Hasil Pencarian  ::  Simpan CSV :: Kembali

Abstrak :
Kemajuan internet kian membuat segala hal serba mudah dan cepat, contohnya yaitu banyaknya kemunculan berbagai jenis website saat ini, baik e-commerce, blog, instansi atau organisasi, dan sebagainya. Salah satu contohnya yaitu adanya website donasi online seperti bukadonasi.com yang menjadi wadah beramal bagi masyarakat. Masyarakat yang ingin membuka donasi perlu registrasi dengan menyertakan data pribadi. Apabila web server dari website donasi online tidak memiliki keamanan yang baik, maka resiko dari pihak yang tidak bertanggung jawab untuk memberi ancaman lewat celah keamanan website tersebut menjadi besar. Data pribadi yang disimpan bukadonasi.com juga memiliki potensi untuk disusupi atau dicuri. Tujuan dari penelitian ini yaitu untuk melakukan antisipasi keamanan dari kerentanan dan ancaman yang ada pada website bukadonasi.com dengan melakukan uji penetrasi menggunakan kerangka Information System Security Assessment Framework (ISSAF). ISSAF memiliki beberapa keunggulan dibandingkan kontrol keamanan lainnya karena ISSAF melakukan pengujian dengan masuk ke dalam sistem target juga. Dari hasil pengujian penetrasi tersebut akan didapatkan rekomendasi kemanan sistem informasi website bukadonasi.com. ......The development of the internet is growing rapidly then making everything easy and fast, for example, the emergence of various types of websites today, whether e-commerce, blogs, agencies or organizations, and so on. One example is the existence of online donation websites such as Bukadonasi.com, which is a place of charity for people. People who want to open donations need to register by including personal data. If the web server of the online donation website does not have good security, then the risk from an irresponsible people to pose a threat through the website's security gap becomes large. Personal data stored by Bukadonasi.com also has the potential to be compromised or stolen. The purpose of this research is to anticipate security from vulnerabilities and threats that exist on the Bukadonasi.com website by conducting a penetration test using the Information System Security Assessment Framework (ISSAF). ISSAF has several advantages over other security controls because ISSAF also performs testing by logging into the target system as well. From the results of the penetration test, recommendations for the security of the information system of the Bukadonasi.com website will be obtained.

Abstrak :
Penetration testing is often considered an art as much as it is a science, but even an artist needs the right brushes to do the job well. Many commercial and open source tools exist for performing penetration testing, but it's often hard to ensure that you know what tools are available and which ones to use for a certain task. Through the next ten chapters, we'll be exploring the plethora of open source tools that are available to you as a penetration tester, how to use them, and in which situations they apply. Open source tools are pieces of software which are available with the source code so that the software can be modified and improved by other interested contributors. In most cases, this software comes with a license allowing for distribution of the modified software version with the requirement that the source code continue to be included with the distribution. In many cases, open source software becomes a community effort where dozens if not hundreds of people are actively contributing code and improvements to the software project. This type of project tends to result in a stronger and more valuable piece of software than what would often be developed by a single individual or small company. While commercial tools certainly exist in the penetration testing space, they're often expensive and, in some cases, too automated to be useful for all penetration testing scenarios. There are many common situations where the open source tools that we will be talking about fill a need better and (obviously) more cost effectively than any commercial tool. The tools that we will be discussing throughout this book are all open source and available for you to use in your work as a penetration tester.

Abstrak :
Machine generated contents note: Chapter 0: Introduction Chapter 1: Introduction to Command Shell Scripting Chapter 2: Introduction to Python Chapter 3: Introduction to Perl Chapter 4: Introduction to Ruby Chapter 5: Introduction to Web Scripting with PHP Chapter 6: Manipulating Windows with PowerShell Chapter 7: Scanner Scripting Chapter 8: Information Gathering Chapter 9: Exploitation Scripting Chapter 10: Post-Exploitation Scripting Appendix: Subnetting and CIDR Addresses

Abstrak :
Penggunaan internet terus meningkat dengan penggunaan untuk kepentingan yang makin beragam pula, termasuk dalam sebuah bisnis. Hal ini menyebabkan makin banyaknya pula data yang tersimpan dan terekspos di internet. Banyaknya data tersebut tidak diiringi dengan kesadaran terhadap seberapa penting kerahasiaan dan keamanannya. Ini menimbulkan potensi kejahatan yang biasa dikenal dengan cybercrime. Korban dari kejahatan siber dapat mengalami kerugian, mencakup rusaknya reputasi perusahaan atau organisasi hingga kerugian finansial. Untuk itu, penelitian ini bertujuan untuk mengidentifikasi kerentanan yang dimiliki oleh sebuah web application yang menjadi sistem pelacakan dan pemantauan aset. Penelitian ini dilakukan dengan pendekatan uji penetrasi menggunakan kerangka kerja dari OWASP (Open Worldwide Application Security Project). Framework ini berfokus pada keamanan dari web application sehingga sesuai dengan target pengujian dari penelitian ini. Penelitian ini mencakup information gathering dan 3 (tiga) metode pengujian mengacu pada OWASP WSTG, yaitu authentication testing, authorization testing, dan input validation testing dengan total 8 (delapan) metode pengujian yang dipilih. Dari hasil uji penetrasi yang dilakukan, ditemukan 4 kerentanan yang berhasil dieksploitasi. Keempat kerentanan tersebut kemudian dianalisis menggunakan OWASP Risk Rating Methodology dengan hasil akhir poin likelihood 6,5 (HIGH) dan impact 3,21 (MEDIUM). Hasil ini menunjukkan overall risk severity dari web application target yang diuji memiliki tingkat kerentanan tinggi. ......The increasing use of the internet for a wide range of purposes, including business, has led to a significant growth in the amount of data stored and exposed online. However, this increase in data is not matched by an awareness of the importance of its confidentiality and security. This situation creates the potential for cybercrime, which can cause substantial harm, including damage to the reputation of a company or organization and financial losses. Therefore, this research aims to identify vulnerabilities in a web application used as an asset tracking and monitoring system. The study employs a penetration testing approach using the OWASP (Open Worldwide Application Security Project) framework. This framework focuses on web application security, making it suitable for the research's testing targets. The study involves information gathering and three testing methods from the OWASP WSTG: authentication testing, authorization testing, and input validation testing, using a total of eight selected testing methods. The penetration testing results revealed four exploitable vulnerabilities. These vulnerabilities were analyzed using the OWASP Risk Rating Methodology, resulting in a final likelihood score of 6.5 (HIGH) and an impact score of 3.21 (MEDIUM). These results indicate that the overall risk severity of the tested web application has a high level of vulnerability.

Abstrak :
Ancaman keamanan terhadap website biasa dihasilkan melalui celah yang memungkinkan pengguna lain melakukan tindak kejahatan. Untuk pemeliharaan keamanan website yang baik, deteksi kerentanan website dapat dilakukan dengan prosedur vulnerability identification dan penetration testing. Penetration Testing Execution Standard (PTES) digunakan pada penelitian ini sebagai kerangka kerja atau framework penetration testing dengan tujuan untuk mendapatkan hasil akhir berupa kerentanan yang dapat mengganggu keamanan website. Terdapat tujuh tahapan yang akan dilakukan pada framework PTES yaitu Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation, dan Reporting. Penetration testing ini juga menerapkan metode blackbox testing. Blackbox testing adalah metode pengujian yang dilakukan tanpa mengetahui informasi apa pun mengenai sistem website. Ditemukan tiga kerentanan dengan tingkat risiko tinggi pada website redstorm setelah melakukan penetration testing dengan framework PTES dan metode blackbox testing, yaitu PII Disclosure, SQL Injection, dan SQL Injection-SQLite. Hasil ini menekankan perlunya penguatan keamanan website dan penerapan langkah-langkah mitigasi yang sesuai untuk melindungi data sensitif dan melawan potensi serangan. Selain itu, penelitian ini menegaskan efektivitas dan relevansi kerangka kerja PTES dalam mengidentifikasi kerentanan keamanan sistem. Implikasi dari temuan ini memberikan kontribusi bagi pengembangan kebijakan keamanan informasi dan penelitian tentang keamanan siber yang lebih lanjut. ...... Security threats to common websites are generated by gaps that allow other users to commit criminal acts. For good website security maintenance, website vulnerability detection can be done with vulnerability identification and penetration testing procedures. The Penetration Testing Execution Standard (PTES) is used in this research as a framework for penetration testing with the aim of obtaining the final result of vulnerabilities that can interfere with the operation of the website. There are seven stages that will be performed on the PTES framework: Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post-exploitation, and Reporting. The penetration test also uses the blackbox testing method. Blackbox testing is a test method that is performed without knowing any information about the website system. Three high-risk vulnerabilities were found on Redstorm websites after performing penetration testing with the PTES framework and blackbox testing methods, namely PII Disclosure, SQL Injection, and SQL injection-SQLite. The results emphasize the need to strengthen website security and implement appropriate mitigation measures to protect sensitive data and counter potential attacks. In addition, the study confirms the effectiveness and relevance of the PTES framework in identifying system security vulnerabilities. The implications of these findings contribute to the development of information security policies and further research on cybersecurity.

Abstrak :

Pertumbuhan penggunaan Windows 11 mendorong perlunya evaluasi terhadap sistem operasi ini. Meski merupakan pembaruan dari Windows 10, fokus utama tetap pada risiko keamanan karena meningkatnya serangan siber. Banyak serangan terjadi di tingkat endpoint, sehingga perlindungan pengguna dan data sangat penting. Penelitian ini mengevaluasi kerentanan keamanan dan potensi serangan pada Windows 11 Home dan Enterprise menggunakan metode Information System Security Assessment Framework (ISSAF). Hasilnya menunjukkan adanya kerentanan signifikan pada protokol SMB dan RDP, dengan Windows 11 Enterprise lebih rentan terhadap serangan tertentu seperti SMB Relay Attack. Risiko lain termasuk potensi instalasi backdoor. Rekomendasi mitigasi meliputi pengaktifan SMB Signing, kebijakan kata sandi kompleks, penonaktifan RDP jika tidak digunakan, dan pengaktifan antivirus. Penelitian ini memberikan wawasan berharga untuk meningkatkan keamanan Windows 11

---

The growth in Windows 11 usage necessitates an evaluation of this operating system. Despite being an update from Windows 10, the main focus remains on security risks due to the increasing complexity of cyber attacks. Many attacks occur at the endpoint level, making user and data protection crucial. This study evaluates security vulnerabilities and potential attacks on Windows 11 Home and Enterprise using the Information System Security Assessment Framework (ISSAF) method. The results show significant vulnerabilities in the SMB and RDP protocols, with Windows 11 Enterprise being more susceptible to certain attacks such as SMB Relay Attack. Other risks include potential backdoor installations. Recommended mitigations include enabling SMB Signing, implementing complex password policies, disabling RDP if not in use, and activating antivirus software. This research provides valuable insights for enhancing the security of Windows 11.

Abstrak :
Keamanan website adalah komponen penting untuk melindungi dan mengamankan situs web dan server. Situs Web dipindai untuk mengetahui kerentanan dan malware melalui perangkat lunak keamanan situs website. Kerentanan dalam teknologi informasi (IT), adalah cacat dalam kode atau desain yang menciptakan titik kompromi keamanan potensial untuk titik akhir atau jaringan. Kerentanan menciptakan kemungkinan vektor serangan, dimana penyusup dapat menjalankan kode atau mengakses memori sistem target. Tools OWASP-ZAP adalah fitur untuk melakukan penetration testing pada sebuah website. SCELE adalah salah satu platform yang disediakan Universitas Indonesia untuk mengakses info akademis. Dengan tool OWASP-ZAP pendeteksian kerentanan pada website SCELE dapat dilakukan serta analisa dari hasil kerentanan tersebut juga dapat disimpulkan agar dapat menjadi acuan untuk memperbaiki sistem SCELE yang telah ada. ......Website security is an important component to protect and secure websites and servers. The website is scanned to find out vulnerabilities and malware through website security software. Vulnerability in information technology (IT), is defect in code or design that creates a point of potential security compromise for endpoint or network. Vulnerability creates the possibility of an attack vector, where intruders can run code or access the target systems memory. The OWASP-ZAP tool is a feature for penetration testing of a website. Scele is one of the platform provided by University of Indonesia to access academic info. With OWASP-ZAP tool, vulnerability detection on the SCELE website can be done and and analysis of the result of these vulnerabilities can also be concluded to be reference to improve the existing SCELE system.

Abstrak :
Berkembang pesatnya teknologi informasi saat ini sejalan dengan berkembangnya aplikasi berbasis android dan website. Website umumnya digunakan sebagai media informasi dan komunikasi yang tentunya memiliki peran yang sangat penting. Namun, tidak menutup kemungkinan bahwa terdapat ancaman terkait dengan celah keamanan dari suatu website, baik kejahatan cyber, kebocoran data, pencurian data, dan merusak data maupun hanya ingin mengganggu system tersebut. Sebagai contoh pada website admin Digital Outlet yang merupakan pusat dari pengelolaan suatu website application. Dalam website admin tersebut telah tersimpan data dan informasi penting penggunanya yang bersifat sensitif. Maka, perlu adanya perhatian khusus terkait keamanan website tersebut. Pada penelitian ini akan dilakukan vulnerability assessment dan penetration testing pada situs website Digital Outlet menggunakan metode Information System Security Assessment Framework (ISSAF) dengan melakukan pengujian untuk mencari celah keamanan yang umum terjadi pada website tersebut, khususnya celah keamanan pada Broken Access Control, Cross Site Scripting (XSS), SQL Injection, dan sebagainya. Hasil dari penelitian analisis uji kerentanan yang diperoleh pada website Digital Outlet nantinya akan pergunakan untuk memperbaiki dan meningkatkan keamanan pada website tersebut serta menjadi salah satu referensi dalam memberikan rekomendasi terkait pengembangan framework Basic Development Framework (BDF) untuk management struktur rancang bangun suatu website yang baik dan aman.  ......The rapid development of information technology is currently in line with the development of Android-based applications and website. Website are generally used as a medium of information and communication which of course has a very important role. However, it is possible that there are threats related to the security gaps of a website, both cyber crime, data leaks, data theft, and damage to data or just wanting to disrupt the system. For example, on the Digital Outlet admin website, which is the center of managing a website application. The admin website has stored important sensitive data and information on its users. So, there needs to be special attention regarding the security of the website. In this research, vulnerability assessment dan penetration testing will be carried out on the Digital Outlet website using the Information System Security Assessment Framework (ISSAF) method by conducting tests to find security holes that commonly occur on the website, especially security holes in Broken Access Control, Cross Site Scripting (XSS), SQL Injection, and so on. The results of the vulnerability test analysis research obtained on the Digital Outlet website will later be used to improve and increase security on the website and become a reference in providing recommendations related to the development of the Basic Development Framework (BDF) framework for the management structure of a good website design and build safe.

Abstrak :
Dengan adanya perkembangan teknologi saat ini, banyak pihak memberikan layanan yang dapat dimanfaatkan untuk dapat mempermudah semua kegiatan. Salah satu media yang digunakan untuk berbagai tujuan yaitu website. Salah satu jenis website yaitu website e-learning. Website e learning akan akan menyimpan informasi sensitif seperti data penggunanya untuk dapat memberikan hak akses fasilitas terhadap website tersebut. Informasi sensitif inilah yang perlu diperhatikan dalam pengembangan suatu website agar terhindar dari serangan cyber. Salah satu serangan yang sering terjadi pada website yaitu sql injection, dimana serangan ini terjadi dalam bentuk pencurian atau bahkan memodifikasi informasi pribadi oleh pihak yang tidak berhubungan. Untuk mencegah terjadi serangan pada website maka perlu dilakukannya penetration testing. Penetration testing bertujuan untuk mencari kerentanan yang ada pada website agar dapat segera ditangani sebelum dimanfaatkan oleh pihak yang tidak bertanggung jawab. Terdapat beberapa tahapan yang dilakukan untuk mengidentifikasi kerentanan website yaitu reconnaissance, scanning, exploitation dan report. Pengujian dilakukan dengan menganalisis hasil yang didapatkan dari setiap tahapan penetration testing sehingga dapat diketahui kerentanan yang ada pada website. Dari kerentanan yang terdetaksi maka akan diketahui beberapa rekomendasi solusi untuk mengatasinya. Setiap tahapan penetration testing akan menggunakan beberapa tools pendukung. Selain itu juga dilakukan pengujian keamanan website dengan melakukan serangan sql injection dan xss attack. ......With the current technological developments, many parties provide services that can be used to facilitate all activities. One of the media used for various purposes is the website. One type of website is an e-learning website. An e-learning website will store sensitive information such as user data to be able to grant facility access rights to the website. This sensitive information needs to be considered in developing a website to avoid cyber attacks. One of the attacks that often occurs on websites is sql injection, where this attack occurs in the form of stealing or even modifying personal information by unrelated parties. To prevent attacks on the website, it is necessary to do penetration testing. Penetration testing aims to find vulnerabilities on the website so that they can be addressed immediately before being exploited by irresponsible parties. There are several steps taken to identify website vulnerabilities, namely reconnaissance, scanning, exploitation and reports. Testing is carried out by analyzing the results obtained from each stage of penetration testing so that the vulnerabilities that exist on the website can be identified. From the detected vulnerabilities, several recommendations for solutions to overcome them will be identified. Each stage of penetration testing will use several supporting tools. Besides that, website security testing is also carried out by carrying out sql injection attacks and xss attacks.

Abstrak :
Managing information security offers focused coverage of how to protect mission critical systems, and how to deploy security management systems, IT security, ID management, intrusion detection and prevention systems, computer forensics, network forensics, firewalls, penetration testing, vulnerability assessment, and more. It offers in-depth coverage of the current technology and practice as it relates to information security management solutions.