Vulnerability Analysis and Mitigation of Village Website  Using Vulnerability Scanner Based on PTES Method

Miftahullah; Ondi Asroni; Muhammad Haris Nasri

doi:10.59934/jaiea.v5i1.1231

Authors

Miftahullah Universitas Bumigora
Ondi Asroni Universitas Bumigora
Muhammad Haris Nasri Universitas Bumigora

DOI:

https://doi.org/10.59934/jaiea.v5i1.1231

Keywords:

Acunetix, Nessus, Penetration Testing, PTES, Web Security

Abstract

Web application security is a top priority in the digital era, especially for public services such as village websites. This research aims to analyze and mitigate web application vulnerabilities using the Penetration Testing Execution Standard (PTES) method with Acunetix and Nessus tools. The test was conducted on the website of Kediri Selatan Village, West Lombok Regency. To avoid risks to the production system, the test used a replica of the website. The testing process follows the PTES stages: pre-engagement, intelligence gathering, vulnerability analysis, exploitation, and reporting. The scan results showed medium and low-category vulnerabilities from Acunetix and two critical vulnerabilities from Nessus. Although automated tests did not detect SQL injection and XSS vulnerabilities, manual exploitation proved their existence. Mitigation was performed with input validation and script filters, which proved to eliminate the vulnerabilities on retest. This research provides an applicable security implementation model that can be adapted by other web services for villages.

Downloads

Download data is not yet available.

References

BADAN SIBER DAN SANDI NEGARA RI, “Laporan Keamanan Siber Indonesia (Bssn),” 2023.

A. Gustiyono, E. I. Alwi, and S. M. Abdullah, “Analisa Kerentanan Website Terhadap Serangan Cross-Site Scripting ( XSS ) Metode Penetration Testing Analyze Website Vulnerability To Cross-Site Scripting ( XSS ) Attacks Using Penetration Testing,” vol. 7, no. 1, pp. 25–33, 2024.

D. P. I. Kusuma, N. H. Maulida, M. Ma’rifat, and D. Hariyadi, “Evaluasi Potensi Celah Keamanan SQL Injection Menggunakan Nearest Neighbor pada Security-Software Development Life Cycle,” J. Repos., vol. 2, no. 9, pp. 1273–1280, 2020, doi: 10.22219/repositor.v2i9.999.

A. Zirwan, “Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner,” J. Inf. dan Teknol., vol. 4, no. 1, pp. 70–75, 2022, doi: 10.37034/jidt.v4i1.190.

R. M. Fauzi, R. Hermawan, D. R. Adhy, and S. Maesaroh, “Analisis Kerentanan Keamanan Web Menggunakan Metode Owasp Dan Ptes Di Web Pemerintahan Desa Xyz,” Power Elektron. J. Orang Elektro, vol. 13, no. 2, pp. 225–231, 2024, doi: 10.30591/polektro.v13i2.6711.

Muhammad Risky Ardiansyah et al., “Analisis Kerentanan Keamanan Website Menggunakan Metode PTES (Penetration Testing Execution And Standart),” Nuansa Inform., vol. 18, no. 2, pp. 145–153, 2024, doi: 10.25134/ilkom.v18i2.119.

G. Arna, J. Saskara, U. P. Ganesha, and U. P. Ganesha, “PENGUJIAN KEAMANAN DENGAN METODE PENETRATION TESTING EXECUTION STANDARD ( PTES ) UNTUK MENEMUKAN KERENTANAN MISCONFIGURATIONS PADA PERANGKAT SECURITY TESTING WITH PENETRATION TESTING EXECUTION STANDARD ( PTES ) METHODS TO FIND MISCONFIGURATIONS VULNERABIL,” J. Elektro Luceat, vol. 10, no. 2, 2024.

M Hasym Azwar and Alfina Yuliana, “Analisis Kualitas Layanan Jaringan Internet Wifi Pusdiskom Dengan Metode Peneration Testing,” JICode J. Inform. Dan Komput., vol. 1, no. 1, pp. 9–12, 2024.

M. R. Syaifudin, M. A. Murtadho, M. S. Wafa, and M. Masrur, “Analisis Keamanan Website Kampus UNIPDU Melalui Metode Vulnerability Assessment ( VA ) dengan Menggunakan Tools Acunetix UNIPDU Campus Website Security Analysis Through Vulnerability Assessment ( VA ) Metho,” KOMPUTA J. Ilm. Komput. dan Inform., vol. 14, no. 1, pp. 7–12, 2025, doi: 10.34010/komputa.v14i1.

M. A. Muin, K. Kapti, and T. Yusnanto, “Campus Website Security Vulnerability Analysis Using Nessus,” Int. J. Comput. Inf. Syst., vol. 3, no. 2, pp. 79–82, 2022, doi: 10.29040/ijcis.v3i2.72.

S. Utoro, B. A. Nugroho, M. Meinawati, and S. R. Widianto, “Analisis Keamanan Website E-Learning SMKN 1 Cibatu Menggunakan Metode Penetration Testing Execution Standard,” Multinetics, vol. 6, no. 2, pp. 169–178, 2020, doi: 10.32722/multinetics.v6i2.3432.