IPB University Logo

SCIENTIFIC REPOSITORY

IPB University Scientific Repository collects, disseminates, and provides persistent and reliable access to the research and scholarship of faculty, staff, and students at IPB University

AI Repository
 
Building and Categories


      View Item 
      •   IPB Repository
      • Final Assignments
      • Undergraduate Final Assignments
      • UF - School of Data Science, Mathematic and Informatics
      • UF - Computer Science
      • View Item
      •   IPB Repository
      • Final Assignments
      • Undergraduate Final Assignments
      • UF - School of Data Science, Mathematic and Informatics
      • UF - Computer Science
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      Pengujian Penetrasi Aplikasi Web XXX dan YYY Menggunakan Metodologi OWASP Web Application Security Testing

      Thumbnail
      View/Open
      Cover (420.5Kb)
      Fulltext (811.6Kb)
      Lampiran (465.9Kb)
      Date
      2026
      Author
      ZAHRAN, MUHAMMAD
      Wahjuni, Sri
      Mushthofa
      Metadata
      Show full item record
      Abstract
      Seiring dengan banyaknya bisnis yang menggunakan internet untuk menawarkan produk dan layanan mereka, aplikasi berbasis web telah menjadi tulang punggung masyarakat digital modern kita. Namun, ketergantungan terhadap aplikasi web menarik perhatian dari pelaku jahat untuk menyelinap ke dalam sistem demi keuntungan pribadi. Pada tahun 2024, aplikasi web menjadi vektor aksi kebocoran data yang paling banyak digunakan oleh penyerang. Penelitian ini bertujuan untuk mengidentifikasi dan menganalisis kerentanan pada aplikasi XXX dan YYY, yang merupakan sistem informasi penting di lingkungan suatu perguruan tinggi. Pendekatan yang digunakan adalah pengujian penetrasi dengan metode OWASP Web Application Security Testing (WAST) berdasarkan panduan OWASP Web Security Testing Guide (WSTG). Hasil pengujian menunjukkan adanya kelemahan mendasar pada manajemen identitas dan kontrol akses, yang memungkinkan manipulasi role pengguna menjadi admin, serta inkonsistensi dalam implementasi role-based access control. Kerentanan XSS tersimpan memperparah keadaan karena memperluas permukaan serangan dengan lebih memungkinkan seorang pengguna biasa mendapatkan identitas pengguna lain sehingga dapat melakukan aksi di luar wewenangnya. Dan di luar kelemahan-kelemahan mendasar tersebut, ditemukan kerentanan yang paling fatal, yaitu kerentanan tingkat kritikal berupa remote command execution yang memungkinkan seorang pengguna mengambil alih server sepenuhnya.
       
      As more businesses rely on the internet to offer their products and services, web-based applications have become the backbone of modern digital society. However, this dependence on web applications has also attracted malicious actors seeking to infiltrate systems for personal gain. In 2024, web applications became the most commonly exploited vector in data breach incidents. This study aims to identify and analyze vulnerabilities in the XXX dan YYY applications, which are critical information system within a higher education institution. The approach used in this research is penetration testing based on the OWASP Web Application Security Testing (WAST) methodology from the OWASP Web Security Testing Guide (WSTG). The testing results revealed fundamental weaknesses in identity management and access control, allowing users to manipulate their roles into administrator privileges, as well as inconsistencies in the implementation of role-based access control. Stored XSS vulnerabilities further worsen the situation by expanding the attack surface, enabling ordinary users to obtain other users' identities and perform actions beyond their authorized privileges. Beyond these fundamental weaknesses, the most severe finding was a critical remote command execution vulnerability that allowed a user to fully compromise the server.
       
      URI
      http://repository.ipb.ac.id/handle/123456789/174078
      Collections
      • UF - Computer Science [106]

      Copyright © 2020 Library of IPB University
      All rights reserved
      Contact Us | Send Feedback
      Indonesia DSpace Group 
      IPB University Scientific Repository
      UIN Syarif Hidayatullah Institutional Repository
      Universitas Jember Digital Repository
        

       

      Browse

      All of IPB RepositoryCollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

      My Account

      Login

      Application

      google store

      Copyright © 2020 Library of IPB University
      All rights reserved
      Contact Us | Send Feedback
      Indonesia DSpace Group 
      IPB University Scientific Repository
      UIN Syarif Hidayatullah Institutional Repository
      Universitas Jember Digital Repository