Implementation of Penetration testing on Websites to Improve Security of Information Assets UPN "Veteran" Yogyakarta

Abstract

Purpose: This study aims to implement penetration testing on the website https://fit.upnyk.ac.id owned by Telematics UPN "Veteran" Yogyakarta to determine whether there are vulnerabilities or security holes in the web server. Then make an analysis based on the results of penetration testing on the web server using penetration testing tools (penetration testing scanner) so that recommendations for improvements are obtained to close security holes that can be used as a way for hackers to enter the system, as well as provide risk mitigation recommendations.Design/methodology/approach: This study uses the penetration test method which consists of five stages, namely literature study, information gathering, identification of system vulnerabilities, penetration testing and analysis. Penetration tests were carried out using acunetix tools and analysis using the OWASP and ISAAF methods.Findings/result: Based on research conducted on the website https://fit.upnyk.ac.id/ using the OWASP method, several vulnerabilities were found, including one vulnerability with a high level (high), three with a medium level and six with a low level (low), so that it can be it can be concluded that in general the level of vulnerability of the website is at the medium levelOriginality/value/state of the art: Penetration testing on the website can be done by identifying system vulnerabilities, penetration testing and analysis. The OWASP method can be used to find vulnerabilities on a website