Vulnerability Analysis of the KALAM UMI Website Using Penetration Testing
DOI:
https://doi.org/10.56705/ijonit.v1i2.171Abstract
KALAM is a web-based online learning platform provided by Universitas Muslim Indonesia (UMI) and hosted on servers managed by the Center for Data and Information Technology (PDTI). In practice, KALAM still exhibits security weaknesses that could be exploited by unauthorized parties for personal gain. One identified weakness lies on the login page, which lacks a CAPTCHA mechanism, thereby enabling brute-force and SQL injection attacks. Potential abuses include altering and exfiltrating data. The researcher employed initial seed data in the form of usernames to identify accounts that could be forcibly accessed. Two outcomes were observed: a response value of 200 indicates that the account can be attacked, whereas a value of 303 signifies that the account is blocked by the firewall
References
M. E. Whitman and H. J. Mattord, Principles of Incident Response and Disaster Recovery. Thomson Course Technology, 2007.
R. Merlang, “Simulasi Penetration Testing Center Of E-Learning And Education For Students (Cerdas) Universitas Islam Riau Dengan Metode Brute Force Menggunakan Hatch,” repository.uir.ac.id, 2022.
S. Charania and V. Vyas, “SQL Injection Attack :Detection and Prevention,” Int. Res. J. Eng. Technol., vol. 03, no. 04, pp. 2395–56, 2016.
S. Andriyani, M. F. Sidiq, and B. P. Zen, “Analisis Celah Keamanan Pada Website Dengan Menggunakan Metode Penetration Testing Dan Framework Issaf Pada Website SMK Al-Kautsar,” J. Inform. Inf. Technol., vol. 8798, pp. 1–13, 2023.
F. Fachri, “Optimasi Keamanan Web Server Terhadap Serangan Brute-Force Menggunakan Penetration Testing,” J. Teknol. Inf. dan Ilmu Komput., vol. 10, no. 1, pp. 51–58, 2023, doi: 10.25126/jtiik.20231015872.
T. Putra, Y. Andrian, and B. Force, “Analisis Kemampuan Url Terenkripsi Base64,” vol. 3, no. 04, pp. 31–40, 2020.
R. Suriadi, R. Satra, and F. Fattah, “Peningkatan Keamanan Data dengan Menggunakan Equation pada Metode Playfair Cipher,” vol. 1, no. 1, pp. 266–269, 2020.
S. Alam and Y. N. Kunang, “Analisis Serangan Brute Force Pada IP Address Cctv (Closed Circuit Television) Menggunakan Metode Komputer Forensic,” Bina Darma Conf. Comput. Sci., vol. 3, no. 3, pp. 544–553, 2021.
B. Darra Deandra Modesta, “Abstract Analysis of Network Security Testing At Faculty of Mathematics and Natural Sciences Lampung University Using Brute Force Method,” 2021.
Y. Mulyanto and A. Algi Fari, “Analisis Keamanan Login Router Mikrotik Dari Serangan Bruteforce Menggunakan Metode Penetration Testing (Studi Kasus: Smk Negeri 2 Sumbawa),” J. Inform. Teknol. dan Sains, vol. 4, no. 3, pp. 145–155, 2022, doi: 10.51401/jinteks.v4i3.1897.
K. Nagendran, A. Adithyan, R. Chethana, P. Camillus, and K. B. Bala Sri Varshini, “Web application penetration testing,” Int. J. Innov. Technol. Explor. Eng., vol. 8, no. 10, pp. 1029–1035, 2019, doi: 10.35940/ijitee.J9173.0881019.
A. M. Elu, “Rancang Bangun Aplikasi Pendeteksian Vulnerability Structured Query Language (Sql) Injection Untuk Keamanan Website,” Respati, vol. 8, no. 22, pp. 111–124, 2017, doi: 10.35842/jtir.v8i22.53.
Jian Chang Chur, A Security Assessment of Egovernment Website in Malaysia, no. November. 2018.
N. L. A. Dewi, A. A. I. I. Paramitha, and E. G. A. Dewi, “Analisis dan Perancangan Sistem Informasi E-Learning Berbasis Learning Management System (LMS) Moodle di SMA Negeri 1 Sukawati,” JTKSI (Jurnal Teknol. …, vol. 5, no. 2, pp. 31–42, 2022, doi: 10.56327/jtksi.v5i1.1123.
S. Lika, R. Dwi, P. Halim, and I. Verdian, “Analisa Serangan Sql Injeksi Menggunakan Sqlmap,” J. Sist. dan Teknol. Inf., vol. 4, no. 2, pp. 88–94, 2018.
