UJI PENETRASI SERVER UNIVERSITAS PQR MENGGUNAKAN METODE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST SP 800-115)

Syifa Sabrina Anelia, . (2021) UJI PENETRASI SERVER UNIVERSITAS PQR MENGGUNAKAN METODE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST SP 800-115). Skripsi thesis, Universitas Pembangunan Nasional Veteran Jakarta.

[img] Text
ABSTRAK.pdf
Download (144kB)
[img] Text
AWAL.pdf
Download (945kB)
[img] Text
BAB 1.pdf
Download (25kB)
[img] Text
BAB 2.pdf
Restricted to Repository UPNVJ Only
Download (243kB)
[img] Text
BAB 3.pdf
Restricted to Repository UPNVJ Only
Download (136kB)
[img] Text
BAB 4.pdf
Restricted to Repository UPNVJ Only
Download (2MB)
[img] Text
BAB 5.pdf
Download (15kB)
[img] Text
DAFTAR PUSTAKA.pdf
Download (149kB)
[img] Text
RIWAYAT HIDUP.pdf
Restricted to Repository UPNVJ Only
Download (97kB)
[img] Text
LAMPIRAN.pdf
Restricted to Repository UPNVJ Only
Download (1MB)
[img] Text
ARTIKEL KI.pdf
Restricted to Repository staff only
Download (1MB)

Abstract

Security threats in the form of cyber attacks have occurred in several universities, schools, and even hospitals. Important data located on an organization's servers can be hacked and accessed by unauthorized persons. One way to avoid hacking is to close any security holes that the system might have. Before closing the security gap, of course, we must know the existing security holes by doing tests like hackers do, but with an approved procedure. In this study, penetration testing was carried out to test vulnerabilities and find weaknesses that exist on the PQR University’s server that stores student personal data. The penetration test conducted in this study uses the National Institute of Standards and Technology (NIST SP 800-115) method which consists of 4 testing phases, namely the planning phase, discovery phase, attack phase, and reporting phase. The results obtained in this study are the discovery of 13 vulnerabilities that can be exploited with details of 2 vulnerabilities including critical categories, namely Default Credentials and PHP Unsupported Version Detection, 3 vulnerabilities including high categories, namely SSL Version 2 and 3 Protocol Detection, PHP < 7.3.24 Multiple Vulnerabilities , SSL Medium Strength Cipher Suites Supported (SWEET32), 8 vulnerabilities including medium categories namely SSL Certificate Cannot Be Trusted, SSL Self-Signed Certificate, TLS Version 1.0 Protocol Detection, PHPinfo() Information Disclosure, Unencrypted Password Form, HTTP TRACE / TRACK Methods Allowed, SSL Certificate Expiry, SSL RC4 Cipher Suites Supported (Bar Mitzvah), and 1 vulnerability is a false positive that is PHP < 7.1.33 / 7.2.x < 7.2.24 / 7.3.x < 7.3.11 Remote Code Execution Vulnerability.

Item Type: Thesis (Skripsi)
Additional Information: [No. Panggil: 1710511076], [Pembimbing 1: Jayanta], [Pembimbing 2: Bayu Hananto], [Penguji 1: Henki Bayu Seta], [Penguji 2: I Wayan Widi Pradnyana]
Uncontrolled Keywords: Penetration Testing, NIST SP 800-115, Data Security
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Fakultas Ilmu Komputer > Program Studi Informatika (S1)
Depositing User: Syifa Sabrina Anelia
Date Deposited: 21 Dec 2021 07:43
Last Modified: 21 Dec 2021 07:43
URI: http://repository.upnvj.ac.id/id/eprint/11236

Actions (login required)

View Item View Item