Analisis cara pentest website dan tindak lanjut
(Senin, 14/02/22)
melakukan proses perbaikan website cirebon.kemenag.go.id
hasil analisis dari pentest
- menunggu hasil tindak lanjut dari tim pusat
- berkesinambungan memperbaiki program pada lokalhost
- berkesinambungan mengecek website
- sharing bersama tim
Analisis pentest
Cirebon Pentest Report
Generated with ZAP on Mon 14 Feb 2022, at 09:27:28
Contents
About this report
Report parameters
Contexts
No contexts were selected, so all contexts were included by default.
Sites
The following sites were included:
- https://cirebon.kemenag.go.id
- http://cirebon.kemenag.go.id
(If no sites were selected, all sites were included by default.)
An included site must also be within one of the included contexts for its data to be included in the report.
Risk levels
Included: High, Medium, Low, Informational
Excluded: None
Confidence levels
Included: User Confirmed, High, Medium, Low
Excluded: User Confirmed, High, Medium, Low, False Positive
Summaries
Alert counts by risk and confidence
Confidence | ||||||
---|---|---|---|---|---|---|
User Confirmed | High | Medium | Low | Total | ||
Risk | High | 0 (0.0%) | 0 (0.0%) | 0 (0.0%) | 0 (0.0%) | 0 (0.0%) |
Medium | 0 (0.0%) | 0 (0.0%) | 0 (0.0%) | 0 (0.0%) | 0 (0.0%) | |
Low | 0 (0.0%) | 0 (0.0%) | 2 (40.0%) | 1 (20.0%) | 3 (60.0%) | |
Informational | 0 (0.0%) | 0 (0.0%) | 0 (0.0%) | 2 (40.0%) | 2 (40.0%) | |
Total | 0 (0.0%) | 0 (0.0%) | 2 (40.0%) | 3 (60.0%) | 5 (100%) |
Alert counts by site and risk
Risk | |||||
---|---|---|---|---|---|
High (= High) | Medium (>= Medium) | Low (>= Low) | Informational (>= Informational) | ||
Site | https://cirebon.kemenag.go.id | 0 (0) | 0 (0) | 1 (1) | 1 (2) |
http://cirebon.kemenag.go.id | 0 (0) | 0 (0) | 2 (2) | 1 (3) |
Alert counts by alert type
Alert type | Risk | Count |
---|---|---|
Absence of Anti-CSRF Tokens | Low | 128 (2,560.0%) |
Incomplete or No Cache-control Header Set | Low | 150 (3,000.0%) |
Timestamp Disclosure - Unix | Low | 69 (1,380.0%) |
Charset Mismatch | Informational | 24 (480.0%) |
Information Disclosure - Suspicious Comments | Informational | 10 (200.0%) |
Total | 5 |
Alerts
Risk=Low, Confidence=Medium (2)
https://cirebon.kemenag.go.id (1)
Incomplete or No Cache-control Header Set (1)
GET https://cirebon.kemenag.go.id/
http://cirebon.kemenag.go.id (1)
Absence of Anti-CSRF Tokens (1)
GET http://cirebon.kemenag.go.id
Risk=Low, Confidence=Low (1)
http://cirebon.kemenag.go.id (1)
Timestamp Disclosure - Unix (1)
GET http://cirebon.kemenag.go.id
Risk=Informational, Confidence=Low (2)
https://cirebon.kemenag.go.id (1)
Charset Mismatch (1)
GET https://cirebon.kemenag.go.id/index.php?format=xml&rest_route=%2Foembed%2F1.0%2Fembed&url=https%3A%2F%2Fcirebon.kemenag.go.id%2F%3Fpage_id%3D49
http://cirebon.kemenag.go.id (1)
Information Disclosure - Suspicious Comments (1)
GET http://cirebon.kemenag.go.id/wp-content/themes/corponotch/assets/js/html5.min.js?ver=3.7.3
Appendix
Alert types
This section contains additional information on the types of alerts in the report.
Absence of Anti-CSRF Tokens
Source raised by a passive scanner (Absence of Anti-CSRF Tokens) CWE ID 352 WASC ID 9 Reference - http://projects.webappsec.org/Cross-Site-Request-Forgery
- http://cwe.mitre.org/data/definitions/352.html
Incomplete or No Cache-control Header Set
Source raised by a passive scanner (Incomplete or No Cache-control Header Set) CWE ID 525 WASC ID 13 Reference - https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
Timestamp Disclosure - Unix
Source raised by a passive scanner (Timestamp Disclosure) CWE ID 200 WASC ID 13 Reference - http://projects.webappsec.org/w/page/13246936/Information%20Leakage
Charset Mismatch
Source raised by a passive scanner (Charset Mismatch) CWE ID 436 WASC ID 15 Reference - http://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
Information Disclosure - Suspicious Comments
Source raised by a passive scanner (Information Disclosure - Suspicious Comments) CWE ID 200 WASC ID 13
0 Response to "Analisis cara pentest website dan tindak lanjut"
Posting Komentar
terimakasih telah berkomentar dengan bijak