Rancang Bangun Aplikasi Deteksi Kerentanan Pada Situs Web Berbasis Laravel Menggunakan Pendekatan Dynamic Application Security Testing Dengan Metode Black Box

Pranata, Tunas Abdi (2026) Rancang Bangun Aplikasi Deteksi Kerentanan Pada Situs Web Berbasis Laravel Menggunakan Pendekatan Dynamic Application Security Testing Dengan Metode Black Box. Other thesis, Institut Teknologi Sepuluh Nopember.

[thumbnail of 5025221043-Undergraduate_Thesis.pdf] Text
5025221043-Undergraduate_Thesis.pdf - Accepted Version
Restricted to Repository staff only
Download (7MB) | Request a copy

Abstract

Laravel merupakan salah satu framework PHP yang banyak digunakan dalam pengembangan situs web modern karena menyediakan arsitektur Model-View-Controller, ekosistem yang luas, serta berbagai fitur keamanan bawaan. Namun, penerapan Laravel pada environment production tetap berpotensi menimbulkan celah keamanan apabila pengembang melakukan kesalahan konfigurasi. Kondisi tersebut menunjukkan perlunya mekanisme pengujian keamanan otomatis yang dapat dijalankan tanpa memerlukan akses terhadap kode sumber situs web. Penelitian ini merancang dan membangun aplikasi deteksi kerentanan bernama LVscanner yang ditujukan untuk situs web berbasis Laravel. Aplikasi dikembangkan menggunakan pendekatan Dynamic Application Security Testing (DAST) dengan metode black box. LVscanner mengimplementasikan modul deteksi Laravel, modul pemindaian kerentanan, mekanisme concurrent scanning, serta modul pelaporan otomatis dalam format PDF. Jenis kerentanan yang dideteksi meliputi Environment Exposure, Log File Exposure, Git Exposure, PHPInfo Exposure, Administrator Register Enabled, Debug Mode Enabled, Cross-site Scripting, SQL Injection, serta beberapa CVE yang relevan dengan Laravel. Hasil pengujian terhadap situs web target menunjukkan bahwa dari 51 target yang dapat diakses, 25 situs web teridentifikasi menggunakan framework Laravel. Pada target tersebut, LVscanner menemukan 17 temuan Debug Mode Enabled, 1 temuan Administrator Register Enabled, dan 1 temuan Cross-site Scripting. Dari sisi kinerja, penggunaan 20 thread menghasilkan waktu pemindaian terbaik, yaitu 13 menit 19 detik untuk 51 target. Berdasarkan hasil tersebut, LVscanner dapat digunakan sebagai alat bantu awal untuk mengidentifikasi kerentanan pada situs web Laravel secara otomatis.
================================================================================================================================
Laravel is one of the PHP frameworks widely used in modern website development because it provides a Model-View-Controller architecture, a broad ecosystem, and various built-in security features. However, the implementation of Laravel in a production environment may still introduce security vulnerabilities if developers make configuration errors. This condition indicates the need for an automated security testing mechanism that can be executed without requiring access to the website source code. This final project designs and develops a vulnerability detection application named LVscanner, which is intended for Laravel-based websites. The application is developed using a Dynamic Application Security Testing (DAST) approach with the black box method. LVscanner implements a Laravel detection module, vulnerability scanning modules, a concurrent scanning mechanism, and an automated reporting module in PDF format. The types of vulnerabilities detected include Environment Exposure, Log File Exposure, Git Exposure, PHPInfo Exposure, Administrator Register Enabled, Debug Mode Enabled, Cross-site Scripting, SQL Injection, and several CVEs relevant to Laravel. The testing results on target websites show that, out of 51 accessible targets, 25 websites were identified as using the Laravel framework. On these targets, LVscanner found 17 Debug Mode Enabled findings, 1 Administrator Register Enabled finding, and 1 Cross-site Scripting finding. In terms of performance, the use of 20 threads produced the best scanning time, which was 13 minutes and 19 seconds for 51 targets. Based on these results, LVscanner can be used as an initial tool to automatically identify vulnerabilities in Laravel-based websites.

Item Type: Thesis (Other)
Uncontrolled Keywords: Black Box, CVE, DAST, Laravel, Penetration Testing, Security Misconfiguration, Vulnerability, Kerentanan.
Subjects: Q Science > QA Mathematics > QA76 Computer software
Q Science > QA Mathematics > QA76.758 Software engineering
Divisions: Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55201-(S1) Undergraduate Thesis
Depositing User: Tunas Abdi Pranata
Date Deposited: 15 Jun 2026 05:48
Last Modified: 15 Jun 2026 05:48
URI: http://repository.its.ac.id/id/eprint/133773

Actions (login required)

View Item View Item