Vulnerability Assessment and Penetration Testing On The Xyz Website Using Nist 800-115 Standard

Currently the website has become an effective communication tool. However, it is essential to have vulnerabilities assessment and penetration testing using specific standards on released websites to the public for securing information. The problems raised in this research are conducting vulnerability testing on the XYZ website to analyze security gaps in the XYZ website, as well as conducting penetration testing on high vulnerabilities found. Testing was conducted using the NIST 800 – 115 Standard through 4 main stages: planning, discovery, attack, and report. Several tools were used: Nmap, OWASP ZAP, Burp Suite, and Foxy Proxy. This research results are presented and analyzed. There were seven vulnerabilities found, one high-level vulnerability, two medium-level vulnerabilities, and four low-level vulnerabilities. At the high level, SQL Injection types are found, at the medium level, Cross-Domains Misconfiguration and vulnerabilities are found, at the low level, Absence of Anti-CSRF Tokens, Incomplete or No Cache-control and Pragma HTTP Header Set, Server Leaks Information via “X-Powered-By” HTTP Response Header Field and X-Content-Type-Options Header Missing are found.

Teknik Uji Penetrasi Web Server Menggunakan SQL Injection dengan SQLmap di Kalilinux

<p><em>In recent years cases of cyber attacks that lead to website security have increased. The most widely used website hacking threat is sql injection. By using the sqlmap tool that runs on the Kalilinux operating system, attackers can easily take over very important user authentication data with their passwords. Attackers only use a special SQL query script using the python programming language will force the web server to output database information, tables, columns and data contents. This sql injection technique is not difficult, knowing how sql injection works is expected to be useful for web admins and web application developers to be able to secure user access from attackers. This attack simulation uses a virtual machine, by creating two virtual computers that are scripted as the attacker and the target server. By testing through this simulation, we can find out how the attack process and the consequences of attacks carried out by attackers.</em></p>

Methodology for constructing a neural fuzzy network in the field of information security

This paper proposes the use of hybrid models based on neural networks and fuzzy systems to build intelligent intrusion detection systems based on the theory of fuzzy rules. The presented system will be able to generate rules based on the results using fuzzy logic neurons. To avoid oversaturation and assist in determining the necessary network topology, training models based on extreme learning machine and regularization theory will be used to find the most significant neurons. In this paper, a type of SQL injection cyberattack is considered, which actively exploits errors in systems that communicate with the database via SQL commands, and for this reason is considered a kind of straightforward attack. The fuzzy neural network architecture used in detecting SQL injection attacks is a multi-component structure. The first two layers of the model are considered as a fuzzy inference system capable of extracting knowledge from data and transforming it into fuzzy rules. These rules help build automated systems for detecting SQL injection attacks. The third layer consists of a simple neuron that has an activation function called a leaky ReLU. The first layer consists of fuzzy neurons, the activation functions of which are Gaussian membership functions of fuzzy sets, defined in accordance with the partitioning of the input variables. The technique uses the concept of a simple linear regression model to solve the problem of choosing the best subsets of neurons. To perform model selection, the paper used the widely used least angular regression (LARS) algorithm.