Laporan Kerja Praktek 24 Februari-24 Agustus 2025 di Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) ITS

Pranata, Tunas Abdi (2025) Laporan Kerja Praktek 24 Februari-24 Agustus 2025 di Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) ITS. Project Report. [s.n.], [s.l.]. (Unpublished)

Text 5025221043-Project_Report.pdf - Accepted Version Restricted to Repository staff only Download (1MB) | Request a copy

Abstract

DPTSI ITS sebagai penyedia layanan teknologi informasi memiliki peran penting dalam mendukung aktivitas akademik, administrasi, dan layanan digital di lingkungan Institut Teknologi Sepuluh Nopember. Seiring meningkatnya ketergantungan terhadap sistem informasi, aspek keamanan menjadi hal yang sangat krusial untuk memastikan kerahasiaan, integritas, dan ketersediaan data. Kerja praktik ini berfokus pada implementasi dan evaluasi uji keamanan sistem informasi dengan pendekatan penetration testing. Metodologi pengujian mengacu pada kerangka kerja OWASP Top 10 dan penilaian risiko menggunakan CVSS v3. Proses pengujian dilakukan melalui tahapan information gathering, vulnerability assessment, exploitation, hingga penyusunan laporan. Hasil implementasi menunjukkan adanya beberapa kerentanan pada sistem, di antaranya Insecure Direct Object References (IDOR), Broken Access Control (BAC), No Rate Limiting pada mekanisme Forgot Password, SQL Injection, serta Price Manipulation. Kerentanan-kerentanan tersebut memiliki tingkat risiko sedang hingga tinggi dan berpotensi dimanfaatkan untuk akses tidak sah maupun manipulasi data. Berdasarkan evaluasi, diperlukan penerapan kontrol keamanan yang lebih ketat, seperti role-based access control (RBAC), rate limiting, validasi input dan output, serta penerapan indirect reference untuk objek sensitif. Implementasi rekomendasi ini diharapkan dapat meningkatkan keamanan sistem informasi di DPTSI ITS.
======================================================================================================================================
DPTSI ITS, as the provider of information technology services, plays a crucial role in supporting academic, administrative, and digital services within Institut Teknologi Sepuluh Nopember. With the increasing reliance on information systems, security has become a critical aspect to ensure the confidentiality, integrity, and availability of data. This internship focuses on the implementation and evaluation of information system security testing through a penetration testing approach. The testing methodology refers to the OWASP Top 10 framework and risk assessment is carried out using CVSS v3. The testing process consists of several stages, including information gathering, vulnerability assessment, exploitation, and report preparation. The results of the implementation revealed several vulnerabilities in the system, including Insecure Direct Object References (IDOR), Broken Access Control (BAC), lack of rate limiting in the Forgot Password mechanism, SQL Injection, and Price Manipulation. These vulnerabilities range from medium to high risk levels and could potentially be exploited for unauthorized access or data manipulation. Based on the evaluation, stricter security controls are required, such as role-based access control (RBAC), rate limiting, input and output validation, and the implementation of indirect references for sensitive objects. The application of these recommendations is expected to enhance the overall security of information systems at DPTSI ITS.

Item Type:	Monograph (Project Report)
Uncontrolled Keywords:	Penetration Testing, Sistem Informasi, Keamanan Aplikasi Web, OWASP Top 10, CVSS v3, Information Systems, Web Application Security
Subjects:	T Technology > T Technology (General) T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing
Divisions:	Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55201-(S1) Undergraduate Thesis
Depositing User:	Tunas Abdi Pranata
Date Deposited:	23 Sep 2025 08:12
Last Modified:	23 Sep 2025 08:12
URI:	http://repository.its.ac.id/id/eprint/128380

Actions (login required)

View Item