KOMPARASI KERENTANAN DAN EKSPLOITABILITAS TIGA PLATFORM DIGITAL BERDASARKAN HASIL PENETRATION TESTING

SASONGKO, DZUMARATIN DAMAR (2025) KOMPARASI KERENTANAN DAN EKSPLOITABILITAS TIGA PLATFORM DIGITAL BERDASARKAN HASIL PENETRATION TESTING. S1 thesis, Universitas Mercu Buana Jakarta - Menteng.

[img] Text (COVER)
41520110110-Dzumaratin Damar Sasongko-01 Cover - Dzumaratin Damar.pdf
Download (645kB)
[img] Text (BAB I)
41520110110-Dzumaratin Damar Sasongko-02 Bab 1 - Dzumaratin Damar.pdf
Restricted to Registered users only
Download (45kB)
[img] Text (BAB II)
41520110110-Dzumaratin Damar Sasongko-03 Bab 2 - Dzumaratin Damar.pdf
Restricted to Registered users only
Download (146kB)
[img] Text (BAB III)
41520110110-Dzumaratin Damar Sasongko-04 Bab 3 - Dzumaratin Damar.pdf
Restricted to Registered users only
Download (211kB)
[img] Text (BAB IV)
41520110110-Dzumaratin Damar Sasongko-05 Bab 4 - Dzumaratin Damar.pdf
Restricted to Registered users only
Download (4MB)
[img] Text (BAB V)
41520110110-Dzumaratin Damar Sasongko-06 Bab 5 - Dzumaratin Damar.pdf
Restricted to Registered users only
Download (138kB)
[img] Text (DAFTAR PUSTAKA)
41520110110-Dzumaratin Damar Sasongko-08 Daftar Pustaka - Dzumaratin Damar.pdf
Restricted to Registered users only
Download (99kB)
[img] Text (LAMPIRAN)
41520110110-Dzumaratin Damar Sasongko-09 Lampiran - Dzumaratin Damar.pdf
Restricted to Registered users only
Download (686kB)

Abstract

Penelitian ini mengkaji kerentanan dan tingkat eksploitabilitas pada tiga platform digital utama, yaitu aplikasi web, aplikasi mobile berbasis Android, dan server, dengan pendekatan analisis lintas-platform berbasis data hasil penetration testing. Data penelitian mencakup 154 temuan kerentanan dari 10 organisasi di sektor perbankan, e-commerce, manufaktur, dan layanan keuangan di Indonesia pada periode Januari - Juni 2024. Analisis dilakukan dengan mengacu pada metodologi NIST SP 800-115, klasifikasi Common Weakness Enumeration (CWE), pemetaan risiko OWASP Top 10 dan Mobile Top 10, serta pengukuran tingkat keparahan menggunakan Common Vulnerability Scoring System (CVSS) versi 3.1. Hasil menunjukkan distribusi kerentanan relatif seimbang secara kuantitatif (Web: 33,8%; Mobile: 32,5%; Server: 33,8%), tetapi berbeda secara kualitatif: aplikasi web rentan pada kontrol akses dan komponen usang, aplikasi mobile pada penyimpanan data tidak aman dan validasi input yang lemah, sedangkan server menghadapi risiko sistemik dari konfigurasi buruk, kredensial tetap, serta komponen pihak ketiga yang tidak terpelihara. Meskipun sebagian besar kerentanan tergolong Medium dan Low (74%), lebih dari separuh terbukti mudah dieksploitasi dengan alat publik. Temuan ini menegaskan bahwa evaluasi keamanan perlu memperhatikan tidak hanya tingkat keparahan, tetapi juga exploitability nyata, sehingga rekomendasi mitigasi dapat lebih adaptif dan kontekstual lintas seluruh siklus hidup sistem digital. This study examines vulnerabilities and exploitability levels across three major digital platforms, namely web applications, Android applications, and servers, using a cross-platform analysis approach based on penetration testing results. The dataset comprises 154 validated findings collected from 10 organizations in the banking, e-commerce, manufacture, and financial services sectors in Indonesia between January and June 2024. The analysis applies the NIST SP 800-115 methodology, classifies weaknesses according to the Common Weakness Enumeration (CWE), maps risks to the OWASP Top 10 and Mobile Top 10, and evaluates severity using the Common Vulnerability Scoring System (CVSS) version 3.1. The results show that the quantitative distribution of vulnerabilities is relatively balanced (Web: 33.8%; Mobile: 32.5%; Server: 33.8%), but qualitatively distinct. Web applications are most exposed to access control flaws and outdated components, mobile applications to insecure data storage and weak input validation, while servers face systemic risks stemming from poor configurations, hardcoded credentials, and unmaintained third-party components. Although most vulnerabilities fall into the Medium and Low categories (74%), more than half were proven to be highly exploitable with publicly available tools. These findings highlight the need for security evaluations to consider not only severity levels but also real-world exploitability, thereby supporting the development of adaptive and contextual mitigation strategies across the entire digital system lifecycle.

Item Type: Thesis (S1)
NIM/NIDN Creators: 41520110110
Uncontrolled Keywords: Keamanan Siber, Penetration Testing, Aplikasi Web, Aplikasi Mobile, Server, CWE. Cybersecurity, Penetration Testing, Web Application, Mobile Application, Server, CWE.
Subjects: 000 Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 000. Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 004 Data Processing, Computer Science/Pemrosesan Data, Ilmu Komputer, Teknik Informatika
Divisions: Fakultas Ilmu Komputer > Informatika
Depositing User: Maulana Arif Hidayat
Date Deposited: 12 Sep 2025 01:32
Last Modified: 12 Sep 2025 01:32
URI: http://repository.mercubuana.ac.id/id/eprint/97711

Actions (login required)

View Item View Item
UMB Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.