PENERAPAN TEKNIK PENETRATION TESTING TERHADAP CROSS SITE SCRIPTING (XSS) DALAM PENGEMBANGAN WEBSITE
:
Abstract
The increasing use of websites in various aspects of daily life has led to an urgent need to ensure the security of the information presented. One of the significant threats in website security is Cross-Site Scripting (XSS), where an attacker inserts malicious code into a web page to be executed by the user. This research aims to apply penetration testing techniques as a method to detect and resolve XSS vulnerabilities in website development. The research was conducted through three stages: installation of software to support penetration testing, execution of penetration testing using OWASP ZAP to identify vulnerabilities, and evaluation and implementation of solutions to address the vulnerabilities found. The results show that the implementation of the htmlspecialchars function in PHP is effective in preventing the execution of malicious scripts, thereby reducing the risk of XSS attacks. In addition, penetration testing techniques proved to be an effective method in identifying and mitigating security risks in web applications. Thus, this research emphasizes the importance of thorough security testing and implementation of appropriate preventive measures to maintain the integrity and user trust of web applications.
Downloads
References
S. Parulian, D. A. Pratiwi, and M. Cahya Yustina, “Ancaman dan Solusi Serangan Siber di Indonesia.” [Online]. Available: http://ejournal.upi.edu/index.php/TELNECT/
I. B. I. Dewangkara, K. S. Santi, V. A. Putri, and I. M. E. Listartha, “Penerapan Analisis Kerentanan XSS dan Rate Limiting pada Situs Web MTsN 3 Negara Menggunakan OWASP ZAP.” [Online]. Available: https://www.zaproxy.org/download/.
I. Rochmawati, “Analisis User Interface Situs Web Iwearup.Com,” 2019. [Online]. Available: www.iwearup.com
A. Sultan Hakim, T. Adi Cahyanto, and H. Azizah, “Serangan Cross-Site Scripting (Xss) Berdasarkan Base Metric CVSS V.2.”
S. Suroto and A. Asman, “Ancaman Terhadap Keamanan Informasi Oleh Serangan Cross-Site Scripting (XSS) Dan Metode Pencegahannya,” 2021. [Online]. Available: http://www.hackers.com?yid=
P. Negeri, K. / Jurusan, T. Elektro, T. Komputer, and D. Jaringan, “Analisis Cross-Site Scripting (Xss) Injection-Reflected Xss And Stored Xss Mengggunakan Framework OWASP 10 Indah O. Laleb”, [Online]. Available: http://attack.com/page.php?something=someth
I. Y. Prabhaswara, I. Made, A. D. Suarjaya, N. Kadek, and D. Rusjayanthi, “Pengembangan Engine Web Crawler Sebagai Pencari Jejak Serangan Cyber Stored Cross-Site Scripting,” 2023.
M. I. Hany, A. Bhawiyuga, and A. Kusyanti, “Implementasi Cross Site Scripting Vulnerability Assessment Tools berdasarkan OWASP Code Review,” 2021. [Online]. Available: http://j-ptiik.ub.ac.id
A. Hidayat, Y. Samudra, P. Lely, and P. Andriyanto, “AMMA : Jurnal Pengabdian Masyarakat Sosialisasi Pengenalan Pentingnya Cyber Security Bagi Siswa Untuk Membangun Keamanan Informasi Dalam Era Digital,” vol. 2, no. 5, 2023.
E. Novianto et al., “Some rights reserved BY-NC-SA 4.0 International License Keamanan Informasi (Information Security) Pada Aplikasi Sistem Informasi Manajemen Sumber Daya Manusia 1),” vol. 8, no. 1, pp. 10–15, 2023, doi: 10.36341/rabit.vx8i1.2966.
E. W. Tyas Darmaningrat et al., “Sosialisasi Bahaya dan Upaya Pencegahan Social Engineering untuk Meningkatkan Kesadaran Masyarakat tentang Keamanan Informasi,” Sewagati, vol. 6, no. 2, Feb. 2022, doi: 10.12962/j26139960.v6i2.92.
M. A. Z. Risky and Y. Yuhandri, “Optimalisasi dalam Penetrasi Testing Keamanan Website Menggunakan Teknik SQL Injection dan XSS,” Jurnal Sistim Informasi dan Teknologi, pp. 215–220, Aug. 2021, doi: 10.37034/jsisfotek.v3i4.68.
S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP).” [Online]. Available: http://jurnal.itg.ac.id/
M. Rozali and M. Dayan Sinaga, “Diagnosis Keamanan Web Menggunakan Metode Uji Penetrasi Website Sekolah Web Security Diagnosis Using School Website Penetration Test Method,” 2024, [Online]. Available: http://kti.potensi-utama.ac.id/index.php/JID
D. F. Priambodo, A. D. Rifansyah, and M. Hasbi, “Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating,” Teknika, vol. 12, no. 1, pp. 33–46, Feb. 2023, doi: 10.34148/teknika.v12i1.571.
A. Elanda and R. Lintang Buana, “Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada Stmik Rosma Dengan Menggunakan OWASP TOP 10,” 2021.
K. Nisa, A. Putra, R. A. Siregar, and M. Dedi Irawan, “Bulletin of Information Technology (BIT) Analisis Website Tapanuli Tengah Menggunakan Metode Open Web Application Security Project Zap (Owasp Zap),” vol. 3, no. 4, pp. 308–316, 2022, doi: 10.47065/bit.v3i1.
I. Riadi, R. Umar, T. Lestari, S. Informasi, and U. Ahmad Dahlan, “Analisis Kerentanan Serangan Cross Site Scripting (XSS) pada Aplikasi Smart Payment Menggunakan Framework OWASP,” 2020.
D. E. Narhudin, B. Irawan, and A. Bahtiar, “Evaluasi Keamanan Website Menggunakan Metode Owasp: Penilaian Terhadap Serangan Injeksi Sql Dan Cross-Site Scripting (XSS),” 2024. [Online]. Available: https://rachmagroup.co.id
A. Wira Utama and A. Senja Fitrani, “Techniques For Testing Website Security Using The Escaping Metacharacter Method Teknik Menguji Keamanan Website Dengan Menggunakan Metode Escaping Metacharacter,” 2022.
Copyright (c) 2024 Rabit : Jurnal Teknologi dan Sistem Informasi Univrab
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright Notice
The copyright of the received article shall be assigned to the publisher of the journal. The intended copyright includes the right to publish the article in various forms (including reprints). The journal maintains the publishing rights to published articles. Therefore, the author must submit a statement of the Copyright Transfer Agreement.*)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
In line with the license, authors and any users (readers and other researchers) are allowed to share and adapt the material only for non-commercial purposes. In addition, the material must be given appropriate credit, provided with a link to the license, and indicated if changes were made. If authors remix, transform or build upon the material, authors must distribute their contributions under the same license as the original.
Please find the rights and licenses in RABIT : Jurnal Teknologi dan Sistem Informasi Univrab. By submitting the article/manuscript of the article, the author(s) accept this policy.
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
2. Author’s Warranties
The author warrants that the article is original, written by stated author(s), has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author(s).
3. User Rights
RABIT's spirit is to disseminate articles published are as free as possible. Under the Creative Commons license, RABIT permits users to copy, distribute, display, and perform the work for non-commercial purposes only. Users will also need to attribute authors and RABIT on distributing works in the journal.
4. Rights of Authors
Authors retain all their rights to the published works, such as (but not limited to) the following rights;
- Copyright and other proprietary rights relating to the article, such as patent rights,
- The right to use the substance of the article in own future works, including lectures and books,
- The right to reproduce the article for own purposes,
- The right to self-archive the article,
- The right to enter into separate, additional contractual arrangements for the non-exclusive distribution of the article's published version (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal (RABIT : Jurnal Teknologi dan Sistem Informasi Univrab).
5. Co-Authorship
If the article was jointly prepared by other authors, any authors submitting the manuscript warrants that he/she has been authorized by all co-authors to be agreed on this copyright and license notice (agreement) on their behalf, and agrees to inform his/her co-authors of the terms of this policy. RABIT will not be held liable for anything that may arise due to the author(s) internal dispute. RABIT will only communicate with the corresponding author.
6. Royalties
This agreement entitles the author to no royalties or other fees. To such extent as legally permissible, the author waives his or her right to collect royalties relative to the article in respect of any use of the article by RABIT.
7. Miscellaneous
RABIT will publish the article (or have it published) in the journal if the article’s editorial process is successfully completed. RABIT's editors may modify the article to a style of punctuation, spelling, capitalization, referencing and usage that deems appropriate. The author acknowledges that the article may be published so that it will be publicly accessible and such access will be free of charge for the readers as mentioned in point 3.
PDF (Bahasa Indonesia)
Abstract views: 38
downloads: 28
