UJI KERENTANAN KEAMANAN PADA APLIKASI WEBSITE APOTEK XYZ MENGGUNAKAN OWASP (Open Website Application Security Project)

Aldio Rasyid, . (2024) UJI KERENTANAN KEAMANAN PADA APLIKASI WEBSITE APOTEK XYZ MENGGUNAKAN OWASP (Open Website Application Security Project). Skripsi thesis, Universitas Pembangunan Nasional Veteran Jakarta.

[img] Text
ABSTRAK.pdf

Download (66kB)
[img] Text
AWAL.pdf

Download (358kB)
[img] Text
BAB 1.pdf
Restricted to Repository UPNVJ Only

Download (58kB)
[img] Text
BAB 2.pdf
Restricted to Repository UPNVJ Only

Download (356kB)
[img] Text
BAB 3.pdf
Restricted to Repository UPNVJ Only

Download (197kB)
[img] Text
BAB 4.pdf
Restricted to Repository UPNVJ Only

Download (3MB)
[img] Text
BAB 5.pdf

Download (114kB)
[img] Text
DAFTAR PUSTAKA.pdf

Download (118kB)
[img] Text
RIWAYAT HIDUP.pdf
Restricted to Repository UPNVJ Only

Download (48kB)
[img] Text
LAMPIRAN.pdf
Restricted to Repository UPNVJ Only

Download (1MB)
[img] Text
HASIL PLAGIARISME.pdf
Restricted to Repository staff only

Download (1MB)
[img] Text
ARTIKEL KI.pdf
Restricted to Repository staff only

Download (381kB)

Abstract

As technology advances, the security of web applications has become an increasingly crucial issue. Websites have become a primary means of communication and transactions in the digital era. However, this growth also brings increased security risks. Vulnerable web applications can lead to data theft, loss of user privacy, or serious business consequences. Therefore, vulnerability testing of web applications is an essential step in protecting against threats. This study focuses on the Apotek XYZ website to identify and analyze its security vulnerabilities using the OWASP Top 10 guidelines. The research process was carried out in three main stages: information gathering, scanning, and testing. The information gathering stage used tools such as Netcraft, Subfinder, Whois, Httprint, Whatweb, and Nmap to identify data related to IP addresses, subdomains, hosting addresses, servers, HTTP headers, and open ports. In the scanning stage, OWASP ZAP identified eight security vulnerabilities, including five medium-risk and three low-risk categories. Penetration testing revealed a total of 8 security vulnerabilities falling into OWASP Top 10 categories with risk severity calculation. Among these findings, one high-risk vulnerabilities, Parameter Tampering, stood out as significant threats. The conclusion of this study highlights the various security vulnerabilities found on the Apotek XYZ website and provides practical recommendations to fix these issues to enhance the application's security. The recommendations for improving the security of the Apotek XYZ website include implementing serverside validation before granting user access, configuring cookies with the HttpOnly flag and SameSite attribute, using parameterized queries to prevent SQL Injection, enforcing strong authorization mechanisms and protecting against URL manipulation, including the X-Frame-Options header to prevent clickjacking, properly configuring error handling to hide sensitive information, removing the X-Powered-By header to obscure server information, regularly updating JavaScript libraries, including csrf_token in forms to protect them automatically, and implementing the Content-Security-Policy header to restrict allowed resource types. Implementing these commendations is expected to improve the security and reliability of the Apotek XYZ website against cyber attacks

Item Type: Thesis (Skripsi)
Additional Information: [No.Panggil: 1910511008] [Pembimbing: Henki Bayu Seta] [Penguji 1: WIdya Cholil] [Penguji 2: Rio Wirawan]
Uncontrolled Keywords: Website, Penetration Testing, OWASP, OWASP Top 10
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Fakultas Ilmu Komputer > Program Studi Informatika (S1)
Depositing User: ALDIO RASYID
Date Deposited: 23 Sep 2024 06:48
Last Modified: 30 Sep 2024 03:31
URI: http://repository.upnvj.ac.id/id/eprint/31784

Actions (login required)

View Item View Item