Abstract :
The development of technology is marked by the rapid development of internet
users. The website is one of the important components related to information
service providers so that it is very influential in providing quality information
services. Website security is very necessary to maintain the effectiveness of a data
service to run properly. Website security that is not maintained will have a very
influential impact on the effectiveness and purpose of operating a website so that a
security measure is needed to be able to provide protection to the website.
The purposes of this study are 1. To determine the security vulnerabilities on the
web manager of the Infotel Journal, Telkom Institute of Technology Purwokerto. 2.
Knowing the results of testing and web security analysis using OWASP Top Ten.
The research method used in this research is literature study, web security testing,
analysis and conclusion.
From this research, the test results found that the Port Status is open/open on
ports 22, 25, 80, 443 and 3306. That the SSL Certificate is still active means that
the web has resistance to Heartbleed Attack. No anti-clickjacking X-FrameOptions. There is no X-XSS-Protection Header so that an attacker can exploit it
through Cross Site Scripting (XSS) on the Infotel website. The Infotel Journal
Management Website of the Telkom Institute of Technology Purwokerto has several
types of web security vulnerability threats with a medium threat level of 2 (two)
threats and a low threat level of 9 (nine).
Keyword : OWASP Top Ten, Infotel, Website