Vulnerability Testing and Analysis on Websites and Web-Based Applications in the XYZ Faculty Environment Using Acunetix Vulnerability
The internet's continuous evolution has profoundly impacted society through the advancement of website technology and applications, reshaping contemporary ways of life. These digital platforms offer unrestricted information access, overcoming spatial and temporal limitations. In the re...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Andalas University
2024-12-01
|
| Series: | JITCE (Journal of Information Technology and Computer Engineering) |
| Subjects: | |
| Online Access: | http://10.250.30.20/index.php/JITCE/article/view/222 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The internet's continuous evolution has profoundly impacted society through the advancement of website technology and applications, reshaping contemporary ways of life. These digital platforms offer unrestricted information access, overcoming spatial and temporal limitations. In the realm of software development, Vulnerability Assessment is essential for producing high-quality products, as seemingly minor errors can create dangerous vulnerabilities that malicious actors may exploit to pilfer information from websites or applications. This study examines the security level of the Integrated website and application within the Faculty of Medicine, Universitas Andalas (Fakultas XYZ) environment, utilizing the Acunetix Web Vulnerability Scanner tool. The initial scan revealed a threat level of 3 (high) for the Fakultas XYZ website and level 2 (medium) for the Integrated application. Following a recapitulation process, several web alerts were identified for optimization, including Cross-Site Scripting (XSS), Blind SQL Injection, Application error message, HTML form without CSRF protection, Development configuration file, Directory listing, Error message on page, and User credentials sent in clear text. The optimization process involved source code review and enhancement to improve website features. A subsequent scan post-optimization demonstrated a reduction in threat levels for both the website and the UNAND FK Symphony application, with both achieving threat level 1 (low).
|
|---|---|
| ISSN: | 2599-1663 |