Conducting Penetration Testing to Identify Vulnerabilities in a Bank Company Information Technology

Article Sidebar

PDF
Published: Dec 11, 2023
Keywords:
Applications; e-Banking; Vulnerability; Penetration Test; Webserver

Main Article Content

Nava Gia Ginasta
Universitas Logistik dan Bisnis Internasional
Krisnawanti
Universitas Logistik dan Bisnis Internasional
Fikri Fahru Roji
Universitas Garut

Abstract

Company XYZ is a regional business entity that manages finances and provides credit to small businesses. However, their e-banking applications have vulnerabilities that hackers can exploit. This research aims to identify and understand potential attacks on these vulnerabilities, assess the impact of exploitation by attackers, and provide recommendations for securing computer systems and networks based on penetration testing results. The XYZ e-banking application web server can be tested using five methods: Vulnerability Scanning, Apache Tomcat Sample Directory Vulnerabilities, Cross-Site Request Forgery (CSRF), Weak Cryptographic Testing, and Header Security. The application is in the Warning to High category, which indicates that it requires follow-up action. To mitigate the vulnerability, developers can take steps such as deleting the /examples directory, limiting the validity of cookies, using SSL and enabling Mod Security.

Article Details

Issue
Vol. 4 No. 2 (2023): RISTEC : Research in Information Systems and Technology
Section
Articles