Carrying Out Website Security Analysis Using the Standard Penetration Testing Method
Keywords:
Website Security, PTES, Penetration Testing, SPPT Online, Mojokerto.Abstract
The high level of cybersecurity threats such as SQL injection attacks, cross-site scripting (XSS), and data breaches makes website security testing a critical need. This study aims to analyze website security vulnerabilities using the PTES method as a comprehensive penetration standard. The study uses an exploratory qualitative approach with five PTES stages: (1) pre-engagement, (2) intelligence gathering, (3) vulnerability analysis, (4) exploitation, (5) post-exploitation and maintaining access. The results of the study revealed that the SPPT Online website in Mojokerto City that had been scanned provided several accesses to open protocols created for communication channels. PTES effectively uncovered multidimensional vulnerabilities with a structured approach. The results of the study can be a guide to improving website security posture, especially in the financial management sector. This study highlights the urgency of periodic security audits based on standards such as PTES to mitigate cyber risks.
Downloads
References
1. Astrida, D. N., Saputra, A. R., & Assaufi, A. I. (2021). Analysis and evaluation of wireless network security with the penetration testing execution standard (PTES). Sinkron: jurnal dan penelitian teknik informatika, 6(1), 147-154.
2. Das, D. K. (2024). Exploring the symbiotic relationship between digital transformation, infrastructure, service delivery, and governance for smart sustainable cities. Smart Cities, 7(2), 806-835.
3. Dhirani, L. L., Mukhtiar, N., Chowdhry, B. S., & Newe, T. (2023). Ethical dilemmas and privacy issues in emerging technologies: A review. Sensors, 23(3), 1151.
4. Edy, S., Gunawan, W., & Wijanarko, B. D. (2017, November). Analysing the trends of cyber-attacks: Case study in Indonesia during period 2013-Early 2017. In 2017 International Conference on Innovative and Creative Information Technology (ICITech) (pp. 1-6). IEEE.
5. Engebretson, P. (2013). The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier.
6. Eom, S. J., & Lee, J. (2022). Digital government transformation in turbulent times: Responses, challenges, and future direction. Government Information Quarterly, 39(2), 101690.
7. Happe, A., & Cito, J. (2023, November). Understanding hackers’ work: An empirical study of offensive security practitioners. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 1669-1680).
8. Hatfield, J. M. (2019). Virtuous human hacking: The ethics of social engineering in penetration-testing. Computers & Security, 83, 354-366.
9. Jajodia, S., Noel, S., & O’berry, B. (2005). Topological analysis of network attack vulnerability. Managing Cyber Threats: Issues, Approaches, and Challenges, 247-266.
10. Ndou, V. (2004). E-government for developing countries: Opportunities and challenges. Electron. J. Inf. Syst. Dev. Ctries., 18(1), 1-24.
11. Ouaissa, M., & Ouaissa, M. (2024). Offensive and Defensive Cyber Security Strategies: Fundamentals, Theory and Practices. CRC Press.
12. Pratiwi, F. I., Hennida, C., Soesilowati, S., Berliantin, N., Ekasari, D. Y., Dewi, C. S., & Intan, A. A. (2024). Cybersecurity Challenges in Indonesia: Threat and Responses Analysis. Perspectives on Global Development and Technology, 22(3-4), 239-264.
13. Rehberger, J. (2020). Cybersecurity Attacks–Red Team Strategies: A practical guide to building a penetration testing program having homefield advantage. Packt Publishing Ltd.
14. Safitra, M. F., Lubis, M., & Widjajarto, A. (2023, March). Security vulnerability analysis using penetration testing execution standard (PTES): case study of government's website. In Proceedings of the 2023 6th international conference on electronics, communications and control engineering (pp. 139-145).
15. Salman, H. A., & Alsajri, A. (2023). The evolution of cybersecurity threats and strategies for effective protection. A review. SHIFRA, 2023, 73-85.
16. Shah, S., & Mehtre, B. M. (2015). An overview of vulnerability assessment and penetration testing techniques. Journal of Computer Virology and Hacking Techniques, 11, 27-49.
17. Utama, F. P., & Nurhadi, R. M. H. (2024). Uncovering the Risk of Academic Information System Vulnerability through PTES and OWASP Method. CommIT (Communication and Information Technology) Journal, 18(1), 39-51.
18. Willard, G. N. (2015). Understanding the co-evolution of cyber defenses and attacks to achieve enhanced cybersecurity. Journal of Information Warfare, 14(2), 16-30.
19. Whitaker, A., & Newman, D. P. (2005). Penetration testing and network defense. Cisco Press.
