NIST SP 800-115 Framework Implementation using Black Box Method on Security Gaps Testing on JTD Polinema’s Official Website

Abstract

The internet is one example of a computer network that can make it easier to obtain information. According to BSSN's December 2021 report, there were 3,483,706 web application attacks. According to the BSSN monthly report, there were 3,483,706 web application attacks at the end of December 2021. The JTD Study Program's official website (psjtd.polinema.ac.id) faced recurrent hacking incidents, exposing it to DDOS assaults and defacing. As a result, security testing must be carried out in accordance with particular standards, such as the National Institute of Standards and Technology (NIST) SP 800-115 framework. Penetration testing was performed in this investigation using the Black Box testing method approach and hardening. The results of testing and analyzing security gaps on the website reveal 10 open ports and 11 various types of security holes with varying levels of vulnerability categorized as 1 high, 3 medium, 5 low, and 2 informational. During penetration testing, one ping packet was sent that could not cause any problems, and then one of the Syn Flooding attacks was carried out, which resulted in the number of shipments reaching 10,000 packets per second.