Analysis of Local Government Website Vulnerabilities Using the PTES Framework

Muh. Ariq Hasabi; Muhammad Azwar; Lilik Widyawati

doi:10.59934/jaiea.v5i1.1454

Authors

Muh. Ariq Hasabi Universitas Bumigora
Muhammad Azwar Universitas Bumigora
Lilik Widyawati Universitas Bumigora

DOI:

https://doi.org/10.59934/jaiea.v5i1.1454

Keywords:

Cyber Security, Government Websites, PTES, phpMyAdmin, Web Vulnerabilities

Abstract

This study aims to analyze and validate security vulnerabilities on the official website of a local government agency, which is a crucial public service portal. The study adopts an adapted Penetration Testing Execution Standard (PTES) methodology, focusing on non-invasive techniques to ensure ethical and responsible assessment of active government systems. Key stages include information gathering, vulnerability scanning using tools such as Nessus, and manual validation using Metasploit and SQLMap. Post-validation analysis confirmed several significant vulnerabilities, with the most critical findings being the exposure of development configuration files to the public and the presence of an outdated version of phpMyAdmin. The study also identified systemic issues such as weak cipher suite support (SWEET32) and configurations that enable DNS amplification attacks. The manual validation process critically succeeded in uncovering false positives from the automated scanner, highlighting the importance of verification by experts. This website exhibits significant security weaknesses due to inadequate patch management and insecure configurations. These findings underscore the urgent need for government agencies to adopt proactive security audits and structured remediation cycles to protect public data and maintain trust in digital services.

Downloads

Download data is not yet available.

References

S. W. Gusman, “Development of the Indonesian Government’s Digital Transformation,” Dinasti Int. J. Educ. Manag. Soc. Sci., vol. 5, no. 5, pp. 1128–1141, 2024, doi: 10.38035/dijemss.v5i5.2868.

Ashish Dewakar Pandey and Shakil Saiyad, “Emerging Threats in Cybersecurity : A Deep Analysis of Modern Attack,” Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., vol. 10, no. 2, pp. 693–697, 2024, doi: 10.32628/cseit2410297.

BADAN SIBER DAN SANDI NEGARA RI, “Laporan Keamanan Siber Indonesia (Bssn),” 2023. [Online]. Available: https://csirt.kemenpora.go.id/wp-content/uploads/2025/02/keamanan.pdf

S. W. Ningsih, “Analisis Pengujian Kerentanan Situs Pemerintahan XYZ dengan PTES,” JATISI (Jurnal Tek. Inform. dan Sist. Informasi), vol. 8, no. 3, pp. 1543–1556, 2021, doi: 10.35957/jatisi.v8i3.1224.

E. Z. Darojat, E. Sediyono, and I. Sembiring, “Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner,” J. Sist. Inf. Bisnis, vol. 12, no. 1, pp. 36–44, 2022, doi: 10.21456/vol12iss1pp36-44.

Z. Faizi, Puwantori, and A. Ali Ridha, “Analisis Web Security Hole Menggunakan Metode Penetration Testing Execution and Standard (Studi Kasus : Universitas Singaperbangsa Karawang),” J. Inf. dan Komput., vol. 11, no. 2, p. 2023, 2023.

M. Tahir and M. Risky, “Analisis Keamanan Website Dinas Pemerintahan Yogyakarta Dengan Metode PTES (Penetration Testing Execution Standard),” J. Tek. Inform. UNIKA ST.Thomas, vol. 9, pp. 2657–1501, 2024, [Online]. Available: https://ejournal.ust.ac.id/index.php/JTIUST/article/view/3334

D. A. Andhika, Slamet, and N. Ningsih, “Pengujian Penetrasi pada Windows 10 menggunakan Model Penetration Testing Execution Standard (PTES),” J. Technol. Informatics, vol. 3, no. 2, pp. 55–61, 2022, doi: 10.37802/joti.v3i2.222.

M. Noval, R. Darmawan, Y. Muhyidin, and D. Singasatia, “Analisis Keamanan Web Sman 1 Wanayasa Menggunakan Metode Pentration Testing Execution Standard (Ptes),” vol. 2, pp. 110–121, 2024.

Muhammad Risky Ardiansyah et al., “Analisis Kerentanan Keamanan Website Menggunakan Metode PTES (Penetration Testing Execution And Standart),” Nuansa Inform., vol. 18, no. 2, pp. 145–153, 2024, doi: 10.25134/ilkom.v18i2.119.

M. Muin, K. Kapti, and T. Yusnanto, “Campus Website Security Vulnerability Analysis Using Nessus,” Int. J. Comput. Inf. Syst., vol. 3, pp. 79–82, 2022, doi: 10.29040/ijcis.v3i2.72.