Hasil Pencarian  ::  Simpan CSV :: Kembali

"How to Attack and Defend Your Website is a concise introduction to web security that includes hands-on web hacking tutorials. The book has three primary objectives: to help readers develop a deep understanding of what is happening behind the scenes in a web application, with a focus on the HTTP protocol and other underlying web technologies; to teach readers how to use the industry standard in free web application vulnerability discovery and exploitation tools, most notably Burp Suite, a fully featured web application testing tool; and finally, to gain knowledge of finding and exploiting the most common web security vulnerabilities."

"The basics of web hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities.The basics of web hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user.With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. "

"This comprehensive textbook introduces readers to the three-tiered, Model-View-Controller (MVC) architecture by using Hibernate, JSPs, and Java Servlets. These three technologies all use Java, so that a student with a background in programming will be able to master them with ease, with the end result of being able to create web applications that use MVC, validate user input and save data to a database. Features : presents the many topics of web development in small steps, in an accessible, easy-to-follow style; uses powerful technologies that are freely available on the web to speed up web development, such as JSP, JavaBeans, annotations, JSTL, Java 1.5, Hibernate and Tomcat, discusses HTML, HTML Forms, Cascading Style Sheets and XML, introduces core technologies from the outset, such as the MVC architecture, contains questions and exercises at the end of each chapter, detailed illustrations, chapter summaries, and a glossary; includes examples for accessing common web services."

"Dengan adanya perkembangan teknologi saat ini, banyak pihak memberikan layanan yang dapat dimanfaatkan untuk dapat mempermudah semua kegiatan. Salah satu media yang digunakan untuk berbagai tujuan yaitu website. Salah satu jenis website yaitu website e-learning. Website e learning akan akan menyimpan informasi sensitif seperti data penggunanya untuk dapat memberikan hak akses fasilitas terhadap website tersebut. Informasi sensitif inilah yang perlu diperhatikan dalam pengembangan suatu website agar terhindar dari serangan cyber. Salah satu serangan yang sering terjadi pada website yaitu sql injection, dimana serangan ini terjadi dalam bentuk pencurian atau bahkan memodifikasi informasi pribadi oleh pihak yang tidak berhubungan. Untuk mencegah terjadi serangan pada website maka perlu dilakukannya penetration testing. Penetration testing bertujuan untuk mencari kerentanan yang ada pada website agar dapat segera ditangani sebelum dimanfaatkan oleh pihak yang tidak bertanggung jawab. Terdapat beberapa tahapan yang dilakukan untuk mengidentifikasi kerentanan website yaitu reconnaissance, scanning, exploitation dan report. Pengujian dilakukan dengan menganalisis hasil yang didapatkan dari setiap tahapan penetration testing sehingga dapat diketahui kerentanan yang ada pada website. Dari kerentanan yang terdetaksi maka akan diketahui beberapa rekomendasi solusi untuk mengatasinya. Setiap tahapan penetration testing akan menggunakan beberapa tools pendukung. Selain itu juga dilakukan pengujian keamanan website dengan melakukan serangan sql injection dan xss attack.

---

With the current technological developments, many parties provide services that can be used to facilitate all activities. One of the media used for various purposes is the website. One type of website is an e-learning website. An e-learning website will store sensitive information such as user data to be able to grant facility access rights to the website. This sensitive information needs to be considered in developing a website to avoid cyber attacks. One of the attacks that often occurs on websites is sql injection, where this attack occurs in the form of stealing or even modifying personal information by unrelated parties. To prevent attacks on the website, it is necessary to do penetration testing. Penetration testing aims to find vulnerabilities on the website so that they can be addressed immediately before being exploited by irresponsible parties. There are several steps taken to identify website vulnerabilities, namely reconnaissance, scanning, exploitation and reports. Testing is carried out by analyzing the results obtained from each stage of penetration testing so that the vulnerabilities that exist on the website can be identified. From the detected vulnerabilities, several recommendations for solutions to overcome them will be identified. Each stage of penetration testing will use several supporting tools. Besides that, website security testing is also carried out by carrying out sql injection attacks and xss attacks."

"[Skripsi ini membahas korelasi antara usability (yang di dalam penelitian initerbagi menjadi pre-use usability dan user performance) dan web-designattributes terhadap preferensi pengguna website LCC di Indonesia. Penelitian iniadalah penelitian kualitatif dengan menggunakan metode statistik inferensial.Hasil penelitian ini menunjukkan bahwa ada hubungan yang erat antara usabilitydan preferensi pengguna website LCC di Indonesia, dan pre-use usabilitymemiliki hubungan yang lebih kuat terhadap user preference dibandingkan userperformance; seluruh atribut desain website LCC memiliki korelasi yang kuatterhadap user preference, dan user preference lebih dipengaruhi oleh aspekestetika dibandingkan struktur dan layout website LCC di Indonesia., This thesis aims to evaluate the correlation between usability (which in this studyconsists of pre-use usability and user performance) and web-design attributestowards preference of Indonesian LCC websites users. The data were collected byusing questionnaire and scenario-based time study. This study uses inferentialstatistic methods. The results show that there are strong correlations betweenusability and user preference, pre-use usability has greater correlation than userperformance to user preference, all of web-design attributes have strongcorrelation with user preference, and user preference is mainly affected byaesthetic aspects rather than the organization of structur and layout of thewebsites.]"

"Foundation Website Creation with HTML5, CSS3, and JavaScript shows the entire process of building a website, as well as the best means to deliver professional results based on best practices. This book explains how HTML5 should be used to structure content so that the markup adheres to current web standards. You'll learn about the wide range of HTML5 elements available to you, and you'll learn how and when to use them through building example web pages. Without creative use of Cascading Style Sheets (CSS), websites would all look largely the same. CSS enables you to set your website apart from the rest, while maintaining the integrity of your markup. We'll showcase the new features of CSS3 and how you can use them. You'll learn how CSS3 works and how to apply styles to your pages, allowing you to realize your design ideas in the browser. JavaScript can be used to make your website easier and more interesting to use. This book provides information on appropriate uses of this technology and introduces the concepts of JavaScript programming. You'll also see how JavaScript works as part of the much-hyped technique Ajax, and in turn, where Ajax fits into the wider Web 2.0 picture."

"Keamanan website adalah komponen penting untuk melindungi dan mengamankan situs web dan server. Situs Web dipindai untuk mengetahui kerentanan dan malware melalui perangkat lunak keamanan situs website. Kerentanan dalam teknologi informasi (IT), adalah cacat dalam kode atau desain yang menciptakan titik kompromi keamanan potensial untuk titik akhir atau jaringan. Kerentanan menciptakan kemungkinan vektor serangan, dimana penyusup dapat menjalankan kode atau mengakses memori sistem target. Tools OWASP-ZAP adalah fitur untuk melakukan penetration testing pada sebuah website. SCELE adalah salah satu platform yang disediakan Universitas Indonesia untuk mengakses info akademis. Dengan tool OWASP-ZAP pendeteksian kerentanan pada website SCELE dapat dilakukan serta analisa dari hasil kerentanan tersebut juga dapat disimpulkan agar dapat menjadi acuan untuk memperbaiki sistem SCELE yang telah ada.

---

Website security is an important component to protect and secure websites and servers. The website is scanned to find out vulnerabilities and malware through website security software. Vulnerability in information technology (IT), is defect in code or design that creates a point of potential security compromise for endpoint or network. Vulnerability creates the possibility of an attack vector, where intruders can run code or access the target systems memory. The OWASP-ZAP tool is a feature for penetration testing of a website. Scele is one of the platform provided by University of Indonesia to access academic info. With OWASP-ZAP tool, vulnerability detection on the SCELE website can be done and and analysis of the result of these vulnerabilities can also be concluded to be reference to improve the existing SCELE system."

"Berkembang pesatnya teknologi informasi saat ini sejalan dengan berkembangnya aplikasi berbasis android dan website. Website umumnya digunakan sebagai media informasi dan komunikasi yang tentunya memiliki peran yang sangat penting. Namun, tidak menutup kemungkinan bahwa terdapat ancaman terkait dengan celah keamanan dari suatu website, baik kejahatan cyber, kebocoran data, pencurian data, dan merusak data maupun hanya ingin mengganggu system tersebut. Sebagai contoh pada website admin Digital Outlet yang merupakan pusat dari pengelolaan suatu website application. Dalam website admin tersebut telah tersimpan data dan informasi penting penggunanya yang bersifat sensitif. Maka, perlu adanya perhatian khusus terkait keamanan website tersebut. Pada penelitian ini akan dilakukan vulnerability assessment dan penetration testing pada situs website Digital Outlet menggunakan metode Information System Security Assessment Framework (ISSAF) dengan melakukan pengujian untuk mencari celah keamanan yang umum terjadi pada website tersebut, khususnya celah keamanan pada Broken Access Control, Cross Site Scripting (XSS), SQL Injection, dan sebagainya. Hasil dari penelitian analisis uji kerentanan yang diperoleh pada website Digital Outlet nantinya akan pergunakan untuk memperbaiki dan meningkatkan keamanan pada website tersebut serta menjadi salah satu referensi dalam memberikan rekomendasi terkait pengembangan framework Basic Development Framework (BDF) untuk management struktur rancang bangun suatu website yang baik dan aman. 

---

The rapid development of information technology is currently in line with the development of Android-based applications and website. Website are generally used as a medium of information and communication which of course has a very important role. However, it is possible that there are threats related to the security gaps of a website, both cyber crime, data leaks, data theft, and damage to data or just wanting to disrupt the system. For example, on the Digital Outlet admin website, which is the center of managing a website application. The admin website has stored important sensitive data and information on its users. So, there needs to be special attention regarding the security of the website. In this research, vulnerability assessment dan penetration testing will be carried out on the Digital Outlet website using the Information System Security Assessment Framework (ISSAF) method by conducting tests to find security holes that commonly occur on the website, especially security holes in Broken Access Control, Cross Site Scripting (XSS), SQL Injection, and so on. The results of the vulnerability test analysis research obtained on the Digital Outlet website will later be used to improve and increase security on the website and become a reference in providing recommendations related to the development of the Basic Development Framework (BDF) framework for the management structure of a good website design and build safe."