ANALISIS KERENTANAN WEBSITE XYZ REPOSITORY MANAGEMENT PROJECT

Abstract

The XYZ Repository Management Project website is a platform used to manage, develop, and collaborate on the digital work of informatics students. The security of this website is very important to maintain the confidentiality and integrity of data. This study aims to analyze the vulnerability of the XYZ Repository Management Project website. This study uses the Penetration Testing and Vulnerability Scanning methods to identify and evaluate various vulnerabilities on the XYZ Repository Management Project website. The research methodology involves several stages, namely information collection, penetration testing based on NIST (National Institute of Standards and Technology) standards which include several stages, namely planning, discovery, attack and reporting. The tools used in this test include open-source software such as OWASP ZAP, Burp Suite, and Nmap. The results of the study indicate that there are several vulnerabilities on the XYZ Repository Management Project website. These vulnerabilities include the disclosure of info.php file configuration information, IDOR URL Manipulation that displays user email information and indicates that there is a significant gap in the security protection of the website. The implications of these findings will be further analyzed to provide appropriate mitigation recommendations. This research is expected to contribute to improving the security of the XYZ Repository Management Project website and provide insight for developers and system administrators in managing and improving their systems. The results of this study also emphasize the importance of implementing periodic security testing to identify and address vulnerabilities that may arise along with the development of new technologies and attack methods.