Aldino, Firman Nur (2025) Analisis Kerentanan Website Menggunakan Metode Penetration Testing (Studi Kasus : Website BPKAD Kabupaten Pelalawan). Other thesis, Universitas Islam Riau.

Text skripsi_183510588_watermark.pdf - Published Version Restricted to Registered users only Download (4MB) | Request a copy

Abstract

Information system security is a critical aspect in addressing increasingly complex cyber threats. The BPKAD Pelalawan Regency website, as a platform for regional financial information and services, stores sensitive data vulnerable to cyberattacks. This study aims to analyze vulnerabilities on the BPKAD website using the penetration testing method and OWASP ZAP tool. The research methodology includes planning, information gathering, vulnerability identification, exploitation, and reporting phases. The test results revealed 14 vulnerabilities classified into 2 high, 4 medium, 6 low, and 2 informational levels. Key findings include the absence of Anti-CSRF tokens, the use of vulnerable JavaScript libraries, incomplete security header configurations, and exposure of personally identifiable information. Recommended improvements include implementing a Content Security Policy, updating vulnerable libraries, and configuring security headers such as viii StrictTransport-Security. This research is expected to help BPKAD strengthen its cybersecurity posture and serve as a reference for other government agencies in securing their information systems.

Actions (login required)

View Item