-->
menemukan kelebihan diantara kekurangan

Kumpulan Artikel

>

Analisis cara pentest website dan tindak lanjut

By Senin, Februari 14, 2022 Add Comment

(Senin, 14/02/22)

melakukan proses perbaikan website cirebon.kemenag.go.id




hasil analisis dari pentest

  1. menunggu hasil tindak lanjut dari tim pusat
  2. berkesinambungan memperbaiki program pada lokalhost
  3. berkesinambungan mengecek website
  4. sharing bersama tim




Analisis pentest

Cirebon Pentest Report

Generated with ZAP on Mon 14 Feb 2022, at 09:27:28

Contents

About this report

Report parameters

Contexts

No contexts were selected, so all contexts were included by default.

Sites

The following sites were included:

  • https://cirebon.kemenag.go.id
  • http://cirebon.kemenag.go.id

(If no sites were selected, all sites were included by default.)

An included site must also be within one of the included contexts for its data to be included in the report.

Risk levels

Included: HighMediumLowInformational

Excluded: None

Confidence levels

Included: User ConfirmedHighMediumLow

Excluded: User ConfirmedHighMediumLowFalse Positive

Summaries

Alert counts by risk and confidence

This table shows the number of alerts for each level of risk and confidence included in the report.

(The percentages in brackets represent the count as a percentage of the total number of alerts included in the report, rounded to one decimal place.)

Confidence
User ConfirmedHighMediumLowTotal
RiskHigh0
(0.0%)		0
(0.0%)		0
(0.0%)		0
(0.0%)		0
(0.0%)
Medium0
(0.0%)		0
(0.0%)		0
(0.0%)		0
(0.0%)		0
(0.0%)
Low0
(0.0%)		0
(0.0%)		2
(40.0%)		1
(20.0%)		3
(60.0%)
Informational0
(0.0%)		0
(0.0%)		0
(0.0%)		2
(40.0%)		2
(40.0%)
Total0
(0.0%)		0
(0.0%)		2
(40.0%)		3
(60.0%)		5
(100%)

Alert counts by site and risk

This table shows, for each site for which one or more alerts were raised, the number of alerts raised at each risk level.

Alerts with a confidence level of "False Positive" have been excluded from these counts.

(The numbers in brackets are the number of alerts raised for the site at or above that risk level.)

Risk
High
(= High)		Medium
(>= Medium)		Low
(>= Low)		Informational
(>= Informational)
Sitehttps://cirebon.kemenag.go.id0
(0)		0
(0)		1
(1)		1
(2)
http://cirebon.kemenag.go.id0
(0)		0
(0)		2
(2)		1
(3)

Alert counts by alert type

This table shows the number of alerts of each alert type, together with the alert type's risk level.

(The percentages in brackets represent each count as a percentage, rounded to one decimal place, of the total number of alerts included in this report.)

Alert typeRiskCount
Absence of Anti-CSRF TokensLow128
(2,560.0%)
Incomplete or No Cache-control Header SetLow150
(3,000.0%)
Timestamp Disclosure - UnixLow69
(1,380.0%)
Charset MismatchInformational24
(480.0%)
Information Disclosure - Suspicious CommentsInformational10
(200.0%)
Total5

Alerts

  1. Risk=Low, Confidence=Medium (2)

    1. https://cirebon.kemenag.go.id (1)

      1. Incomplete or No Cache-control Header Set (1)
        1. GET https://cirebon.kemenag.go.id/

    2. http://cirebon.kemenag.go.id (1)

      1. Absence of Anti-CSRF Tokens (1)
        1. GET http://cirebon.kemenag.go.id

  2. Risk=Low, Confidence=Low (1)

    1. http://cirebon.kemenag.go.id (1)

      1. Timestamp Disclosure - Unix (1)
        1. GET http://cirebon.kemenag.go.id

  3. Risk=Informational, Confidence=Low (2)

    1. https://cirebon.kemenag.go.id (1)

      1. Charset Mismatch (1)
        1. GET https://cirebon.kemenag.go.id/index.php?format=xml&rest_route=%2Foembed%2F1.0%2Fembed&url=https%3A%2F%2Fcirebon.kemenag.go.id%2F%3Fpage_id%3D49

      2. http://cirebon.kemenag.go.id (1)

        1. Information Disclosure - Suspicious Comments (1)
          1. GET http://cirebon.kemenag.go.id/wp-content/themes/corponotch/assets/js/html5.min.js?ver=3.7.3

    Appendix

    Alert types

    This section contains additional information on the types of alerts in the report.

    1. Absence of Anti-CSRF Tokens

      Sourceraised by a passive scanner (Absence of Anti-CSRF Tokens)
      CWE ID352
      WASC ID9
      Reference
      1. http://projects.webappsec.org/Cross-Site-Request-Forgery
      2. http://cwe.mitre.org/data/definitions/352.html

    2. Incomplete or No Cache-control Header Set

      Sourceraised by a passive scanner (Incomplete or No Cache-control Header Set)
      CWE ID525
      WASC ID13
      Reference
      1. https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
      2. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

    3. Timestamp Disclosure - Unix

      Sourceraised by a passive scanner (Timestamp Disclosure)
      CWE ID200
      WASC ID13
      Reference
      1. http://projects.webappsec.org/w/page/13246936/Information%20Leakage

    4. Charset Mismatch

      Sourceraised by a passive scanner (Charset Mismatch)
      CWE ID436
      WASC ID15
      Reference
      1. http://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection

    5. Information Disclosure - Suspicious Comments

      Sourceraised by a passive scanner (Information Disclosure - Suspicious Comments)
      CWE ID200
      WASC ID13

    0 Response to "Analisis cara pentest website dan tindak lanjut"

    Posting Komentar

    terimakasih telah berkomentar dengan bijak

    Langganan: Posting Komentar (Atom)