Electronic Theses and Dissertation

Keamanan sistem informasi menjadi aspek krusial dalam era digital, terutama pada website yang menyimpan data sensitif. Website perpustakaan Universitas Syiah Kuala (USK) berperan penting dalam menyediakan akses informasi bagi mahasiswa dan staf akademik, namun masih berpotensi menghadapi ancaman keamanan siber. Oleh karena itu, tujuan dari penelitian ini adalah untuk mengevaluasi aspek keamanan sistem informasi pada website Perpustakaan Universitas Syiah Kuala dengan menerapkan metode Penetration Testing Execution Standard (PTES). Proses penelitian dilakukan melalui pendekatan pengujian penetrasi (penetration testing), yang meliputi tahap pemindaian kerentanan (vulnerability scanning) serta penilaian terhadap potensi risiko yang mungkin terjadi. Beberapa alat bantu seperti Nmap, Burpsuite, hydra, dan slowhttptest digunakan untuk mengidentifikasi potensi ancaman dan eksploitasi. Hasil penelitian menunjukkan adanya beberapa kerentanan sistem yang berpotensi dieksploitasi oleh pihak-pihak yang tidak bertanggung jawab, seperti kerentanan terhadap serangan SQL Injection, Cross-Site Scripting (XSS), broken access control, dan Bruteforce. Berdasarkan hasil analisis, penelitian ini merekomendasikan beberapa langkah mitigasi, seperti pembaruan sistem secara berkala, penerapan kebijakan keamanan berbasis standar, dan penguatan konfigurasi server. Dengan penerapan langkah-langkah tersebut, keamanan website perpustakaan USK dapat ditingkatkan guna mencegah potensi ancaman siber di masa mendatang.

Information system security has become a critical aspect in the digital era, particularly for websites that store sensitive data. The library website of Universitas Syiah Kuala (USK) plays an essential role in providing information access for students and academic staff, yet it remains vulnerable to potential cybersecurity threats. This research aims to evaluate the security aspects of the USK Library website by applying the Penetration Testing Execution Standard (PTES) method based on the PTES framework (PTES). The study employs a penetration testing approach, including vulnerability scanning and risk assessment stages to analyze potential security risks. Several tools, such as Nmap, Burp Suite, Hydra, and SlowHTTPTest, were utilized to identify threats and perform exploitation simulations. The findings reveal multiple security vulnerabilities that could be exploited by unauthorized parties, including SQL Injection, Cross-Site Scripting (XSS), broken access control, and brute force attack susceptibility. Based on the analysis results, this study proposes mitigation strategies, including regular system updates, implementation of standardized security policies, and reinforcement of server configurations. The recommended measures are expected to enhance the security resilience of the USK Library website and reduce the risk of future cyberattacks. This research contributes to improving website security practices within academic information systems and supports the development of proactive cybersecurity risk mitigation in university environments.