Pengujian Keamanan Website XYZ Menggunakan Metode Vulnerability Assessment & Penetration Testing

Authors

  • Ian Vemas Silalahi Politeknik Negeri Bengkalis, Riau, Indonesia
  • Kasmawi Kasmawi Politeknik Negeri Bengkalis, Riau, Indonesia

DOI:

https://doi.org/10.62411/tc.v24i3.13724

Abstract

Keamanan website khususnya pada bidang e-commerce menjadi aspek yang perlu diperhatikan dalam menerapkan Cloudflare dan Strict-Transport-Security Header untuk menjaga ketersediaan data guna meningkatkan kepercayaan customer ataupun supplier. Penelitian ini bertujuan untuk menguji keamanan website XYZ dengan menggunakan metode Vulnerability Assessment Penetration Testing (VAPT). Penerapan metode VAPT memiliki 4 tahapan yang dimulai dari information gathering, vulnerability scanning, penetration testing, dan report and result. Metode pengujian yang digunakan dengan teknik Disributed Denial of Service (DDoS), Clickjacking dan Cross Site Request Forgery (CSRF). Hasil penelitian menunjukkan bahwa website tidak aman dari serangan DDoS yang ditemukan pada port 80 berdasarkan hasil scanning port yang terbuka menggunakan nmap, dan dengan teknik CSRF pada elemen login yang tidak menggunakan anti-token CSRF. Untuk menghindari serangan DDoS dan CSRF maka pencegahannya adalah menggunakan Cloudflare, framework Laravel, konfigurasi X-Frame-Option-Header, menerapkan Content Security Policy (CSP) dan HTTP Strict-Transport-Security (HSTS).   Kata kunci - Keamanan Website, VAPT, DDoS Attack, Clickjacking, CSRF Attack

Downloads

Published

2025-08-18

Issue

Vol. 24 No. 3 (2025): Agustus 2025

Section

Articles

License

Copyright (c) 2025 Ian Vemas Silalahi, Kasmawi Kasmawi

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

 

License Terms

All articles published in Techno.COM Journal are licensed under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0). This means:

1. Attribution

Readers and users are free to:

  • Share – Copy and redistribute the material in any medium or format.

  • Adapt – Remix, transform, and build upon the material.

As long as proper credit is given to the original work by citing the author(s) and the journal.

2. Non-Commercial Use

  • The material cannot be used for commercial purposes.

  • Commercial use includes selling the content, using it in commercial advertising, or integrating it into products/services for profit.

3. Rights of Authors

  • Authors retain copyright and grant Techno.COM Journal the right to publish the article.

  • Authors can distribute their work (e.g., in institutional repositories or personal websites) with proper acknowledgment of the journal.

4. No Additional Restrictions

  • The journal cannot apply legal terms or technological measures that restrict others from using the material in ways allowed by the license.

5. Disclaimer

  • The journal is not responsible for how the published content is used by third parties.

  • The opinions expressed in the articles are solely those of the authors.

For more details, visit the Creative Commons License Page:
? https://creativecommons.org/licenses/by-nc/4.0/

 

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.