Implementasi Metode Penetration Testing pada Layanan Keamanan Sistem Kartu Transaksi Elektronik Wahana Permainan

Authors

  • Farniwati Fattah Universitas Muslim Indonesia
  • Aulia Maharani Putri Univeritas Muslim Indonesia
  • Huzain Azis Universitas Muslim Indonesia https://orcid.org/0000-0002-3968-9891

DOI:

https://doi.org/10.62411/tc.v23i1.9488

Keywords:

Penetration Testing, Magnetic Stripe Card, Layanan Keamanan, Ancaman Keamanan,

Abstract

Penggunaan kartu magnetic stripe pada wahana permainan rentan terhadap akses yang tidak sah, seperti skimming, yang dapat merugikan pengelola dan penyedia wahana. Penetration testing merupakan metode yang dapat digunakan untuk mengidentifikasi dan eksploitasi kerentanan. Pada pengujian penetration testing terdapat tujuh fase yang digunakan yaitu pre-engagement, information gathering, threat modeling, vulnerability analysis, exploitation, post exploitation, dan reporting. Dalam Penelitian sebelumnya menunjukkan bahwa komunikasi antara magnetic stripe reader dan komputer utama dilakukan melalui koneksi kabel, yang menghasilkan layanan confidentiality dan availability. Namun, pada penelitian ini, pengimplementasian penetration testing menggunakan koneksi nirkabel menghasilkan temuan bahwa layanan keamanan yang tersedia adalah availability. Oleh karena itu, dapat disimpulkan bahwa komunikasi baik melalui koneksi kabel maupun nirkabel tidak terdapat layanan keamanan integrity. Rekomendasi bagi  penyedia layanan untuk meningkatkan kemanan kartu di lokasi tersebut dengan menerapkan enkripsi data.

References

Y. Salim and H. Azis, “Sistem Penanda Kepemilikan File Dokumen Menggunakan Metode Digital Watermark Pada File Penelitian Dosen Universitas Muslim Indonesia,” Ilk. J. Ilm., vol. 9, no. 2, pp. 161–166, Aug. 2017, doi: 10.33096/ilkom.v9i2.125.161-166.

R. Muzawi and N. Sahrun, “Aplikasi Kartu Magnetik Absensi Karyawan Menggunakan Personal Computer dan Bahasa Pemrograman,” JIKB.Jur.il.kom.bis, vol. 9, no. 2, pp. 2070–2076, Nov. 2018, doi: 10.47927/jikb.v9i2.137.

Yulianti, “Perlindungan Nasabah Bank dari Tindakan Kejahatan Skimming di Tinjau dari Undang Undang Nomor 21 Tahun 2011 tentang Otoritas Jasa Keuangan.,” Jurnal Hukum, vol. 3, no. 2, pp. 195–204, 2020, doi: 10.31328/wy.v3i2.1663.

G. Suprianto, “Penetration Testing Pada Sistem Informasi Jabatan Universitas Hayam Wuruk Perbanas,” InComTech, vol. 12, no. 2, pp. 129–138, Aug. 2022, doi: 10.22441/incomtech.v12i2.15093.

H. Azis and F. Fattah, “Analisis Layanan Keamanan Sistem Kartu Transaksi Elektronik Menggunakan Metode Penetration Testing,” Ilk. J. Ilm., vol. 11, no. 2, pp. 167–174, Aug. 2019, doi: 10.33096/ilkom.v11i2.447.167-174.

R. N. Dasmen, R. Rasmila, T. L. Widodo, K. Kundari, and M. T. Farizky, “Pengujian Penetrasi Pada Website elearning2.binadarma.ac.id dengan Metode PTES (Penetration Testing Execution Standard),” jicon, vol. 11, no. 1, pp. 91–95, Mar. 2023, doi: 10.35508/jicon.v11i1.9809.

Andi, Keamanan Sistem Informasi. Yogyakarta: IBISA, 2011.

B. Rahardjo, Keamanan Sistem Informasi Berbasis Internet. Bandung, 2002.

D. Darwis, A. Junaidi, and Wamiliana, “A New Approach of Steganography Using Center Sequential Technique,” J. Phys.: Conf. Ser., vol. 1338, no. 1, p. 012063, Oct. 2019, doi: 10.1088/1742-6596/1338/1/012063.

M. B. Yel and M. K. M. Nasution, “Keamanan Informasi Data Pribadi Pada Media Sosial,” JIK, vol. 6, no. 1, pp. 92–101, Jan. 2022, doi: 10.59697/jik.v6i1.144.

D. Satrinia, S. N. Yutia, and I. M. M. Matin, “Analisis Keamanan dan Kenyamanan pada Cloud Computing,” Journal of Informatics and Communications Technology (JICT), vol. 4, no. 1, 2022, doi: 10.52661.

G. Weidman, Penetration Testing a Hands-on Introduction to Hacking. USA: no strach press, 2014.

A. A. B. A. Wiradarma and G. M. A. Sasmita, “It Risk Management Based on ISO 31000 and OWASP Framework using OSINT at the Information Gathering Stage (Case Study: X Company),” IJCNIS, vol. 11, no. 12, pp. 17–29, Dec. 2019, doi: 10.5815/ijcnis.2019.12.03.

A. Shanley and M. Johnstone, “Selection of Penetration Testing Methodologies: A Comparison and Evaluation,” in 13th Australian Information Security Management Conference, Western Australia.: Security Research Institute (SRI), Edith Cowan University, 2015, pp. 65–72. doi: 10.4225/75/57B69C4ED938D.

Y. A. Pohan, “Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar,” JSisfotek, pp. 1–6, Mar. 2021, doi: 10.37034/jsisfotek.v3i1.36.

Y. Mulyanto, H. Herfandi, and R. Candra Kirana, “Analisis Keamanan Wireless Local Area Network (WLAN) Terhadap Serangan Brute Force dengan Metode Penetration Testing (Studi Kasus:Rs H.Lmanambai Abdulkadir),” JINTEKS, vol. 4, no. 1, pp. 26–35, Feb. 2022, doi: 10.51401/jinteks.v4i1.1528.

B. Parga Zen, Satria Galang Saputra, and Abdurahman, “Analisis Keamanan Jaringan Wireless Menggunakan Metode Penetration Testing Execution Standard (PTES),” JSIG, vol. 1, no. 2, pp. 43–51, Jul. 2023, doi: 10.25157/jsig.v1i2.3152.

R. Umar, I. Riadi, and M. I. A. Elfatiha, “Analisis Keamanan Sistem Informasi Akademik Berbasis Web Menggunakan Framework ISSAF,” Jurnal Ilmiah Teknik Informatika dan Sistem Informasi, vol. 12, no. 1, pp. 280–292, Apr. 2023.

F. Fachri, “Optimasi Keamanan Web Server terhadap Serangan Brute-Force Menggunakan Penetration Testing,” JTIIK, vol. 10, no. 1, pp. 51–58, Feb. 2023, doi: 10.25126/jtiik.20231015872.

Y. Mulyanto and A. A. Fari, “Analisis Keamanan Login Router Mikrotik dari Serangan Bruteforce Menggunakan Metode Penetration Testing,” JINTEKS (Jurnal Informatika Teknologi dan Sains), vol. 4, no. 3, pp. 145–155, Agustus 2022.

Downloads

Published

2024-06-21

Issue

Vol. 23 No. 1 (2024): Februari 2024

Section

Articles

License

 

License Terms

All articles published in Techno.COM Journal are licensed under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0). This means:

1. Attribution

Readers and users are free to:

  • Share – Copy and redistribute the material in any medium or format.

  • Adapt – Remix, transform, and build upon the material.

As long as proper credit is given to the original work by citing the author(s) and the journal.

2. Non-Commercial Use

  • The material cannot be used for commercial purposes.

  • Commercial use includes selling the content, using it in commercial advertising, or integrating it into products/services for profit.

3. Rights of Authors

  • Authors retain copyright and grant Techno.COM Journal the right to publish the article.

  • Authors can distribute their work (e.g., in institutional repositories or personal websites) with proper acknowledgment of the journal.

4. No Additional Restrictions

  • The journal cannot apply legal terms or technological measures that restrict others from using the material in ways allowed by the license.

5. Disclaimer

  • The journal is not responsible for how the published content is used by third parties.

  • The opinions expressed in the articles are solely those of the authors.

For more details, visit the Creative Commons License Page:
? https://creativecommons.org/licenses/by-nc/4.0/

 

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.