Penetration Testing on Mail Server Website using the OWASP Method

Penulis

  • Hendra Saputra Muhammadiyah University of East Kalimantan, Samarinda, Indonesia
  • Ali Zainal Abidin Muhammadiyah University of East Kalimantan, Samarinda, Indonesia
  • Faldi Faldi Muhammadiyah University of East Kalimantan, Samarinda, Indonesia
  • Muhammad Taufiq Sumadi Muhammadiyah University of East Kalimantan, Samarinda, Indonesia

DOI:

https://doi.org/10.35335/mandiri.v12i2.232

Kata Kunci:

System Security, Penetration Testing, Self-testing, OWASP Zap, Acunetix

Abstrak

Technological advancements have positively impacted various fields, including the Internet. Awareness of system security has become a crucial concern for application developers. Protecting networks from disruptions or hacker attacks can be achieved through self-testing methods, such as Penetration Testing (Pentest). This research conducts a penetration test on the mail server domain, mail.umtk.sch.id, using the tools OWASP Zap and Acunetix. The results of this testing reveal the detection of 9 vulnerabilities and based on the OWASP Top 10 2017 vulnerability categories, five categories were identified: Broken Authentication, Sensitive Data Exposure, Broken Access Control, Security Misconfiguration, and Using Components with Known Vulnerabilities

Referensi

Afrih Juhad, H., Isnanto, R. R., & Widianto, E. D. (2016). Analisis Keamanan pada Aplikasi Her-registrasi Online Mahasiswa Universitas Diponegoro. Jurnal Teknologi Dan Sistem Komputer, 4(3). https://doi.org/10.14710/jtsiskom.4.3.2016.479-484

Agreindra Helmiawan, M., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of Web Security Using Open Web Application Security Project 10. 2020 8th International Conference on Cyber and IT Service Management, CITSM 2020. https://doi.org/10.1109/CITSM50537.2020.9268856

Aulianisa, S. S., & Indirwan, I. (2020). Critical Review of the Urgency of Strengthening the Implementation of Cyber Security and Resilience in Indonesia. Lex Scientia Law Review, 4(1), 31–45.

Belapurkar, A., Chakrabarti, A., Ponnapalli, H., Varadarajan, N., Padmanabhuni, S., & Sundarrajan, S. (2009). Distributed systems security: issues, processes and solutions. John Wiley & Sons.

Cazorla, L., Alcaraz, C., & Lopez, J. (2016). Cyber stealth attacks in critical information infrastructures. IEEE Systems Journal, 12(2), 1778–1792.

Galperin, H., & Fernanda Viecens, M. (2017). Connected for development? Theory and evidence about the impact of internet technologies on poverty alleviation. Development Policy Review, 35(3), 315–336.

Infante, A., & Mardikaningsih, R. (2022). The Potential of social media as a Means of Online Business Promotion. Journal of Social Science Studies (JOS3), 2(2), 45–49.

Kalaani, C. (2023). OWASP ZAP vs Snort for SQLi Vulnerability Scanning.

Karimov, M. M., Arzieva, J. T., & Rakhimberdiev, K. (2022). Development of approaches and schemes for proactive information protection in computer networks. 2022 International Conference on Information Science and Communications Technologies (ICISCT), 1–5.

Li, J. (2020). Vulnerabilities mapping based on OWASP-SANS: a survey for static application security testing (SAST). ArXiv Preprint ArXiv:2004.03216.

Mateo Tudela, F., Bermejo Higuera, J.-R., Bermejo Higuera, J., Sicilia Montalvo, J.-A., & Argyros, M. I. (2020). On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications. Applied Sciences, 10(24), 9119.

Raja, R., & Nagasubramani, P. C. (2018). Impact of modern technology in education. Journal of Applied and Advanced Research. https://doi.org/10.21839/jaar.2018.v3is1.165

Sudhodanan, A., Armando, A., Carbone, R., & Compagna, L. (2017). Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications. https://doi.org/10.14722/ndss.2016.23286

Taneja, S., & Toombs, L. (2014). Putting a face on small businesses: Visibility, viability, and sustainability the impact of social media on small business marketing. Academy of Marketing Studies Journal, 18(1), 249.

Thoma, B., Murray, H., Huang, S. Y. M., Milne, W. K., Martin, L. J., Bond, C. M., Mohindra, R., Chin, A., Yeh, C. H., Sanderson, W. B., & Chan, T. M. (2018). The impact of social media promotion with infographics and podcasts on research dissemination and readership. Canadian Journal of Emergency Medicine, 20(2). https://doi.org/10.1017/cem.2017.394

We Are Social. (2022). DIGITAL 2022: ANOTHER YEAR OF BUMPER GROWTH. https://wearesocial.com/uk/blog/2022/01/digital-2022-another-year-of-bumper-growth-2/

Wibowo, F., Nuha, H. H., & Wibowo, S. (2020). Network Security Analysis Using HTTPS with SSL on General Election Quick Count Website. 2020 IEEE International Conference on Communication, Networks and Satellite, Comnetsat 2020 - Proceedings. https://doi.org/10.1109/Comnetsat50391.2020.9328940

Unduhan

Diterbitkan

2023-08-24

Cara Mengutip

Saputra, H., Abidin, A. Z., Faldi, F., & Sumadi, M. T. (2023). Penetration Testing on Mail Server Website using the OWASP Method. Jurnal Mandiri IT, 12(2), 58–65. https://doi.org/10.35335/mandiri.v12i2.232

Terbitan

Vol 12 No 2 (2023): October: Computer Science and Field.

Bagian

Articles

Lisensi

Hak Cipta (c) 2023 Hendra Saputra, Ali Zainal Abidin, Faldi Faldi, Muhammad Taufiq Sumadi

Creative Commons License

Artikel ini berlisensi Creative Commons Attribution-NonCommercial 4.0 International License.