Identify Vulnerabilities on the Ministry of Health's Ayo Sehat Website Through Penetration Testing

Nur Siti Aisyah; Fasya Zulia Puspitasari; Kalpin Oktavianus Angga; Brili Rey Shandi

doi:10.47191/etj/v9i07.11

Authors

Nur Siti Aisyah Information Systems Study Program, Faculty of Engineering and Informatics, Gajayana University Malang, Indonesia
Fasya Zulia Puspitasari Information Systems Study Program, Faculty of Engineering and Informatics, Gajayana University Malang, Indonesia
Kalpin Oktavianus Angga Information Systems Study Program, Faculty of Engineering and Informatics, Gajayana University Malang, Indonesia
Brili Rey Shandi Information Systems Study Program, Faculty of Engineering and Informatics, Gajayana University Malang, Indonesia

Vol. 9 No. 7 (2024): VOLUME 09 ISSUE 07

Articles

Accepted July 6, 2024

Published July 13, 2024

Downloads

PDF

Abstract
How to Cite
Metrics
References

This research identifies security vulnerabilities on the "Ayo Sehat Kemenkes" website managed by the Ministry of Health of the Republic of Indonesia through penetration testing using the ISSAF (Information Systems Security Assessment Framework) framework. The methods used include information gathering, network mapping, vulnerability identification, and exploitation. Tools such as CMD, Whois, Nmap, and Subgraph Vega are used in the testing process. The research results found several vulnerabilities with different levels of severity: a high level vulnerability in the form of a social security number which can cause the risk of identity theft, a medium level vulnerability in the form of a local file system path which provides information about the structure of directories and files on the web server, and a low level vulnerability in the form of lots of email addresses and password forms with an active autocomplete feature. These findings demonstrate the importance of preventative measures to improve website security and protect user data.

Aisyah, N. S., Fasya Zulia Puspitasari, Kalpin Oktavianus Angga, & Brili Rey Shandi. (2024). Identify Vulnerabilities on the Ministry of Health’s Ayo Sehat Website Through Penetration Testing. Engineering And Technology Journal, 9(7), 4427–4433. https://doi.org/10.47191/etj/v9i07.11

Download Citation

B. Bhardwaj And S. Tiwari, “Penetration Testing And Data Privacy: An In-Depth Review,” Journal Of Cyber Security In Computer System, Vol. 2, Pp. 18–22, Jun. 2023, Doi: 10.46610/Jcscs.2023.V02i01.003.

K. Vengurlekar, “Loop Holes In Web Based Security,” International Journal Of Advanced Research In Science, Communication And Technology, Pp. 329–335, Jun. 2022, Doi: 10.48175/Ijarsct-5347.

I. Oktaviani, D. Rahmawati, And Y. Nataya, “Prevalensi Dan Faktor Risiko Anemia Pada Anak Di Negara Maju,” Jurnal Kesehatan Masyarakat Indonesia, Vol. 16, P. 218, Jun. 2021, Doi: 10.26714/Jkmi.16.4.2021.218-226.

C. T. Lopes, “Health Information Retrieval -- State Of The Art Report,” May 2022, [Online]. Available: Http://Arxiv.Org/Abs/2205.09083

B. Ghozali, "Detecting Website Application Security Vulnerabilities Using The Owasp (Open Web Application Security Project) Method For Risk Assessment Detect Web Application Security Flaws Using The Owasp (Open Web Application Security Project) Method For Risk Assessment," Posted: 09 February , 2018.

D. Ariyana, S. Ningtyas, A. Fauzi, And R. Ramadhan, "Implementation of an Online Scanner Method to Find Vulnerabilities in Website Servers: Case Study: Gramedia.Com Website," Vol. 1, Pp. 16–25, June. 2023, Doi: 10.56855/Jeep.V1i1.304.

S. Comm. , MT , AERS Comm. , MMMDA Marcello Singadji, "Web Security Scanning to Increase Awareness of Web Security Vulnerabilities Using Nuclei," Indigenous Journal-Jurnal of Arts, Design & Culture, South Tangerang Arts Council , Vol. 4, no. 1, 2022.

Y. Hidayat And B. Arifwidodo, “Implementasi Web Server Menggunakan Infrastructure As Code Terraform Berbasis Cloud Computing,” Format Jurnal Ilmiah Teknik Informatika, Vol. 10, P. 192, Jun. 2021, Doi: 10.22441/Format.2021.V10.I2.010.

B. Bhardwaj And S. Tiwari, “Penetration Testing And Data Privacy: An In-Depth Review,” Journal Of Cyber Security In Computer System, Vol. 2, Pp. 18–22, Feb. 2023, Doi: 10.46610/Jcscs.2023.V02i01.003.

R. Ashar, “Analysis Of Open Website Security Using Owasp And Issaf Methods,” Jurnal Informasi Dan Teknologi, Pp. 187–194, Jun. 2022, Doi: 10.37034/Jidt.V4i4.233.

Identify Vulnerabilities on the Ministry of Health's Ayo Sehat Website Through Penetration Testing

Authors

Downloads

Login

Developed By

Make a Submission

Information

author_desk

sidebarmenu

Current Issue

Browse

Editorial Pick

Google Scholar Citation

Author Info.:

Contact Info: