The Security Gap Analysis of the Sorong Ministry of Health Polytechnic Website Using the Penetration Testing Method
##plugins.themes.bootstrap3.article.main##
Abstract
Currently, information technology is very necessary, in the digital era cybersecurity is one of the main factors for an institution to survive and be recognized for its credibility, including educational institutions, the Poltekkes Sorong Website is used as the main portal or media to disseminate academic information, interaction between students and the public, However, the existence of security gaps is something that allows cyber attacks to be carried out which can endanger data confidentiality. This study aims to analyze the security gaps in the Poltekkes Kemenkes Sorong website, the testing carried out using the penetration testing method which has several stages including collecting scanning information, vulnerability analysis. So that this study can provide guidance and practice for information system managers at Poltekkes Kemenkes Sorong to reduce the risk of cyber attacks and protect sensitive data held by the institution.
##plugins.themes.bootstrap3.article.details##
Section
Articles
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The writer agreed that the article copyright by Smatika journal and the writer has the right to disseminate the paper published without permission in advance.
References
[1] A. Alanda, D. Satria, M. I. Ardhana, A. A. Dahlan, and H. A. Mooduto, “Web application penetration testing using sql injection attack,” International Journal on Informatics Visualization, vol. 5, no. 3, pp. 320–326, 2021, doi: 10.30630/joiv.5.3.470.
[2] S. Alazmi and D. C. De Leon, “A Systematic Literature Review on the Characteristics and Effectiveness of Web Application Vulnerability Scanners,” IEEE Access, vol. 10, pp. 33200–33219, 2022, doi: 10.1109/ACCESS.2022.3161522.
[3] M. Aurangzeb et al., “Enhancing cybersecurity in smart grids: Deep black box adversarial attacks and quantum voting ensemble models for blockchain privacy-preserving storage,” Energy Reports, vol. 11, no. August 2023, pp. 2493–2515, 2024, doi: 10.1016/j.egyr.2024.02.010.
[4] M. H. Romadhon and Y. Yudhistira, “Sistem Informasi Rental Mobil Berbsasis Android Dan Website Menggunakan Framework Codeigniter 3 Studi Kasus : CV Kopja Mandiri,” vol. 2, no. 1, pp. 30–36, 2021.
[5] A. Kusumaningrum, H. Wijayanto, and B. D. Raharja, “Pengukuran Tingkat Kesadaran Keamanan Siber di Kalangan Mahasiswa saat Study From Home dengan Multiple Criteria Decision Analysis ( MCDA ),” no. 1, pp. 69–78, 2022.
[6] L. Kestina and G. W. Nurcahyo, “Penanganan Celah Keamanan Website dengan Ethical Hacking dan Issaf Menggunakan Acunetix Vulnerability ( Studi Kasus di Bkpsdmd Kabupaten Kerinci ),” vol. 3, pp. 9192–9203, 2023.
[7] A. Bastian, H. Sujadi, and L. Abror, “ANALISIS KEAMANAN APLIKASI DATA POKOK PENDIDIKAN ( DAPODIK ) MENGGUNAKAN PENETRATION TESTING DAN SQL INJECTION,” pp. 65–70, 2017.
[8] Andria, “Analisis Celah Keamanan Website Menggunakan Tools WEBPWN3R di Kali Linux,” Generation Journal, vol. 4, no. 2, pp. 69–76, 2020.
[9] Fikriyadi, Ritzkal, and B. A. Prakosa, “Security Analysis of Wireless Local Area Network (WLAN) Network with the Penetration Testing Method,” Jurnal Mantik, vol. 4, no. 3, pp. 1658–1662, 2020.
[10] S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),” Jurnal Algoritma, vol. 18, no. 1, pp. 77–86, 2021, doi: 10.33364/algoritma/v.18-1.827.
[11] Y. A. Pohan, Yuhandri Yunus, and Sumijan, “Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar,” Jurnal Sistim Informasi dan Teknologi, vol. 3, pp. 1–6, 2021, doi: 10.37034/jsisfotek.v3i1.36.
[12] H. Alfidzar and B. Parga Zen, “Implementasi HoneyPy Dengan Malicious Traffic Detection System (Maltrail) Guna Mendeteksi Serangan DOS Pada Server,” Journal of Informatics, Information System, Software Engineering and Applications, vol. 4, no. 2, pp. 32–045, 2022.
[13] F. Setyawan, Rasyidah, and H. Amnur, “Keamanan Jaringan Wireless Dengan Kali Linux,” JITSI : Jurnal Ilmiah Teknologi Sistem Informasi, vol. 3, no. 1, pp. 16–22, 2022, doi: 10.30630/jitsi.3.1.57.
[14] A. Wahid, I. Juliady, S. G. Zain, and J. M. Parenreng, “Secure Wireless Sensor Network using Cryptography for Smart Farming Systems,” Internet of Things and Artificial Intelligence Journal, vol. 2, no. 4, pp. 248–262, 2022, doi: 10.31763/iota.v2i4.554.
[15] R. Hermawan, “Teknik Uji Penetrasi Web Server Menggunakan SQL Injection dengan SQLmap di Kalilinux,” STRING (Satuan Tulisan Riset dan Inovasi Teknologi), vol. 6, no. 2, p. 210, 2021, doi: 10.30998/string.v6i2.11477.
[16] L. A. Nugraha, I. A. Kautsar, and A. S. Fitrani, “SQL Injection: Analisis Efektivitas Uji Penetrasi dalam Aplikasi Web,” Smatika Jurnal, vol. 14, no. 01, pp. 111–123, 2024, doi: 10.32664/smatika.v14i01.1224.
[17] M. Zidane, “Klasifikasi Serangan Distributed Denial-of-Service ( DDoS ) menggunakan Metode Data Mining Naïve Bayes,” vol. 6, no. 1, pp. 172–180, 2022.
[18] U. Kristen Satya Wacana Salatiga, “Analisa Brute Force Attack menggunakan Scanning Aplikasi pada HTTP Attack Artikel Ilmiah Program Studi Teknik Informatika Fakultas Teknologi Informasi,” no. 672010194, 2016.
[19] S. Andriyani, M. F. Sidiq, and B. P. Zen, “Analisis Celah Keamanan Pada Website Dengan Menggunakan Metode Penetration Testing Dan Framework Issaf Pada Website SMK Al-Kautsar,” Journal Informatic and Information Technology, vol. 8798, pp. 1–13, 2023.
[20] Firda Nurelia Syah Putri, Y. B. Utomo, and H. Kurniadi, “Analisa Celah Keamanan Pada Website Pemerintah Kabupaten Kediri Menggunakan Metode Penetration Testing Melalui Kali Linux,” Prosiding SEMNAS INOTEK (Seminar Nasional Inovasi Teknologi), vol. 7, no. 1, pp. 52–59, 2023.
[21] A. M. Akmal, N. Heryana, and Arip Solehudin, “Analisis Keamanan Website Universitas Singaperbangsa Karawang Menggunakan Metode Vulnerability Assessment,” Jurnal Pendidikan dan Konseling, vol. 4, no. 4, pp. 6298–6309, 2022.
[22] S. Eko Prasetyo and N. Hassanah, “Analisis Keamanan Website Universitas Internasional Batam Menggunakan Metode Issaf,” Jurnal Ilmiah Informatika, vol. 9, no. 02, pp. 82–86, 2021, doi: 10.33884/jif.v9i02.3758.
[2] S. Alazmi and D. C. De Leon, “A Systematic Literature Review on the Characteristics and Effectiveness of Web Application Vulnerability Scanners,” IEEE Access, vol. 10, pp. 33200–33219, 2022, doi: 10.1109/ACCESS.2022.3161522.
[3] M. Aurangzeb et al., “Enhancing cybersecurity in smart grids: Deep black box adversarial attacks and quantum voting ensemble models for blockchain privacy-preserving storage,” Energy Reports, vol. 11, no. August 2023, pp. 2493–2515, 2024, doi: 10.1016/j.egyr.2024.02.010.
[4] M. H. Romadhon and Y. Yudhistira, “Sistem Informasi Rental Mobil Berbsasis Android Dan Website Menggunakan Framework Codeigniter 3 Studi Kasus : CV Kopja Mandiri,” vol. 2, no. 1, pp. 30–36, 2021.
[5] A. Kusumaningrum, H. Wijayanto, and B. D. Raharja, “Pengukuran Tingkat Kesadaran Keamanan Siber di Kalangan Mahasiswa saat Study From Home dengan Multiple Criteria Decision Analysis ( MCDA ),” no. 1, pp. 69–78, 2022.
[6] L. Kestina and G. W. Nurcahyo, “Penanganan Celah Keamanan Website dengan Ethical Hacking dan Issaf Menggunakan Acunetix Vulnerability ( Studi Kasus di Bkpsdmd Kabupaten Kerinci ),” vol. 3, pp. 9192–9203, 2023.
[7] A. Bastian, H. Sujadi, and L. Abror, “ANALISIS KEAMANAN APLIKASI DATA POKOK PENDIDIKAN ( DAPODIK ) MENGGUNAKAN PENETRATION TESTING DAN SQL INJECTION,” pp. 65–70, 2017.
[8] Andria, “Analisis Celah Keamanan Website Menggunakan Tools WEBPWN3R di Kali Linux,” Generation Journal, vol. 4, no. 2, pp. 69–76, 2020.
[9] Fikriyadi, Ritzkal, and B. A. Prakosa, “Security Analysis of Wireless Local Area Network (WLAN) Network with the Penetration Testing Method,” Jurnal Mantik, vol. 4, no. 3, pp. 1658–1662, 2020.
[10] S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),” Jurnal Algoritma, vol. 18, no. 1, pp. 77–86, 2021, doi: 10.33364/algoritma/v.18-1.827.
[11] Y. A. Pohan, Yuhandri Yunus, and Sumijan, “Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar,” Jurnal Sistim Informasi dan Teknologi, vol. 3, pp. 1–6, 2021, doi: 10.37034/jsisfotek.v3i1.36.
[12] H. Alfidzar and B. Parga Zen, “Implementasi HoneyPy Dengan Malicious Traffic Detection System (Maltrail) Guna Mendeteksi Serangan DOS Pada Server,” Journal of Informatics, Information System, Software Engineering and Applications, vol. 4, no. 2, pp. 32–045, 2022.
[13] F. Setyawan, Rasyidah, and H. Amnur, “Keamanan Jaringan Wireless Dengan Kali Linux,” JITSI : Jurnal Ilmiah Teknologi Sistem Informasi, vol. 3, no. 1, pp. 16–22, 2022, doi: 10.30630/jitsi.3.1.57.
[14] A. Wahid, I. Juliady, S. G. Zain, and J. M. Parenreng, “Secure Wireless Sensor Network using Cryptography for Smart Farming Systems,” Internet of Things and Artificial Intelligence Journal, vol. 2, no. 4, pp. 248–262, 2022, doi: 10.31763/iota.v2i4.554.
[15] R. Hermawan, “Teknik Uji Penetrasi Web Server Menggunakan SQL Injection dengan SQLmap di Kalilinux,” STRING (Satuan Tulisan Riset dan Inovasi Teknologi), vol. 6, no. 2, p. 210, 2021, doi: 10.30998/string.v6i2.11477.
[16] L. A. Nugraha, I. A. Kautsar, and A. S. Fitrani, “SQL Injection: Analisis Efektivitas Uji Penetrasi dalam Aplikasi Web,” Smatika Jurnal, vol. 14, no. 01, pp. 111–123, 2024, doi: 10.32664/smatika.v14i01.1224.
[17] M. Zidane, “Klasifikasi Serangan Distributed Denial-of-Service ( DDoS ) menggunakan Metode Data Mining Naïve Bayes,” vol. 6, no. 1, pp. 172–180, 2022.
[18] U. Kristen Satya Wacana Salatiga, “Analisa Brute Force Attack menggunakan Scanning Aplikasi pada HTTP Attack Artikel Ilmiah Program Studi Teknik Informatika Fakultas Teknologi Informasi,” no. 672010194, 2016.
[19] S. Andriyani, M. F. Sidiq, and B. P. Zen, “Analisis Celah Keamanan Pada Website Dengan Menggunakan Metode Penetration Testing Dan Framework Issaf Pada Website SMK Al-Kautsar,” Journal Informatic and Information Technology, vol. 8798, pp. 1–13, 2023.
[20] Firda Nurelia Syah Putri, Y. B. Utomo, and H. Kurniadi, “Analisa Celah Keamanan Pada Website Pemerintah Kabupaten Kediri Menggunakan Metode Penetration Testing Melalui Kali Linux,” Prosiding SEMNAS INOTEK (Seminar Nasional Inovasi Teknologi), vol. 7, no. 1, pp. 52–59, 2023.
[21] A. M. Akmal, N. Heryana, and Arip Solehudin, “Analisis Keamanan Website Universitas Singaperbangsa Karawang Menggunakan Metode Vulnerability Assessment,” Jurnal Pendidikan dan Konseling, vol. 4, no. 4, pp. 6298–6309, 2022.
[22] S. Eko Prasetyo and N. Hassanah, “Analisis Keamanan Website Universitas Internasional Batam Menggunakan Metode Issaf,” Jurnal Ilmiah Informatika, vol. 9, no. 02, pp. 82–86, 2021, doi: 10.33884/jif.v9i02.3758.