, [Online]. Available:http: //jurnal.teknokrat.ac.id/index.php/JECSIT/article/view/251.
M. A. Mu’min, A. Fadlil, and I. Riadi, “Analisis Keamanan Sistem Informasi Akademik Menggunakan Open Web Application Security Project Framework,” J. Media Inform. Budidarma, vol. 6, no. 3, p. 1468, 2022, doi: 10.30865/mib.v6i3. 4099.
H. Haikal Muhammad, A. Id Hadiana, and H. Ashaury, “Pengamanan Aplikasi Web Dari Serangan Sql Injection Dan Cross Site Scripting Menggunakan Web Application Firewall,” JATI (Jurnal Mhs. Tek. Inform., vol.7,no.5,pp.3265–3273,2024,doi:10.36040/jati.v7i5. 7320.
B. I. Dewangkara, K. S. Santi, V. A. Putri, and I. M. E. Listartha, “Penerapan Analisis Kerentanan XSS dan Rate Limiting pada Situs Web MTsN 3 Negara Menggunakan OWASP ZAP,” J. Inform. Upgris, vol.8,no.1,pp.92–97,2022,doi:10.26877/jiu.v8i1.102 66.
S. Suroto and A. Asman, “Ancaman Terhadap Keamanan Informasi Oleh Serangan Cross-Site Scripting (Xss) Dan Metode Pencegahannya,” Zo. Komput.,vol.11,no.1,pp.1119,2021,[Online].Available:http://www.hackers.com ?yid=
I. M. Suartana, H. Endah Wahanani, and A. Noor Sandy, “Sistem Pengaman Web Server Dengan Application Firewall (WAF),” Scan, vol. X, no. 1, pp. 3–8, 2015
A. S. Hakim, T. A. Cahyanto, and H. Azizah, “Serangan cross-site scripting (XSS) berdasarkan base metric CVSS V.2,” J. Smart Teknol., vol. 2, no. 1, 2020.
N. I. Aspriantama, “Pengujian Keamanan Sistem Informasi Uajy Menggunakan Penetration Testing,” 2021,[Online].Available:http://ejournal.uajy.ac.id/id/eprint/24753
Harry Dwi Sabdho and Ulfa Maria, “Analisis Keamanan Jaringan Wireless Menggunakan Metode Penetration Testing Pada Kantor PT. Mora Telematika Indonesia Regional Palembang,” Semhavok, vol. 1, no. 1, pp. 15–24, 2018.

Index Terms

Computer Science

Information Sciences

Keywords

Cross-Site Scripting Information security Open Web Application Security Project Penetration Testing Website