research-article

Security Vulnerability Analysis using Penetration Testing Execution Standard (PTES): Case Study of Government's Website

Authors:

Muhammad Fakhrul Safitra,

Muharman Lubis,

Adityas WidjajartoAuthors Info & Claims

ICECC '23: Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering

Pages 139 - 145

https://doi.org/10.1145/3592307.3592329

Published: 14 August 2023 Publication History

Abstract

The rapid development of technology has impacted various aspects of life, including the way individuals, organizations, and governments deliver accurate, effective, and efficient information. XYZ local government, which is responsible for serving the community in the trade field, manages its information through the Communication and Information Agency (Diskominfo) of the XYZ region. Diskominfo employs technological advancements to provide the people of the XYZ region with direct access to accurate, precise, and reliable data through their website. However, the security of the website has become a crucial aspect to prevent attacks from malicious individuals that can cause damage to the system and harm the website owner. To analyze the website's security loopholes and vulnerabilities, the author performed a simulation of an attacker. The analysis aimed to evaluate the level of risk and confidence in the website. The results showed 42 alerts categorized into four risk levels: 9 vulnerabilities with a high-risk level, 13 vulnerabilities with a medium-risk level, 11 vulnerabilities with a low-risk level, and 9 vulnerabilities with an informational-risk level.

References

[1]

Y. Trimarsiah and M. Arafat, “Analisis dan Perancangan Website Sebagai Sarana Informasi Pada Lembaga Bahasa Kewirausahaan dan Komputer Akmi Baturaja,” Jurnal Ilmiah Matrik, vol. 19, no. 1, pp. 1–10, 2017.

[2]

Y. Hollander, “Prevent Web Site Defacement,” 2000. [Online]. Available: http://www.entercept.com.

[3]

B. A. Soewardi, “Perlunya Pembangunan Sistem Pertahanan Siber (Cyber Defense) yang tangguh bagi indonesia,” Media Informasi Ditjen Pothan Menhan. Media Informasi Ditjen Pothan Kemhan, Mar. 2013.

[4]

A. Almaarif and M. Lubis, “Vulnerability Assessment and Penetration Testing (VAPT) Framework: Case Study of Government's Website,” Int J Adv Sci Eng Inf Technol, vol. 10, no. 5, pp. 1874–1880, 2020.

[5]

A. Widjajarto, M. Lubis, and V. Ayuningtyas, “Vulnerability and risk assessment for operating system (OS) with framework STRIDE: Comparison between VulnOS and Vulnix,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 23, no. 3, pp. 1643–1653, Sep. 2021. v23.i3. pp1643-1653.

[6]

S. Liu, Z. Li, and X. Cheng, “Introduction to the special section on Quality, Reliability and Resilience in Hybrid Information Systems,” Computers and Electrical Engineering, vol. 70, pp. 1105–1107, Aug. 2018.

[7]

S. Ferré and O. Ridoux, “Introduction to logical information systems,” Inf Process Manag, vol. 40, no. 3, pp. 383–419, May 2004.

Digital Library

[8]

H. Setiawan, L. E. Erlangga, and I. Baskoro, “Vulnerability Analysis Using the Interactive Application Security Testing (IAST) Approach for Government X Website Applications,” in 2020 3rd International Conference on Information and Communications Technology, ICOIACT 2020, Nov. 2020, pp. 471–475.

[9]

M. P. Mokodompit and N. Nurlaela, “Evaluasi Keamanan Sistem Informasi Akademik Menggunakan ISO 17799:2000,” JURNAL SISTEM INFORMASI BISNIS, vol. 6, no. 2, pp. 97–104, Jan. 2016.

[10]

H. Ardiyanti, “Cyber-Security dan Tantangan Pengembangannya di Indonesia,” Politica, vol. 5, no. 1, 2014, [Online]. Available: http://kominfo.go.id/index.php/content/detail/3980/

[11]

J. Grossman, “The State of Website Security,” Institute of Electrical and Electronics Engineers (IEEE), Aug. 2012.

Digital Library

[12]

Paryati, “Keamanan Sistem Informasi,” Seminar Nasional Informatika, pp. 379–386, 2008, [Online]. Available: www.upnyk.ac.id

[13]

A. W. Kuncoro and F. Rahma, “Analisis Metode Open Web Application Security Project (OWASP) pada Pengujian Keamanan Website: Literature Review,” AUTOMATA, vol. 3, no. 1, 2022, [Online]. Available: https://www.sciencedirect.com

[14]

The PTES Team, The Penetration Testing Execution Standard Documentation. 2022.

[15]

A. R. Hevner, S. T. March, J. Park, and S. Ram, “DESIGN SCIENCE IN INFORMATION SYSTEMS RESEARCH 1,” Design Science in Information Systems Research, vol. 28, no. 1, pp. 75–105, 2004.

Cited By

Leszczyna R(2024)Cybersecurity Assessment Methods—Why Aren’t They Used?IT Professional10.1109/MITP.2024.339241526:4(71-79)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MITP.2024.3392415
Setianingsih WWulan RLestari M(2024)Preparing Future Leaders: Communication Skills and Leadership Development for E-Government and ICT ReformsIntelligent Sustainable Systems10.1007/978-981-99-8111-3_8(79-89)Online publication date: 8-Mar-2024
https://doi.org/10.1007/978-981-99-8111-3_8
Safitra MLubis MFakhrurroja H(2024)The State of Cyber Resilience: Advancements and Future DirectionsIntelligent Sustainable Systems10.1007/978-981-99-7886-1_30(353-363)Online publication date: 9-Apr-2024
https://doi.org/10.1007/978-981-99-7886-1_30
Show More Cited By

Index Terms

Security Vulnerability Analysis using Penetration Testing Execution Standard (PTES): Case Study of Government's Website
1. Security and privacy
  1. Systems security
    1. Vulnerability management
      1. Penetration testing

Recommendations

In Deep Security Management Strategy: Vulnerability Assessment Within Educational Institution
ICECC '23: Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering

Technology is developing rapidly along with the times; one example of technological developments is the development of the use of websites in daily activities. Many institutions and entities have utilized the use of websites to support their business ...
Measuring and ranking attacks based on vulnerability analysis

As the number of software vulnerabilities increases, the research on software vulnerabilities becomes a focusing point in information security. A vulnerability could be exploited to attack the information asset with the weakness related to the ...
History and Future of Automated Vulnerability Analysis
SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

The software upon which our modern society operates is riddled with security vulnerabilities. These vulnerabilities allow hackers access to our sensitive data and make our system insecure. To identify vulnerabilities in software, human experts, or ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICECC '23: Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering

March 2023

316 pages

ISBN:9798400700002

DOI:10.1145/3592307

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 August 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICECC 2023

ICECC 2023: 2023 The 6th International Conference on Electronics, Communications and Control Engineering

March 24 - 26, 2023

Fukuoka, Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
288
Total Downloads

Downloads (Last 12 months)249
Downloads (Last 6 weeks)16

Reflects downloads up to 30 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Leszczyna R(2024)Cybersecurity Assessment Methods—Why Aren’t They Used?IT Professional10.1109/MITP.2024.339241526:4(71-79)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MITP.2024.3392415
Setianingsih WWulan RLestari M(2024)Preparing Future Leaders: Communication Skills and Leadership Development for E-Government and ICT ReformsIntelligent Sustainable Systems10.1007/978-981-99-8111-3_8(79-89)Online publication date: 8-Mar-2024
https://doi.org/10.1007/978-981-99-8111-3_8
Safitra MLubis MFakhrurroja H(2024)The State of Cyber Resilience: Advancements and Future DirectionsIntelligent Sustainable Systems10.1007/978-981-99-7886-1_30(353-363)Online publication date: 9-Apr-2024
https://doi.org/10.1007/978-981-99-7886-1_30
Lubis MSafitra MFakhrurroja HMuslim A(2024)Assessing Network Accounting Management Approaches in the Infrastructure and Information Technology Sector: A Case Study in IndonesiaIntelligent Sustainable Systems10.1007/978-981-99-7886-1_24(273-284)Online publication date: 9-Apr-2024
https://doi.org/10.1007/978-981-99-7886-1_24
Safitra MLubis MLubis AAlhari M(2024)The Need for Energy-Efficient Networks: A Review of Green Communication Systems and Network ArchitecturesIntelligent Sustainable Systems10.1007/978-981-99-7569-3_11(127-136)Online publication date: 16-Feb-2024
https://doi.org/10.1007/978-981-99-7569-3_11
Safitra MLubis MFakhrurroja H(2023)Counterattacking Cyber Threats: A Framework for the Future of CybersecuritySustainability10.3390/su15181336915:18(13369)Online publication date: 6-Sep-2023
https://doi.org/10.3390/su151813369
Praditha VHidayat TAkbar MFajri HLubis MLubis FSafitra M(2023)A Systematical Review on Round Robin as Task Scheduling Algorithms in Cloud Computing2023 6th International Conference on Information and Communications Technology (ICOIACT)10.1109/ICOIACT59844.2023.10455832(516-521)Online publication date: 10-Nov-2023
https://doi.org/10.1109/ICOIACT59844.2023.10455832

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents