ANALISIS KERENTANAN WEBSITE PT. PITJARUS DENGAN TIGA TOOLS SCANNING DAN PENETRATION TESTING BLACK BOX BERDASARKAN OWASP TOP 10

Chattelin, . (2026) ANALISIS KERENTANAN WEBSITE PT. PITJARUS DENGAN TIGA TOOLS SCANNING DAN PENETRATION TESTING BLACK BOX BERDASARKAN OWASP TOP 10. Skripsi thesis, Universitas Pembangunan Nasional Veteran Jakarta.

[img] Text
ABSTRAK.pdf
Download (125kB)
[img] Text
AWAL.pdf
Download (2MB)
[img] Text
BAB 1.pdf
Restricted to Repository UPNVJ Only
Download (148kB)
[img] Text
BAB 2.pdf
Restricted to Repository UPNVJ Only
Download (3MB)
[img] Text
BAB 3.pdf
Restricted to Repository UPNVJ Only
Download (489kB)
[img] Text
BAB 4.pdf
Restricted to Repository UPNVJ Only
Download (21MB)
[img] Text
BAB 5.pdf
Download (141kB)
[img] Text
DAFTAR PUSTAKA.pdf
Download (159kB)
[img] Text
LAMPIRAN.pdf
Restricted to Repository UPNVJ Only
Download (22MB)
[img] Text
RIWAYAT HIDUP.pdf
Restricted to Repository UPNVJ Only
Download (309kB)
[img] Text
HASIL PLAGIARISME.pdf
Restricted to Repository staff only
Download (25MB)
[img] Text
ARTIKEL KI.pdf
Restricted to Repository staff only
Download (1MB)

Abstract

The use of websites as core business platforms increases the potential risk of cyber threats to organizational data and information systems. This study aims to assess security vulnerabilities on the PT. Pitjarus website through penetration testing using a black-box approach, guided by the NIST SP 800-115 standard and the OWASP Top 10 2021 framework. The research was conducted through four stages: planning, discovery, attack, and reporting. During the discovery phase, Nslookup and Nmap identified that the target domain is protected by the Cloudflare reverse proxy service, which masks the origin server’s IP address. In addition, scanning with OWASP ZAP detected nine initial indicators of vulnerabilities at the application layer, including potential SQL Injection and Cross-Site Scripting (XSS), classified under the A03: Injection category in the OWASP Top 10 2021. These findings directed the execution of targeted testing in the attack phase, which confirmed two primary vulnerabilities: SQL Injection in the authentication feature and XSS in the task creation feature. Based on CVSS v3.1 scoring, SQL Injection received a score of 7.5 (High), while XSS received a score of 3.9 (Low). The findings demonstrate that reverse proxy protection alone is insufficient to mitigate attacks at the application layer. Accordingly, this study recommends implementing parameterized queries, enforcing server-side input validation and sanitization, and applying the principle of least privilege in database management to further enhance the security posture of the PT. Pitjarus website.

Item Type: Thesis (Skripsi)
Additional Information: [No.Panggil: 2110314042] [Pembimbing 1: Silvia Anggraeni] [Pembimbing 2: Muhamad Alif Razi] [Penguji 1: Ayu Mika Sherila] [Penguji 2: Subekti Ari Santoso]
Uncontrolled Keywords: Penetration Testing, Black Box, NIST SP 800-115, OWASP Top 10, Website Security
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Fakultas Teknik > Program Studi Teknik Elektro (S1)
Depositing User: CHATTELIN
Date Deposited: 13 Mar 2026 05:50
Last Modified: 13 Mar 2026 05:50
URI: http://repository.upnvj.ac.id/id/eprint/49288

Actions (login required)

View Item View Item