ANALISIS KERENTANAN DAN PENGUJIAN KEAMANAN PADA WEBSITE PROFIL SMKN 1 JAKARTA MENGGUNAKAN STANDAR NIST SP 800-115

KHANSA SYAFIQ ABRARY, . (2025) ANALISIS KERENTANAN DAN PENGUJIAN KEAMANAN PADA WEBSITE PROFIL SMKN 1 JAKARTA MENGGUNAKAN STANDAR NIST SP 800-115. Sarjana thesis, UNIVERSITAS NEGERI JAKARTA.

	Text COVER.pdf Download (1MB)
	Text BAB 1.pdf Download (439kB)
	Text BAB 2.pdf Restricted to Registered users only Download (805kB) | Request a copy
	Text BAB 3.pdf Restricted to Registered users only Download (609kB) | Request a copy
	Text BAB 4.pdf Restricted to Registered users only Download (1MB) | Request a copy
	Text BAB 5.pdf Restricted to Registered users only Download (272kB) | Request a copy
	Text Daftar Pustaka.pdf Download (273kB)
	Text Lampiran.pdf Restricted to Registered users only Download (1MB) | Request a copy

Abstract

Perkembangan teknologi informasi dan komunikasi yang pesat telah menjadikan website sebagai media utama dalam distribusi informasi, termasuk dalam sektor pendidikan. Namun, tingginya tingkat pemanfaatan website publik tidak diimbangi dengan kesadaran keamanan yang memadai, sehingga meningkatkan potensi serangan siber. Fenomena serangan siber menimbulkan risiko kebocoran data pribadi dan pelanggaran terhadap Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi (UU PDP). Penelitian ini bertujuan untuk mengidentifikasi dan mendokumentasikan kerentanan pada website xxx.jkt.xxx.id melalui pendekatan black box-testing berbasis standar NIST SP 800-115. Metodologi yang digunakan terdiri dari empat tahap utama yaitu planning, discovery, attack, dan reporting. Parameter evaluasi dalam penelitian ini meliputi identifikasi risiko menggunakan tools seperti OWASP ZAP, Nmap, validasi eksploitasi, dan analisis terhadap tingkat risiko berdasarkan kategori OWASP Top 10. 2021 Hasil pengujian menunjukkan terdapat 24 temuan celah keamanan, dengan lima di antaranya divalidasi sebagai kerentanan aktif berisiko sedang hingga tinggi. Beberapa di antaranya adalah ketiadaan Content-Security-Policy, Cross-Domain Misconfiguration, dan Missing Anti-clickjacking Header, yang memungkinkan terjadinya serangan seperti XSS dan clickjacking. Empat dari lima confidence yang diuji terbukti valid dalam pengujian adalah content security policy, cross-domain misconfiguration, HTTP to HTTPS Insecure Transition in Form Post , dan missing anti-clickjacking header . Dari hasil pengujian dapat disimpulkan bahwa website SMKN 1 Jakarta masih memiliki banyak celah keamanan yang belum terdokumentasi dan tervalidasi secara sistematis. ***** The rapid development of information and communication technology has made websites the primary medium for information dissemination, including in the education sector. However, the high level of public website utilization is not accompanied by adequate security awareness, thereby increasing the potential for cyberattacks. These attacks pose risks of personal data leakage and violations of Law No. 27 of 2022 on Personal Data Protection (PDP Law). This study aims to identify and document vulnerabilities on the website xxx.jkt.xxx.id using a black-box testing approach based on the NIST SP 800-115 standard. The methodology consists of four main stages: planning, discovery, attack, and reporting. Evaluation parameters include risk identification using tools such as OWASP ZAP and Nmap, exploitation validation, and risk level analysis based on the OWASP Top 10 (2021). The results reveal 24 security vulnerabilities, five of which are validated as active threats with medium to high risk levels. Some of these include the absence of a Content-Security-Policy, Cross-Domain Misconfiguration, and Missing Anti-Clickjacking Header, which enable attacks such as XSS and clickjacking. Four out of five confidences that were tested and confirmed as valid include Content Security Policy, Cross-Domain Misconfiguration, HTTP to HTTPS Insecure Transition in Form Post, and Missing Anti-Clickjacking Header. Based on these findings, it can be concluded that the SMKN 1 Jakarta website still contains numerous undocumented and unvalidated security gaps, highlighting the need for systematic security evaluation.

Item Type:	Thesis (Sarjana)
Additional Information:	1). Muhammad Ficky Duskarnaen, M.Sc. ; 2). Ali Idrus, S.Kom., M.Kom.
Subjects:	Teknologi dan Ilmu Terapan > Teknik Komputer
Divisions:	FT > S1 Pendidikan Teknik Informatika Komputer
Depositing User:	Users 28149 not found.
Date Deposited:	04 Aug 2025 03:50
Last Modified:	04 Aug 2025 03:50
URI:	http://repository.unj.ac.id/id/eprint/57514

Actions (login required)

View Item