ANALISIS RISIKO KEAMANAN WEBSITE SIMULASI BERBASIS DVWA MENGGUNAKAN PENETRATION TESTING DAN EVALUASI CVSS V4.0 (STUDI KASUS INSTANSI DAERAH XYZ)

ROZAK, YUSUF ABDUL (2025) ANALISIS RISIKO KEAMANAN WEBSITE SIMULASI BERBASIS DVWA MENGGUNAKAN PENETRATION TESTING DAN EVALUASI CVSS V4.0 (STUDI KASUS INSTANSI DAERAH XYZ). S1 thesis, Universitas Mercu Buana Jakarta.

[img]
Preview
Text (HAL COVER)
01 COVER.pdf

Download (545kB) | Preview
[img] Text (BAB I)
02 BAB 1.pdf
Restricted to Registered users only

Download (81kB)
[img] Text (BAB II)
03 BAB 2.pdf
Restricted to Registered users only

Download (175kB)
[img] Text (BAB III)
04 BAB 3.pdf
Restricted to Registered users only

Download (160kB)
[img] Text (BAB IV)
05 BAB 4.pdf
Restricted to Registered users only

Download (378kB)
[img] Text (BAB V)
06 BAB 5.pdf
Restricted to Registered users only

Download (30kB)
[img] Text (DAFTAR PUSTAKA)
07 DAFTAR PUSTAKA.pdf
Restricted to Registered users only

Download (95kB)
[img] Text (LAMPIRAN)
08 LAMPIRAN.pdf
Restricted to Registered users only

Download (663kB)

Abstract

The implementation of digitization of an agency, especially local government, has brought the development of web applications as the main platform for public services. However, the increase has not been fully optimal in strengthening the security system. Based on the BSNN Institute report in 2024, it was noted that the government sector is vulnerable to cyber attacks through security holes in web applications. This research aims to analyze the security risks in the Damn Vulnerable Web App (DVWA) based simulation website. This research uses penetration testing method with Black-Box approach, to identify and exploit weaknesses such as SQL Injection, Cross Site Scripting, Command Injection and File Upload. Each exploit result is evaluated and fixed by modifying the source code. The risk level evaluation uses the CVSS version 4.0 standard. The results show that the vulnerabilities can be exploited, with CVSS scores ranging from 6.1 (moderate level) to 9.1 (critical level). All exploitation and evaluation processes will be neatly documented to provide a concrete picture of potential threats and workable technical solutions. This research contributes through a complete case study, covering exploitation, technical countermeasures, and simulation-based risk evaluation of local information systems. Kata kunci: Web Security, Penetration Testing, DVWA, CVSS v4.0, SQL Injection, XSS, Command Injection, File Upload Penerapan digitalisasi suatu instansi khususnya pemerintahan daerah telah membawa perkembangan aplikasi web sebagai platform utama dalam pelayanan publik. namun, peningkatan belum sepenuhnya optimal dalam penguatan system keamanan. Berdasarkan laporan Lembaga BSNN tahun 2024 mencatat bahwa sektor pemerintahan rentan dengan serangan siber melalui celah keamanan dalam aplikasi web. Penelitian ini bertujuan untuk analisis risiko keamanan dalam website simulasi berbasis Damn Vulnerable Web App (DVWA). Penelitian ini menggunakan metode penetration testing dengan pendekatan BlackBox, untuk mengidentifikasi dan mengeksploitasi kelemahan seperti SQL Injection, Cross Site Scripting, Command Injection dan File Upload. Setiap hasil eksploitasi dievaluasi dan diperbaiki dengan cara modifikasi pada kode sumber. Evaluasi tingkat risikonya menggunakan standar CVSS versi 4.0. Hasil penelitian menunjukkan bahwa kerentanan bisa dimanfaatkan, dengan skor CVSS mulai dari 6.1 (tingkat sedang) hingga 9.1 (tingkat kritis). Semua proses eksploitasi dan evaluasi akan didokumentasikan dengan rapi untuk memberikan gambaran konkret tentang potensi ancaman dan solusi teknis yang bisa diterapkan. Penelitian ini memberikan kontribusi melalui studi kasus yang lengkap, mencakup eksploitasi, penanganan teknis, dan evaluasi risiko berdasarkan simulasi terhadap sistem informasi daerah. Kata kunci: Keamanan Web, Penetration Testing, DVWA, CVSS v4.0, SQL Injection, XSS, Command Injection, File Upload

Item Type: Thesis (S1)
Call Number CD: FIK/INFO. 25 176
NIM/NIDN Creators: 41520010161
Uncontrolled Keywords: Keamanan Web, Penetration Testing, DVWA, CVSS v4.0, SQL Injection, XSS, Command Injection, File Upload
Subjects: 000 Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 000. Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 004 Data Processing, Computer Science/Pemrosesan Data, Ilmu Komputer, Teknik Informatika
000 Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 000. Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 004 Data Processing, Computer Science/Pemrosesan Data, Ilmu Komputer, Teknik Informatika > 004.6 Interfacing and Communications/Tampilan Antar Muka (Interface) dan Jaringan Komunikasi Komputer > 004.68 Local Area Network (LAN)/Local Area Network
000 Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 000. Computer Science, Information and General Works/Ilmu Komputer, Informasi, dan Karya Umum > 006 Special Computer Methods/Metode Komputer Tertentu > 006.7 Multimedia Systems/Sistem-sistem Multimedia > 006.75 Social Multimedia/Multimedia Social > 006.752 Blogs/Blog, Web Blog
Divisions: Fakultas Ilmu Komputer > Informatika
Depositing User: khalimah
Date Deposited: 19 Sep 2025 08:30
Last Modified: 19 Sep 2025 08:30
URI: http://repository.mercubuana.ac.id/id/eprint/98158

Actions (login required)

View Item View Item