Security Vulnerability Analysis using Penetration Testing Execution Standard (PTES): Case Study of Government's Website

Security Vulnerability Analysis using Penetration Testing Execution Standard (PTES): Case Study of Government's Website

연구 분야: Strategies

학회: ICECC '23: Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering

The rapid development of technology has impacted various aspects of life, including the way individuals, organizations, and governments deliver accurate, effective, and efficient information. XYZ local government, which is responsible for serving the community in the trade field, manages its information through the Communication and Information Agency (Diskominfo) of the XYZ region. Diskominfo employs technological advancements to provide the people of the XYZ region with direct access to accurate, precise, and reliable data through their website. However, the security of the website has become a crucial aspect to prevent attacks from malicious individuals that can cause damage to the system and harm the website owner. To analyze the website's security loopholes and vulnerabilities, the author performed a simulation of an attacker. The analysis aimed to evaluate the level of risk and confidence in the website. The results showed 42 alerts categorized into four risk levels: 9 vulnerabilities with a high-risk level, 13 vulnerabilities with a medium-risk level, 11 vulnerabilities with a low-risk level, and 9 vulnerabilities with an informational-risk level.