Syifa Sabrina Anelia, . (2021) UJI PENETRASI SERVER UNIVERSITAS PQR MENGGUNAKAN METODE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST SP 800-115). Skripsi thesis, Universitas Pembangunan Nasional Veteran Jakarta.
Text
ABSTRAK.pdf Download (144kB) |
|
Text
AWAL.pdf Download (945kB) |
|
Text
BAB 1.pdf Download (25kB) |
|
Text
BAB 2.pdf Restricted to Repository UPNVJ Only Download (243kB) |
|
Text
BAB 3.pdf Restricted to Repository UPNVJ Only Download (136kB) |
|
Text
BAB 4.pdf Restricted to Repository UPNVJ Only Download (2MB) |
|
Text
BAB 5.pdf Download (15kB) |
|
Text
DAFTAR PUSTAKA.pdf Download (149kB) |
|
Text
RIWAYAT HIDUP.pdf Restricted to Repository UPNVJ Only Download (97kB) |
|
Text
LAMPIRAN.pdf Restricted to Repository UPNVJ Only Download (1MB) |
|
Text
ARTIKEL KI.pdf Restricted to Repository staff only Download (1MB) |
Abstract
Security threats in the form of cyber attacks have occurred in several universities, schools, and even hospitals. Important data located on an organization's servers can be hacked and accessed by unauthorized persons. One way to avoid hacking is to close any security holes that the system might have. Before closing the security gap, of course, we must know the existing security holes by doing tests like hackers do, but with an approved procedure. In this study, penetration testing was carried out to test vulnerabilities and find weaknesses that exist on the PQR University’s server that stores student personal data. The penetration test conducted in this study uses the National Institute of Standards and Technology (NIST SP 800-115) method which consists of 4 testing phases, namely the planning phase, discovery phase, attack phase, and reporting phase. The results obtained in this study are the discovery of 13 vulnerabilities that can be exploited with details of 2 vulnerabilities including critical categories, namely Default Credentials and PHP Unsupported Version Detection, 3 vulnerabilities including high categories, namely SSL Version 2 and 3 Protocol Detection, PHP < 7.3.24 Multiple Vulnerabilities , SSL Medium Strength Cipher Suites Supported (SWEET32), 8 vulnerabilities including medium categories namely SSL Certificate Cannot Be Trusted, SSL Self-Signed Certificate, TLS Version 1.0 Protocol Detection, PHPinfo() Information Disclosure, Unencrypted Password Form, HTTP TRACE / TRACK Methods Allowed, SSL Certificate Expiry, SSL RC4 Cipher Suites Supported (Bar Mitzvah), and 1 vulnerability is a false positive that is PHP < 7.1.33 / 7.2.x < 7.2.24 / 7.3.x < 7.3.11 Remote Code Execution Vulnerability.
Item Type: | Thesis (Skripsi) |
---|---|
Additional Information: | [No. Panggil: 1710511076], [Pembimbing 1: Jayanta], [Pembimbing 2: Bayu Hananto], [Penguji 1: Henki Bayu Seta], [Penguji 2: I Wayan Widi Pradnyana] |
Uncontrolled Keywords: | Penetration Testing, NIST SP 800-115, Data Security |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Divisions: | Fakultas Ilmu Komputer > Program Studi Informatika (S1) |
Depositing User: | Syifa Sabrina Anelia |
Date Deposited: | 21 Dec 2021 07:43 |
Last Modified: | 21 Dec 2021 07:43 |
URI: | http://repository.upnvj.ac.id/id/eprint/11236 |
Actions (login required)
View Item |