EVALUASI KEAMANAN SISTEM INFORMASI KEUANGAN SEKOLAH PAUD BERBASIS LARAVEL FILAMENT 3 MENGGUNAKAN PENETRATION TESTING

Dawam Agung Pribadi; Wiwin  Winarti

doi:10.23960/jitet.v14i1.8284

Authors

Dawam Agung Pribadi Universitas Pamulang
Wiwin Winarti Universitas Pamulang

DOI:

https://doi.org/10.23960/jitet.v14i1.8284

Abstract Views: 56 File Views: 27

Keywords:

Laravel, Filament 3, Penetration Testing, OWASP Top 10, Keamanan Aplikasi Web

Abstract

In the context of educational digitalization, data security becomes a critical factor, particularly in protecting sensitive information such as financial transactions and user data. Therefore, it is essential to conduct an in-depth evaluation of application security aspects. This study aims to assess the system’s security level through the implementation of penetration testing based on the OWASP Top 10 standard. The testing was carried out using OWASP Zed Attack Proxy (ZAP) version 2.16.1 with a black-box testing approach. The results revealed several medium-level vulnerabilities, including Cookie Without Secure Flag, Content Security Policy (CSP) Header Not Set, and Missing Anti-clickjacking Header. This research provides mitigation recommendations to enhance application security, such as reconfiguring security headers, implementing Secure and HttpOnly flags, and applying a Content Security Policy (CSP).

Downloads

Download data is not yet available.

References

Abdullah and M. Koprawi, “Analisis Keamanan Website Pada Instansi XYZ Melalui Penetration Testing,” vol. 5, no. 1, pp. 547–555, 2025.

R. A. Putra et al., “IMPLEMENTASI SISTEM PELAPORAN DIGITAL DI BSIP,” vol. 13, no. 2, pp. 871–877, 2025.

Y. F. Baihaqi, T. Sumarni, F. Rusghana, M. Andrie, U. T. Digital, and U. T. Digital, “PERANCANGAN APLIKASI MOBILE KEUANGAN,” vol. 13, no. 3.

A. Fajarino, Y. N. Kunang, H. M. Yudha, E. S. Negara, and N. Rosa, “Evaluasi dan Peningkatan Keamanan Pada Sistem Informasi Akademik Universitas XYZ Palembang,” vol. 7, no. September, pp. 991–1005, 2023.

S. L. Mulyana, “IMPLEMENTASI CYBER SECURITY DALAM SISTEM TRANSAKSI KEUANGAN DIGITAL Aiva,” vol. 2, no. 4, pp. 276–289, 2025.

A. Z. Ifani, N. F. Aspar, A. Dani, and S. Muhammad, “Pengujian Keamanan Sistem Informasi Data Kependudukan Menggunakan Metode Pentetration Testing,” vol. 09, no. 02, pp. 73–78, 2024.

D. F. Priambodo et al., “XYZ Web Penetration Testing Based on OWASP Risk Rating,” vol. 12, no. 1, pp. 33–46, 2023, doi: 10.34148/teknika.v12i1.571.

A. Fatihah and P. Dinarto, “Analisis Keamanan Aplikasi Website Menggunakan Metode Penetration Testing Berdasarkan Framework ISSAF Pada Perusahaan Daerah XYZ,” vol. 4, pp. 4536–4549, 2024.

S. Nurul, S. Anggrainy, and S. Aprelyani, “FAKTOR-FAKTOR YANG MEMPENGARUHI KEAMANAN SISTEM INFORMASI : KEAMANAN INFORMASI , TEKNOLOGI INFORMASI DAN NETWORK ( LITERATURE REVIEW SIM ),” vol. 3, no. 5, pp. 564–573, 2022.

I. G. Handika and A. Purbasari, “Pemanfaatan Framework Laravel Dalam Pembangunan Aplikasi E-Travel Berbasis Website,” pp. 8–9, 2018.

F. Sinlae, E. Irwanda, Z. Maulana, and V. E. Syahputra, “Penggunaan Framework Laravel dalam Membangun Aplikasi Website Berbasis PHP,” vol. 2, no. 2, pp. 119–132, 2024.

A. I. Rafeli, H. B. Seta, and I. W. Widi, “Pengujian Celah Keamanan Menggunakan Metode OWASP Web Security Testing Guide ( WSTG ) pada Website XYZ,” vol. 4221, pp. 97–103, 2022.

S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project ( OWASP ),” pp. 77–86, 2021.

F. Yudha, A. Muhammad, and P. Muryadi, “PERANCANGAN APLIKASI PENGUJIAN CELAH KEAMANAN PADA APLIKASI BERBASIS WEB,” vol. 1, no. 1, pp. 1–6, 2018.

OWASP Foundation. (2021). OWASP Top 10 – The Ten Most Critical Web Application Security Risks (2021 Edition). https://owasp.org/Top10/2021/