Hasil Pencarian  ::  Simpan CSV :: Kembali

Abstrak :
Berdasarkan Lanskap Keamanan Siber Indonesia 2022, BSSN melaporkan terdapat 4.421.992 aktivitas APT dan 2.348 kasus defacement web di Indonesia pada tahun itu. Serangan yang ditujukan pada aplikasi web berfokus pada kelemahan aplikasi, yang disebut kelemahan atau celah keamanan. Akibatnya, penting untuk melakukan analisis dan evaluasi domain website organisasi riset tersebut. Metode yang digunakan adalah analisa deskriptif, yaitu data yang diperoleh disajikan dalam bentuk kalimat yang dideskripsikan. Sehingga memberikan kejelasan dari hasil analisis yang dilakukan. Indeks Keamanan Informasi (KAMI) sebagai alat untuk menilai kesiapan implementasi keamanan data. Serangkaian pertanyaan yang berkaitan dengan berbagai aspek digunakan untuk melakukan evaluasi. Kemudian OWASP ZAP sebagai tools vulnerability scanning, digunakan untuk mengidentifikasi tingkat kemungkinan kerentanan pada aplikasi berbasis web. Pada penelitian ini melakukan analisis dan evaluasi terhadap domain dan subdomain xyz.go.id yang terdapat di organisasi riset. Langkah pertama pengumpulan data target, selanjutnya dilakukan pengukuran dan pengujian tools dengan menggunakan Indeks KAMI pada kategori Sistem Eletronik. Langkah berikutnya dengan aplikasi OWASP ZAP digunakan untuk pengujian vulnerability scanning pada domain target. Data hasil DNSDumpster digunakan, dimana beberapa domain website xyz.go.id dijadikan sasaran penelitian untuk vulnerability scanning. Hasil penilaian Indeks KAMI menunjukkan bahwa 4 subdomain dianggap tergolong tinggi. Kemudian berdasarkan pengujian vulnerability scanning terhadap domain website xyz.go.id memiliki kerentanan dengan kategori low terdapat 15 peringatan, medium terdapat 32 peringatan, high terdapat 4 peringatan dan informational terdapat 20 peringatan. Dari hasil pengujian dapat dibuktikan pendeteksian dengan vulnerability scanning pada OWASP ZAP sangat efektif, meskipun ini tool open source sehingga tidak perlu menggunakan tool berbayar. ......Based on the Indonesian Cybersecurity Landscape 2022, BSSN reported 4,421,992 APT activities and 2,348 web defacement cases in Indonesia that year. Attacks aimed at web applications focus on application weaknesses, called security flaws or gaps. As a result, it is important to conduct an analysis and evaluation of the research organization's website domain. The method used is descriptive analysis, in which the data obtained is presented in the form of sentences that are described. Information Security Index (KAMI Index) as a tool to assess the readiness of data security implementation A series of questions relating to various aspects are used to conduct the evaluation. Then OWASP ZAP as a vulnerability scanning tool, was used to identify the level of possible vulnerabilities in web-based applications. In this study, the analysis and evaluation of xyz.go.id domains and subdomains found in research organizations. The first step is collecting target data, then measuring and testing tools using the KAMI Index in the Electronic Systems category. The next step with the OWASP ZAP application is vulnerability scanning testing on the target domain. DNSDumpster result data is used, and several xyz.go.id website domains are used as research material for vulnerability scanning. The results of the KAMI Index assessment show that 4 subdomains are considered high. Then based on vulnerability scanning testing of the xyz.go.id website domain, it has a vulnerability with a low category of 15 warnings, a medium category of 32 warnings, a high category of 4 warnings, and an informational category of 20 warnings. From the test results, it can be proven that detection with vulnerability scanning on OWASP ZAP is very effective, even though this is an open source tool, so there is no need to use paid tools.

Abstrak :
Penggunaan internet terus meningkat dengan penggunaan untuk kepentingan yang makin beragam pula, termasuk dalam sebuah bisnis. Hal ini menyebabkan makin banyaknya pula data yang tersimpan dan terekspos di internet. Banyaknya data tersebut tidak diiringi dengan kesadaran terhadap seberapa penting kerahasiaan dan keamanannya. Ini menimbulkan potensi kejahatan yang biasa dikenal dengan cybercrime. Korban dari kejahatan siber dapat mengalami kerugian, mencakup rusaknya reputasi perusahaan atau organisasi hingga kerugian finansial. Untuk itu, penelitian ini bertujuan untuk mengidentifikasi kerentanan yang dimiliki oleh sebuah web application yang menjadi sistem pelacakan dan pemantauan aset. Penelitian ini dilakukan dengan pendekatan uji penetrasi menggunakan kerangka kerja dari OWASP (Open Worldwide Application Security Project). Framework ini berfokus pada keamanan dari web application sehingga sesuai dengan target pengujian dari penelitian ini. Penelitian ini mencakup information gathering dan 3 (tiga) metode pengujian mengacu pada OWASP WSTG, yaitu authentication testing, authorization testing, dan input validation testing dengan total 8 (delapan) metode pengujian yang dipilih. Dari hasil uji penetrasi yang dilakukan, ditemukan 4 kerentanan yang berhasil dieksploitasi. Keempat kerentanan tersebut kemudian dianalisis menggunakan OWASP Risk Rating Methodology dengan hasil akhir poin likelihood 6,5 (HIGH) dan impact 3,21 (MEDIUM). Hasil ini menunjukkan overall risk severity dari web application target yang diuji memiliki tingkat kerentanan tinggi. ......The increasing use of the internet for a wide range of purposes, including business, has led to a significant growth in the amount of data stored and exposed online. However, this increase in data is not matched by an awareness of the importance of its confidentiality and security. This situation creates the potential for cybercrime, which can cause substantial harm, including damage to the reputation of a company or organization and financial losses. Therefore, this research aims to identify vulnerabilities in a web application used as an asset tracking and monitoring system. The study employs a penetration testing approach using the OWASP (Open Worldwide Application Security Project) framework. This framework focuses on web application security, making it suitable for the research's testing targets. The study involves information gathering and three testing methods from the OWASP WSTG: authentication testing, authorization testing, and input validation testing, using a total of eight selected testing methods. The penetration testing results revealed four exploitable vulnerabilities. These vulnerabilities were analyzed using the OWASP Risk Rating Methodology, resulting in a final likelihood score of 6.5 (HIGH) and an impact score of 3.21 (MEDIUM). These results indicate that the overall risk severity of the tested web application has a high level of vulnerability.

Abstrak :
The basics of web hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities. The basics of web hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user. With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose.