Penetration Testing of a Computerized Psychological Assessment Website Using Seven Attack Vectors for Corporation Website Security
Rizky Rachman J,M.Kom, Jonathan Suara Patty

Universitas Pendidikan Indonesia

Abstract

This research involved black box penetration testing of a computerized psychological testing website developed by PT Dwi Purwa Teknologi hereinafter referred to as the client . The testing simulated attacks by a foreign entity unfamiliar with the website^s structure. The assessment focused on seven attack vectors: SQL injection, RCE, URL manipulation, CSRF, SSRF, XSS, and Broken Authentication and Session. Vulnerabilities resulted from poorly sanitized input forms, leading to SQL injection and RCE risks. Inadequate input validation enabled cross-site scripting attacks, while missing CSRF tokens exposed the website to CSRF threats. The research underscores the importance of penetration testing to identify and address security weaknesses, empowering the client to fortify their website against potential cyber threats.

Keywords: Penetration Testing, Simulated Attacks, Attack vectors, SQL Injection, RCE, Cross-site scripting, SSRF, CSRF, Vulnerabilities, Cyber threats.

Topic: Computer Science

Plain Format | Corresponding Author (Jonathan Suara Patty)

Share Link Copy Text

Share your abstract link to your social media or profile page