Hasil Pencarian  ::  Simpan CSV :: Kembali

"Ancaman keamanan terhadap website biasa dihasilkan melalui celah yang memungkinkan pengguna lain melakukan tindak kejahatan. Untuk pemeliharaan keamanan website yang baik, deteksi kerentanan website dapat dilakukan dengan prosedur vulnerability identification dan penetration testing. Penetration Testing Execution Standard (PTES) digunakan pada penelitian ini sebagai kerangka kerja atau framework penetration testing dengan tujuan untuk mendapatkan hasil akhir berupa kerentanan yang dapat mengganggu keamanan website. Terdapat tujuh tahapan yang akan dilakukan pada framework PTES yaitu Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation, dan Reporting. Penetration testing ini juga menerapkan metode blackbox testing. Blackbox testing adalah metode pengujian yang dilakukan tanpa mengetahui informasi apa pun mengenai sistem website. Ditemukan tiga kerentanan dengan tingkat risiko tinggi pada website redstorm setelah melakukan penetration testing dengan framework PTES dan metode blackbox testing, yaitu PII Disclosure, SQL Injection, dan SQL Injection-SQLite. Hasil ini menekankan perlunya penguatan keamanan website dan penerapan langkah-langkah mitigasi yang sesuai untuk melindungi data sensitif dan melawan potensi serangan. Selain itu, penelitian ini menegaskan efektivitas dan relevansi kerangka kerja PTES dalam mengidentifikasi kerentanan keamanan sistem. Implikasi dari temuan ini memberikan kontribusi bagi pengembangan kebijakan keamanan informasi dan penelitian tentang keamanan siber yang lebih lanjut.

---

Security threats to common websites are generated by gaps that allow other users to commit criminal acts. For good website security maintenance, website vulnerability detection can be done with vulnerability identification and penetration testing procedures. The Penetration Testing Execution Standard (PTES) is used in this research as a framework for penetration testing with the aim of obtaining the final result of vulnerabilities that can interfere with the operation of the website. There are seven stages that will be performed on the PTES framework: Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post-exploitation, and Reporting. The penetration test also uses the blackbox testing method. Blackbox testing is a test method that is performed without knowing any information about the website system. Three high-risk vulnerabilities were found on Redstorm websites after performing penetration testing with the PTES framework and blackbox testing methods, namely PII Disclosure, SQL Injection, and SQL injection-SQLite. The results emphasize the need to strengthen website security and implement appropriate mitigation measures to protect sensitive data and counter potential attacks. In addition, the study confirms the effectiveness and relevance of the PTES framework in identifying system security vulnerabilities. The implications of these findings contribute to the development of information security policies and further research on cybersecurity."

"Pengujian penetrasi merupakan suatu langkah penting yang diambil untuk meningkatkan keamanan sebuah website, terutama bagi suatu perusahaan. Terdapat beberapa kerangka kerja dan metodologi untuk uji penetrasi, salah satunya adalah Information Systems Security Assessment Framework (ISSAF). ISSAF merupakan sebuah kerangka kerja yang komprehensif dengan keunggulan pada domain coverage sehingga memungkinkan pengujian bukan hanya dari luar sistem, namun juga masuk ke dalam sistem. Penelitian ini menunjukan tahapan uji penetrasi menggunakan kerangka kerja ISSAF dan memanfaatkan beberapa tools yang umum digunakan untuk mengidentifikasi kerentanan website bagi perusahaan. Hasil dari penelitian ini ditemukan 7 kerentanan, diantaranya yaitu Clickjacking, Brute-force Attack pada Login Page, HSTS Missing From HTTP Server, Content Security Policy (CSP) Header Not Set , Cookie without SameSite Attribute, Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s),serta X-Content-Type-Options Header Missing. Dari hasil pengujian penetrasi ini dapat dijadikan rekomendasi untuk mengatasi kerentanan keamanan pada perusahaan-perusahaan di bidangnya.

---

Penetration testing is an important step taken to improve the security of a website, especially for a company. There are several frameworks and methodologies for penetration testing, one of which is the Information Systems Security Assessment Framework. (ISSAF). ISSAF is a comprehensive framework with advantages on domain coverage that allows testing not only from outside the system, but also into the system.  This research demonstrates the stage of penetration testing using the ISSAF framework and utilizes several commonly used tools to identify website vulnerabilities for companies. This study we found seven vulnerabilities in the target website, including Clickjacking, Brute-force Attack on Login Page, HSTS Missing from HTTP Server, Content Security Policy (CSP) Header Not Set, Cookie without SameSite Attribute, Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s), and X-Content-Type-Options Header Missing. From this penetration test results, a recommendation to address security vulnerabilities in companies can be conducted."

"Dengan adanya perkembangan teknologi saat ini, banyak pihak memberikan layanan yang dapat dimanfaatkan untuk dapat mempermudah semua kegiatan. Salah satu media yang digunakan untuk berbagai tujuan yaitu website. Salah satu jenis website yaitu website e-learning. Website e learning akan akan menyimpan informasi sensitif seperti data penggunanya untuk dapat memberikan hak akses fasilitas terhadap website tersebut. Informasi sensitif inilah yang perlu diperhatikan dalam pengembangan suatu website agar terhindar dari serangan cyber. Salah satu serangan yang sering terjadi pada website yaitu sql injection, dimana serangan ini terjadi dalam bentuk pencurian atau bahkan memodifikasi informasi pribadi oleh pihak yang tidak berhubungan. Untuk mencegah terjadi serangan pada website maka perlu dilakukannya penetration testing. Penetration testing bertujuan untuk mencari kerentanan yang ada pada website agar dapat segera ditangani sebelum dimanfaatkan oleh pihak yang tidak bertanggung jawab. Terdapat beberapa tahapan yang dilakukan untuk mengidentifikasi kerentanan website yaitu reconnaissance, scanning, exploitation dan report. Pengujian dilakukan dengan menganalisis hasil yang didapatkan dari setiap tahapan penetration testing sehingga dapat diketahui kerentanan yang ada pada website. Dari kerentanan yang terdetaksi maka akan diketahui beberapa rekomendasi solusi untuk mengatasinya. Setiap tahapan penetration testing akan menggunakan beberapa tools pendukung. Selain itu juga dilakukan pengujian keamanan website dengan melakukan serangan sql injection dan xss attack.

---

With the current technological developments, many parties provide services that can be used to facilitate all activities. One of the media used for various purposes is the website. One type of website is an e-learning website. An e-learning website will store sensitive information such as user data to be able to grant facility access rights to the website. This sensitive information needs to be considered in developing a website to avoid cyber attacks. One of the attacks that often occurs on websites is sql injection, where this attack occurs in the form of stealing or even modifying personal information by unrelated parties. To prevent attacks on the website, it is necessary to do penetration testing. Penetration testing aims to find vulnerabilities on the website so that they can be addressed immediately before being exploited by irresponsible parties. There are several steps taken to identify website vulnerabilities, namely reconnaissance, scanning, exploitation and reports. Testing is carried out by analyzing the results obtained from each stage of penetration testing so that the vulnerabilities that exist on the website can be identified. From the detected vulnerabilities, several recommendations for solutions to overcome them will be identified. Each stage of penetration testing will use several supporting tools. Besides that, website security testing is also carried out by carrying out sql injection attacks and xss attacks."

"ABSTRAKJaringan nirkabel atau wireless adalah salah satu media atau sistem transmisi data yang menggunakan gelombang radio sebagai media transmisinya dan sebuah pengembangan dari jaringan komputer yang sebelumnya menggunakan kabel sebagai media penghubungnya. Nirkabel memanfaatkan udara/gelombang elektromagnetik sebagai media lalu lintas pertukaran data. Namun seiring perkembangannya, keamanan pada jaringan nirkabel ternyata cukup rentan, dan memberikan potensi yang cukup tinggi bagi para hacker. Keamanan jaringan mempunyai dampak yang besar bagi dunia terhadap penggunaannya, seluruh informasi dapat dikirimkan dan diterima tanpa menggunakan kabel. Jaringan nirkabel menyediakan semua fungsi yang sama seperti jaringan kabel tanpa adanya perangkat fisik. Tujuan utama dari studi ini ialah mendemonstrasikan dan menganalisis jenis variasi serangan yang dapat ditemui saat menggunakan jaringan nirkabel sekaligus mitigasi terhadap serangan yang terjadi. Jaringan nirkabel memiliki banyak celah dalam penggunaannya. Pada studi kali ini akan digunakan software yaitu Kali Linux 3.0 adalah open source yang digunakan untuk melakukan uji penetrasi. Uji penetrasi akan dilakukan menggunakan beberapa metode yang nantinya studi ini akan memeberikan edukasi kepada setiap orang agar lebih berhati-hati dalam mengakses jaringan nirkabel di rumah maupun tempat umum.

---

ABSTRACTWireless or wireless network is one media or data transmission system that uses radio waves as transmission media and is a development of a computer network that previously used the cable as a connector. Wireless utilize air electromagnetic waves as a medium of traffic exchange data. But over the development of security on wireless networks was quite vulnerable, and provide a high enough potential for hackers. Network security has a major impact on the world for its use, all information can be sent and received without the use of cables. Wireless networks provide all the same functions as cable networks in the absence of physical devices. The main purpose of this study is to demonstrate and analyze the types of attack variations that can be encountered when using wireless networks and also how to mitigate them. Wireless networks have many loopholes in its use. In this study will be used software that is Kali Linux 3.0 is open source used to do penetration test. The penetration test will be conducted using several methods that will provide education for everyone to be more careful in accessing wireless networks at home and public places. "

"Machine generated contents note: Chapter 0: Introduction Chapter 1: Introduction to Command Shell Scripting Chapter 2: Introduction to Python Chapter 3: Introduction to Perl Chapter 4: Introduction to Ruby Chapter 5: Introduction to Web Scripting with PHP Chapter 6: Manipulating Windows with PowerShell Chapter 7: Scanner Scripting Chapter 8: Information Gathering Chapter 9: Exploitation Scripting Chapter 10: Post-Exploitation Scripting Appendix: Subnetting and CIDR Addresses"

"Professional penetration testing walks you through the entire process of setting up and running a pen test lab. Penetration testing—the act of testing a computer network to find security vulnerabilities before they are maliciously exploited—is a crucial component of information security in any organization. With this book, you will find out how to turn hacking skills into a professional career. Chapters cover planning, metrics, and methodologies; the details of running a pen test, including identifying and verifying vulnerabilities; and archiving, reporting and management practices.Author Thomas Wilhelm has delivered penetration testing training to countless security professionals, and now through the pages of this book you can benefit from his years of experience as a professional penetration tester and educator. After reading this book, you will be able to create a personal penetration test lab that can deal with real-world vulnerability scenarios."

"Hacking and penetration testing with low power devices shows you how to perform penetration tests using small, low-powered devices that are easily hidden and may be battery-powered. It shows how to use an army of devices, costing less than you might spend on a laptop, from distances of a mile or more.Hacking and penetration testing with low power devices shows how to use devices running a version of The Deck, a full-featured penetration testing and forensics Linux distribution, and can run for days or weeks on batteries due to their low power consumption. Author Philip Polstra shows how to use various configurations, including a device the size of a deck of cards that can easily be attached to the back of a computer.While each device running The Deck is a full-featured pen-testing platform, connecting systems together via 802.15.3 networking gives you even more power and flexibility. This reference teaches you how to construct and power these devices, install operating systems, and fill out your toolbox of small low-power devices with hundreds of tools and scripts from the book's companion website. "

"Berkembang pesatnya teknologi informasi saat ini sejalan dengan berkembangnya aplikasi berbasis android dan website. Website umumnya digunakan sebagai media informasi dan komunikasi yang tentunya memiliki peran yang sangat penting. Namun, tidak menutup kemungkinan bahwa terdapat ancaman terkait dengan celah keamanan dari suatu website, baik kejahatan cyber, kebocoran data, pencurian data, dan merusak data maupun hanya ingin mengganggu system tersebut. Sebagai contoh pada website admin Digital Outlet yang merupakan pusat dari pengelolaan suatu website application. Dalam website admin tersebut telah tersimpan data dan informasi penting penggunanya yang bersifat sensitif. Maka, perlu adanya perhatian khusus terkait keamanan website tersebut. Pada penelitian ini akan dilakukan vulnerability assessment dan penetration testing pada situs website Digital Outlet menggunakan metode Information System Security Assessment Framework (ISSAF) dengan melakukan pengujian untuk mencari celah keamanan yang umum terjadi pada website tersebut, khususnya celah keamanan pada Broken Access Control, Cross Site Scripting (XSS), SQL Injection, dan sebagainya. Hasil dari penelitian analisis uji kerentanan yang diperoleh pada website Digital Outlet nantinya akan pergunakan untuk memperbaiki dan meningkatkan keamanan pada website tersebut serta menjadi salah satu referensi dalam memberikan rekomendasi terkait pengembangan framework Basic Development Framework (BDF) untuk management struktur rancang bangun suatu website yang baik dan aman. 

---

The rapid development of information technology is currently in line with the development of Android-based applications and website. Website are generally used as a medium of information and communication which of course has a very important role. However, it is possible that there are threats related to the security gaps of a website, both cyber crime, data leaks, data theft, and damage to data or just wanting to disrupt the system. For example, on the Digital Outlet admin website, which is the center of managing a website application. The admin website has stored important sensitive data and information on its users. So, there needs to be special attention regarding the security of the website. In this research, vulnerability assessment dan penetration testing will be carried out on the Digital Outlet website using the Information System Security Assessment Framework (ISSAF) method by conducting tests to find security holes that commonly occur on the website, especially security holes in Broken Access Control, Cross Site Scripting (XSS), SQL Injection, and so on. The results of the vulnerability test analysis research obtained on the Digital Outlet website will later be used to improve and increase security on the website and become a reference in providing recommendations related to the development of the Basic Development Framework (BDF) framework for the management structure of a good website design and build safe."

"Penetration testing is often considered an art as much as it is a science, but even an artist needs the right brushes to do the job well. Many commercial and open source tools exist for performing penetration testing, but it's often hard to ensure that you know what tools are available and which ones to use for a certain task. Through the next ten chapters, we'll be exploring the plethora of open source tools that are available to you as a penetration tester, how to use them, and in which situations they apply. Open source tools are pieces of software which are available with the source code so that the software can be modified and improved by other interested contributors. In most cases, this software comes with a license allowing for distribution of the modified software version with the requirement that the source code continue to be included with the distribution. In many cases, open source software becomes a community effort where dozens if not hundreds of people are actively contributing code and improvements to the software project. This type of project tends to result in a stronger and more valuable piece of software than what would often be developed by a single individual or small company. While commercial tools certainly exist in the penetration testing space, they're often expensive and, in some cases, too automated to be useful for all penetration testing scenarios. There are many common situations where the open source tools that we will be talking about fill a need better and (obviously) more cost effectively than any commercial tool. The tools that we will be discussing throughout this book are all open source and available for you to use in your work as a penetration tester."