Pengumpulan Informasi pada Situs Web Dengan Menyusun Kerangka Kerja Keamanan Siber NIST

Abstract

In the current era, the rapid development of websites has made them one of the most significant modern information media. Website creation is not only focused on the design and information presented, but also focuses on security aspects. The presence of security on a website is very important, considering the need to protect the data and information contained therein. Information Gathering is one method used to test a website's security. This information gathering is the earliest stage to obtain ownership and other sensitive information. This research aims to conduct security testing of the oase.poltektegal.ac.id website using tools in the form of penetration testing software; then, the testing results are entered into the cybersecurity framework issued by N.I.S.T. The test results obtained and adjusted to N.I.S.T. Cybersecurity are that the oase.poltektegal.ac.id website has vulnerabilities in the form of CVE-2003-1418 (apache webserver vulnerability), CVE-2005-3299 (PHP vulnerability), CVE-2010-4344 ( Buffer Overflow Vulnerability), CVE-2007-6750 (XSS). The solution to this vulnerability is updating the software and closing unused ports. These results will be used as a benchmark in creating or improving similar websites to increase awareness and vigilance in achieving cyber resilience