UJI PENETRASI SERVER UNIVERSITAS PQR MENGGUNAKAN METODE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST SP 800-115)

UJI PENETRASI SERVER UNIVERSITAS PQR MENGGUNAKAN METODE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST SP 800-115)

Security threats in the form of cyber attacks have occurred in several universities, schools, and even hospitals. Important data located on an organization's servers can be hacked and accessed by unauthorized persons. One way to avoid hacking is to close any security holes that the system might...

Full description

Saved in:
Bibliographic Details
Main Author: Syifa Sabrina Anelia, (Author)
Format: Book
Published: 2021-07-12.
Subjects:
Thesis
NonPeerReviewed
Online Access:Link Metadata
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Security threats in the form of cyber attacks have occurred in several universities, schools, and even hospitals. Important data located on an organization's servers can be hacked and accessed by unauthorized persons. One way to avoid hacking is to close any security holes that the system might have. Before closing the security gap, of course, we must know the existing security holes by doing tests like hackers do, but with an approved procedure. In this study, penetration testing was carried out to test vulnerabilities and find weaknesses that exist on the PQR University's server that stores student personal data. The penetration test conducted in this study uses the National Institute of Standards and Technology (NIST SP 800-115) method which consists of 4 testing phases, namely the planning phase, discovery phase, attack phase, and reporting phase. The results obtained in this study are the discovery of 13 vulnerabilities that can be exploited with details of 2 vulnerabilities including critical categories, namely Default Credentials and PHP Unsupported Version Detection, 3 vulnerabilities including high categories, namely SSL Version 2 and 3 Protocol Detection, PHP < 7.3.24 Multiple Vulnerabilities , SSL Medium Strength Cipher Suites Supported (SWEET32), 8 vulnerabilities including medium categories namely SSL Certificate Cannot Be Trusted, SSL Self-Signed Certificate, TLS Version 1.0 Protocol Detection, PHPinfo() Information Disclosure, Unencrypted Password Form, HTTP TRACE / TRACK Methods Allowed, SSL Certificate Expiry, SSL RC4 Cipher Suites Supported (Bar Mitzvah), and 1 vulnerability is a false positive that is PHP < 7.1.33 / 7.2.x < 7.2.24 / 7.3.x < 7.3.11 Remote Code Execution Vulnerability.
Item Description:http://repository.upnvj.ac.id/11236/34/ABSTRAK.pdf
http://repository.upnvj.ac.id/11236/35/AWAL.pdf
http://repository.upnvj.ac.id/11236/26/BAB%201.pdf
http://repository.upnvj.ac.id/11236/27/BAB%202.pdf
http://repository.upnvj.ac.id/11236/28/BAB%203.pdf
http://repository.upnvj.ac.id/11236/29/BAB%204.pdf
http://repository.upnvj.ac.id/11236/30/BAB%205.pdf
http://repository.upnvj.ac.id/11236/31/DAFTAR%20PUSTAKA.pdf
http://repository.upnvj.ac.id/11236/33/RIWAYAT%20HIDUP.pdf
http://repository.upnvj.ac.id/11236/32/LAMPIRAN.pdf
http://repository.upnvj.ac.id/11236/12/ARTIKEL%20KI.pdf

Similar Items