ROZAK, YUSUF ABDUL (2025) ANALISIS RISIKO KEAMANAN WEBSITE SIMULASI BERBASIS DVWA MENGGUNAKAN PENETRATION TESTING DAN EVALUASI CVSS V4.0 (STUDI KASUS INSTANSI DAERAH XYZ). S1 thesis, Universitas Mercu Buana Jakarta.
|
Text (HAL COVER)
01 COVER.pdf Download (545kB) | Preview |
|
![[img]](https://repository.mercubuana.ac.id/style/images/fileicons/text.png) |
Text (BAB I)
02 BAB 1.pdf Restricted to Registered users only Download (81kB) |
|
|
Text (BAB II)
03 BAB 2.pdf Restricted to Registered users only Download (175kB) |
|
|
Text (BAB III)
04 BAB 3.pdf Restricted to Registered users only Download (160kB) |
|
|
Text (BAB IV)
05 BAB 4.pdf Restricted to Registered users only Download (378kB) |
|
|
Text (BAB V)
06 BAB 5.pdf Restricted to Registered users only Download (30kB) |
|
|
Text (DAFTAR PUSTAKA)
07 DAFTAR PUSTAKA.pdf Restricted to Registered users only Download (95kB) |
|
|
Text (LAMPIRAN)
08 LAMPIRAN.pdf Restricted to Registered users only Download (663kB) |
Abstract
The implementation of digitization of an agency, especially local government, has brought the development of web applications as the main platform for public services. However, the increase has not been fully optimal in strengthening the security system. Based on the BSNN Institute report in 2024, it was noted that the government sector is vulnerable to cyber attacks through security holes in web applications. This research aims to analyze the security risks in the Damn Vulnerable Web App (DVWA) based simulation website. This research uses penetration testing method with Black-Box approach, to identify and exploit weaknesses such as SQL Injection, Cross Site Scripting, Command Injection and File Upload. Each exploit result is evaluated and fixed by modifying the source code. The risk level evaluation uses the CVSS version 4.0 standard. The results show that the vulnerabilities can be exploited, with CVSS scores ranging from 6.1 (moderate level) to 9.1 (critical level). All exploitation and evaluation processes will be neatly documented to provide a concrete picture of potential threats and workable technical solutions. This research contributes through a complete case study, covering exploitation, technical countermeasures, and simulation-based risk evaluation of local information systems. Kata kunci: Web Security, Penetration Testing, DVWA, CVSS v4.0, SQL Injection, XSS, Command Injection, File Upload Penerapan digitalisasi suatu instansi khususnya pemerintahan daerah telah membawa perkembangan aplikasi web sebagai platform utama dalam pelayanan publik. namun, peningkatan belum sepenuhnya optimal dalam penguatan system keamanan. Berdasarkan laporan Lembaga BSNN tahun 2024 mencatat bahwa sektor pemerintahan rentan dengan serangan siber melalui celah keamanan dalam aplikasi web. Penelitian ini bertujuan untuk analisis risiko keamanan dalam website simulasi berbasis Damn Vulnerable Web App (DVWA). Penelitian ini menggunakan metode penetration testing dengan pendekatan BlackBox, untuk mengidentifikasi dan mengeksploitasi kelemahan seperti SQL Injection, Cross Site Scripting, Command Injection dan File Upload. Setiap hasil eksploitasi dievaluasi dan diperbaiki dengan cara modifikasi pada kode sumber. Evaluasi tingkat risikonya menggunakan standar CVSS versi 4.0. Hasil penelitian menunjukkan bahwa kerentanan bisa dimanfaatkan, dengan skor CVSS mulai dari 6.1 (tingkat sedang) hingga 9.1 (tingkat kritis). Semua proses eksploitasi dan evaluasi akan didokumentasikan dengan rapi untuk memberikan gambaran konkret tentang potensi ancaman dan solusi teknis yang bisa diterapkan. Penelitian ini memberikan kontribusi melalui studi kasus yang lengkap, mencakup eksploitasi, penanganan teknis, dan evaluasi risiko berdasarkan simulasi terhadap sistem informasi daerah. Kata kunci: Keamanan Web, Penetration Testing, DVWA, CVSS v4.0, SQL Injection, XSS, Command Injection, File Upload
Actions (login required)
 |
View Item |
