Uji Keamanan Aplikasi Website XYZ Menggunakan Burp Suite Berdasarkan Kerangka NIST SP 800-115

Abstract

Advancements in digital technology have prompted government institutions to adopt online services, including the provision of public information through their official websites. However, the growing reliance on digital systems has also led to an increase in cybersecurity threats. This study aims to assess potential security vulnerabilities on the XYZ website, which is managed by a regional government, using a penetration testing approach based on the NIST SP 800-115 framework and the Burp Suite tool. The testing process was carried out in four phases: planning, discovery, attack execution, and reporting. The results revealed eight vulnerabilities, including two classified as high severity: code injection and unencrypted communication (HTTP). Additionally, publicly accessible backup files and support for XML input were identified, posing risks of XML External Entity (XXE) attacks. These findings highlight the critical importance of input validation, full implementation of HTTPS protocols, and strict file management to enhance website security. The study also recommends conducting further audits related to XML vulnerabilities and implementing continuous system monitoring to address evolving cyber threats.