Electronic Theses and Dissertation

Penelitian ini membahas perbandingan tingkat keamanan antara situs Web2.0 dan Web3.0 dengan studi kasus crazygames.com dan pixels.xyz menggunakan metode Penetration Testing Execution Standard (PTES) dan penilaian tingkat keparahan kerentanan berbasis Common Vulnerability Scoring System (CVSS) v4.0. Tahapan PTES diterapkan mulai dari Pre‑Engagement Interaction hingga Reporting untuk mengidentifikasi dan mengeksploitasi celah keamanan, kemudian hasilnya dianalisis dari tiga aspek, yaitu jumlah dan jenis celah, response time pemindaian, serta skor CVSS. Hasil pemindaian menunjukkan bahwa Web2.0 memiliki 23 jenis kerentanan dengan total 3108 temuan, sedangkan Web3.0 memiliki 21 jenis kerentanan dengan total 669 temuan, sehingga secara kuantitatif Web3.0 menunjukkan penurunan jumlah celah sekitar 78,5% dibandingkan Web2.0. Rata-rata waktu pemindaian Web3.0 (712,4 detik) lebih lama daripada Web2.0 (326,8 detik), yang mencerminkan kompleksitas arsitektur Web3.0 akibat integrasi blockchain dan smart contract. Evaluasi CVSS v4.0 menemukan masing-masing satu kerentanan Critical pada kedua situs, namun Web2.0 masih memiliki tambahan kerentanan Medium dan pola vector pada CVSS yang lebih menguntungkan penyerang, seperti tidak diperlukannya hak akses maupun interaksi pengguna pada beberapa eksploitasi. Secara keseluruhan, hasil penelitian ini menunjukkan bahwa meskipun Web3.0 belum sepenuhnya bebas dari kerentanan kritis, profil risikonya lebih terkendali dibandingkan Web2.0 dari sisi jumlah celah keamanan, kompleksitas arsitektur, dan karakteristik kerentanannya.
Kata Kunci: Keamanan web, PTES, CVSS v4.0, Web3.0

This study discusses a security level comparison between Web2.0 and Web3.0 websites using crazygames.com and pixels.xyz as case studies, applying the Penetration Testing Execution Standard (PTES) method and assessing vulnerability severity based on the Common Vulnerability Scoring System (CVSS) v4.0. The PTES phases, from Pre‑Engagement Interaction to Reporting, are applied to identify and exploit security weaknesses, and the results are then analyzed from three aspects: the number and types of vulnerabilities, scanning response time, and CVSS scores. The scanning results show that the Web2.0 site has 23 types of vulnerabilities with a total of 3,108 findings, while the Web3.0 site has 21 types of vulnerabilities with a total of 669 findings, so quantitatively Web3.0 demonstrates a reduction of approximately 78.5% in the number of vulnerabilities compared to Web2.0. The average scanning time for Web3.0 (712.4 seconds) is longer than for Web2.0 (326.8 seconds), which reflects the higher architectural complexity of Web3.0 due to the integration of blockchain and smart contracts. The CVSS v4.0 evaluation finds one Critical vulnerability on each site; however, Web2.0 still has an additional Medium‑severity vulnerability and CVSS vector patterns that are more favorable to attackers, such as not requiring privileges or user interaction in several exploit scenarios. Overall, the results indicate that although Web3.0 is not completely free from critical vulnerabilities, its risk profile is more controlled than Web2.0 in terms of the number of vulnerabilities, severity distribution, and exploitability characteristics. Keyword: Web Security, PTES, CVSS v4.0, Web3.0