|
Penetration Testing of a Computerized Psychological Assessment Website Using Seven Attack Vectors for Corporation Website Security Universitas Pendidikan Indonesia Abstract This research involved black box penetration testing of a computerized psychological testing website developed by PT Dwi Purwa Teknologi hereinafter referred to as the client . The testing simulated attacks by a foreign entity unfamiliar with the website^s structure. The assessment focused on seven attack vectors: SQL injection, RCE, URL manipulation, CSRF, SSRF, XSS, and Broken Authentication and Session. Vulnerabilities resulted from poorly sanitized input forms, leading to SQL injection and RCE risks. Inadequate input validation enabled cross-site scripting attacks, while missing CSRF tokens exposed the website to CSRF threats. The research underscores the importance of penetration testing to identify and address security weaknesses, empowering the client to fortify their website against potential cyber threats. Keywords: Penetration Testing, Simulated Attacks, Attack vectors, SQL Injection, RCE, Cross-site scripting, SSRF, CSRF, Vulnerabilities, Cyber threats. Topic: Computer Science |
| MSCEIS 2023 Conference | Conference Management System |