期刊名称:International Journal of Computer Network and Information Security
印刷版ISSN:2074-9090
电子版ISSN:2231-4946
出版年度:2019
卷号:11
期号:7
页码:8-12
DOI:10.5815/ijcnis.2019.07.02
出版社:MECS Publisher
摘要:The application of technology in various fields makes mobility even higher, one of them is by making a website for exchange and manage information. However, with information disclosure causing security and protection issues to be considered. One of the website security techniques can be done by using the penetration testing method to know the vulnerability of the system. This study will implement tools with the Open Source Intelligence concept, namely Maltego as a medium for conducting security testing and using the OWASP version 4 framework as a standardization of steps taken when security test goes on. This study will focus on information gathering security testing of important factor of the X Company's website. The results of testing and analysis with the OWASP version 4 framework with the Testing for Information Gathering module show that the web application system used by X Company has information vulnerability of the used web server version, GET and POST requests, URL systematics, website framework, website builder component, and the outline of the website architecture. The researcher gave several recommendations related to the vulnerability of the website which later can be used by X Company website administrators to improve website security and protection.
