Academic Journal
Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On
| العنوان: | Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On |
|---|---|
| المؤلفون: | Septia Ulfa Sunaringtyas, Djodi Surya Prayoga |
| المصدر: | Edu Komputika Journal, Vol 8, Iss 1, Pp 48-56 (2021) |
| بيانات النشر: | Universitas Negeri Semarang, 2021. |
| سنة النشر: | 2021 |
| المجموعة: | LCC:Special aspects of education LCC:Information technology |
| مصطلحات موضوعية: | ptes, penetration testing, vulnerability, risk, single sign on, information security, cyber attack, Special aspects of education, LC8-6691, Information technology, T58.5-58.64 |
| الوصف: | Increasing the use of single sign-on technology by electronic-based service providers in addition to providing benefits also creates vulnerability. Penetration testing needed to identify vulnerabilities and test system security by exploiting those vulnerabilities. This research implements the Penetration Testing Execution Standard (PTES) for penetration testing of single singn-on services. Seven stages of the penetration test had done and 12 vulnerabilities were identified, consisting of 3 medium vulnerabilities, 6 low vulnerabilities and 3 information vulnerabilities. Six cyberattacks have been carried out to exploit the vulnerability with the result of 3 successful attacks and 3 failed attacks. Based on the results of the vulnerability and exploitation analysis, recommendations are given consist of regular updating and patching efforts, configuration of the CSP header and content-type-option header on the web server and application server, validation of the host header configuration, x-content-type-options header and deactivation. x-forwarded- hosted on every web page, configure 'secure' flag on cookies, add metacharacter filter feature in source code, and limit login attempts. The results of the PTES’s implementation are proven to make it easier for testers to carry out penetration tests and effectively prevent disputes between testers and clients due to differences in the scope of testing. |
| نوع الوثيقة: | article |
| وصف الملف: | electronic resource |
| اللغة: | English Indonesian |
| تدمد: | 2252-6811 2599-297X |
| Relation: | https://journal.unnes.ac.id/sju/index.php/edukom/article/view/47179; https://doaj.org/toc/2252-6811; https://doaj.org/toc/2599-297X |
| DOI: | 10.15294/edukomputika.v8i1.47179 |
| URL الوصول: | https://doaj.org/article/2dbb436c6d804efb8e841b3ad3c602ba |
| رقم الانضمام: | edsdoj.2dbb436c6d804efb8e841b3ad3c602ba |
| قاعدة البيانات: | Directory of Open Access Journals |
| تدمد: | 22526811 2599297X |
|---|---|
| DOI: | 10.15294/edukomputika.v8i1.47179 |