Hasil Pencarian  ::  Simpan CSV :: Kembali

"The basics of web hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities.The basics of web hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user.With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. "

"How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps . The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there."

"Penggunaan internet terus meningkat dengan penggunaan untuk kepentingan yang makin beragam pula, termasuk dalam sebuah bisnis. Hal ini menyebabkan makin banyaknya pula data yang tersimpan dan terekspos di internet. Banyaknya data tersebut tidak diiringi dengan kesadaran terhadap seberapa penting kerahasiaan dan keamanannya. Ini menimbulkan potensi kejahatan yang biasa dikenal dengan cybercrime. Korban dari kejahatan siber dapat mengalami kerugian, mencakup rusaknya reputasi perusahaan atau organisasi hingga kerugian finansial. Untuk itu, penelitian ini bertujuan untuk mengidentifikasi kerentanan yang dimiliki oleh sebuah web application yang menjadi sistem pelacakan dan pemantauan aset. Penelitian ini dilakukan dengan pendekatan uji penetrasi menggunakan kerangka kerja dari OWASP (Open Worldwide Application Security Project). Framework ini berfokus pada keamanan dari web application sehingga sesuai dengan target pengujian dari penelitian ini. Penelitian ini mencakup information gathering dan 3 (tiga) metode pengujian mengacu pada OWASP WSTG, yaitu authentication testing, authorization testing, dan input validation testing dengan total 8 (delapan) metode pengujian yang dipilih. Dari hasil uji penetrasi yang dilakukan, ditemukan 4 kerentanan yang berhasil dieksploitasi. Keempat kerentanan tersebut kemudian dianalisis menggunakan OWASP Risk Rating Methodology dengan hasil akhir poin likelihood 6,5 (HIGH) dan impact 3,21 (MEDIUM). Hasil ini menunjukkan overall risk severity dari web application target yang diuji memiliki tingkat kerentanan tinggi.

---

The increasing use of the internet for a wide range of purposes, including business, has led to a significant growth in the amount of data stored and exposed online. However, this increase in data is not matched by an awareness of the importance of its confidentiality and security. This situation creates the potential for cybercrime, which can cause substantial harm, including damage to the reputation of a company or organization and financial losses. Therefore, this research aims to identify vulnerabilities in a web application used as an asset tracking and monitoring system. The study employs a penetration testing approach using the OWASP (Open Worldwide Application Security Project) framework. This framework focuses on web application security, making it suitable for the research's testing targets. The study involves information gathering and three testing methods from the OWASP WSTG: authentication testing, authorization testing, and input validation testing, using a total of eight selected testing methods. The penetration testing results revealed four exploitable vulnerabilities. These vulnerabilities were analyzed using the OWASP Risk Rating Methodology, resulting in a final likelihood score of 6.5 (HIGH) and an impact score of 3.21 (MEDIUM). These results indicate that the overall risk severity of the tested web application has a high level of vulnerability."

"Seiring dengan semakin berkembangnya banyaknya aplikasi khususnya aplikasi berbasis website, semakin banyak pula serangan yang dapat mengancam aplikasi yang telah dibuat. Salah satu serangan yang paling sering dilakukan adalah SQL Injection. Sehingga pada skripsi ini akan membahas mengenai penerapan tool pendeteksi SQL Injection berbasis website dengan mengacu pada OWASP Code Review. Pengujian dilakukan dengan membandingkan file berisi kode html atau php dengan parameter yang telah ditentukan. Berdasarkan OWASP Code Review, terdapat parameter-parameter yang digunakan dalam pengujian ini yakni penggunaan hashing, ekstensi basis data, sanitasi dan validasi data, serta prepared statements. Hasil dari penelitian menunjukkan bahwa tool berupa website yang dibuat dapat menguji file yang diunggah secara akurat.

---

Along with the growing of applications, especially website based application, there are also more attacks that can threaten applications that have been made. One of the most common attacks is SQL Injection. Therefor, this thesis will discuss about implementation and development of SQL Injection detection tool based on OWASP Code Review. Testing is done by comparing file containing html and php code with parameters that have been determined. Based on OWASP Code Review, parameters used in this test are the use of hashing, database extension, data sanitation and validation, as well as prepared statements. The result of this research indicate that the tool created can test uploaded file accurately."

"Phishing adalah salah satu jenis penipuan pada Internet berupa halaman web palsu yang meniru halaman web asli untuk menipu pengguna agar mengirim informasi sensitif kepada phisher. Pada data statistik yang disampaikan oleh APWG dan Phistank, jumlah web phishing dari 2015 hingga 2020 cenderung meningkat terus menerus. Untuk mengatasi masalah tersebut telah dilakukan beberapa penelitian terkait diantaranya dengan melakukan pendeteksian halaman web phishing menggunakan berbagai fitur-fitur dari halaman web dengan berbagai metode. Sayangnya penggunaan beberapa metode yang dilakukan dinilai sebagian pihak kurang efektif karena desain dan evaluasi hanya terlalu fokus pada capaian akurasi pendeteksian di penelitian namun evaluasi tidak mewakili pengaplikasian di dunia nyata. Padahal sebuah alat pendeteksi keamanan seharusnya membutuhkan efektifitas, performa yang baik, dapat diterapkan, dan tepat guna. Pada penelitian ini penulis melakukan evaluasi beberapa metode dan megusulkan aplikasi berbasis rules yang dapat mendeteksi phishing dengan lebih efisien.

---

Phishing is a type of fraud on the Internet in the form of fake web pages that mimic the original web pages to trick users into sending sensitive information to phisher. The statistics presented by APWG and Phistank show that the number of phishing websites from 2015 to 2020 tends to increase continuously. To overcome this problem, several studies have been carried out including detecting phishing web pages using various features of web pages with various methods. Unfortunately, the use of several methods is not effective because the design and evaluation are only too focused on the achievement of detection accuracy in research, but evaluation does not represent application in the real world. Whereas a security detection device should require effectiveness, good performance, and deployable. In this study the authors evaluated several methods and proposed rules-based applications that can detect phishing more efficiently."

"Contents :Cyber threatscape -- Cyberspace battlefield operations -- Cyber doctrine -- Tools and techniques -- Offensive tactics and procedures -- Psychological weapons -- Defensive tactics and procedures -- Challenges we face -- Where is cyber warfare headed?"

"Berkembang pesatnya teknologi informasi saat ini sejalan dengan berkembangnya aplikasi berbasis android dan website. Website umumnya digunakan sebagai media informasi dan komunikasi yang tentunya memiliki peran yang sangat penting. Namun, tidak menutup kemungkinan bahwa terdapat ancaman terkait dengan celah keamanan dari suatu website, baik kejahatan cyber, kebocoran data, pencurian data, dan merusak data maupun hanya ingin mengganggu system tersebut. Sebagai contoh pada website admin Digital Outlet yang merupakan pusat dari pengelolaan suatu website application. Dalam website admin tersebut telah tersimpan data dan informasi penting penggunanya yang bersifat sensitif. Maka, perlu adanya perhatian khusus terkait keamanan website tersebut. Pada penelitian ini akan dilakukan vulnerability assessment dan penetration testing pada situs website Digital Outlet menggunakan metode Information System Security Assessment Framework (ISSAF) dengan melakukan pengujian untuk mencari celah keamanan yang umum terjadi pada website tersebut, khususnya celah keamanan pada Broken Access Control, Cross Site Scripting (XSS), SQL Injection, dan sebagainya. Hasil dari penelitian analisis uji kerentanan yang diperoleh pada website Digital Outlet nantinya akan pergunakan untuk memperbaiki dan meningkatkan keamanan pada website tersebut serta menjadi salah satu referensi dalam memberikan rekomendasi terkait pengembangan framework Basic Development Framework (BDF) untuk management struktur rancang bangun suatu website yang baik dan aman. 

---

The rapid development of information technology is currently in line with the development of Android-based applications and website. Website are generally used as a medium of information and communication which of course has a very important role. However, it is possible that there are threats related to the security gaps of a website, both cyber crime, data leaks, data theft, and damage to data or just wanting to disrupt the system. For example, on the Digital Outlet admin website, which is the center of managing a website application. The admin website has stored important sensitive data and information on its users. So, there needs to be special attention regarding the security of the website. In this research, vulnerability assessment dan penetration testing will be carried out on the Digital Outlet website using the Information System Security Assessment Framework (ISSAF) method by conducting tests to find security holes that commonly occur on the website, especially security holes in Broken Access Control, Cross Site Scripting (XSS), SQL Injection, and so on. The results of the vulnerability test analysis research obtained on the Digital Outlet website will later be used to improve and increase security on the website and become a reference in providing recommendations related to the development of the Basic Development Framework (BDF) framework for the management structure of a good website design and build safe."

"Traffic is a major problem in large cities which requires wireless infrastructure that controls traffic density. Vehiculer Ad-hoc Network (VANET) which becomes communication among vehicles can solve the main problem of traffic congestion. VANET requires dynamic routing protocols such as AODV routing protocol and its extensions such as AODV-UU. Manhattan map is used in this simulation because it represents the condition of a big city. VANET network simulation with AODV routing protocol uses network simulator 2 (NS2) with the scenario of traffic density addition. We simulate routing protocol is AODV, AODV-UU, and AODV with malicious node attacks on Manhattan mobility model.The simulation results show that VANET is more effective and efficient using AODV-UU than other routing protocol, because AODV-UU routing protocol has fast computation in transferring data. The results of VANET simulation experiments with AODV-UU routing protocol generated average delay of 16.56 ms, average packetloss of 0.228%, and average throughput of 159.64 ms. In the VANET network simulation using AODV routing protocol with malicious nodes attack mode, packetloss values generated in very large values from 30% to 50%. This results shows that a malicious hacker attacks on VANET network using AODV routing protocol will decrease the Quality of Service (QoS) performance."