Vulnerability Analysis on Semarang City Road Section Information System Website Using VAPT Method

Authors

  • Hanif Setia Nusantara Universitas Dian Nuswantoro Author
  • L. Budi Handoko Universitas Dian Nuswantoro Author
  • Maulana Ikhsan Dinas Pekerjaan Umum Kota Semarang Author
  • Chaerul Umam Universitas Dian Nuswantoro Author

DOI:

https://doi.org/10.35314/gdaky847

Keywords:

Cybersecurity, Vulnerabilities, Information System, VAPT, e-Government

Abstract

Web-based public service applications in the digital governance era are increasingly vulnerable to cyber threats. This study analyzes the vulnerability of the Semarang City Road Information System website quantitatively using the Vulnerability Assessment and Penetration Testing (VAPT) method to evaluate its effectiveness in identifying security gaps. This system is part of an e-government service providing road infrastructure information but, like other technology-based systems, is susceptible to exploitation. The VAPT method used includes two main stages: Vulnerability Assessment to identify weaknesses and Penetration Testing to simulate attacks. The study identified 5 potential vulnerabilities: SQL Injection, Credit Card Number Disclosure, Insecure Direct Object Reference (IDOR), Cross-Site Scripting (XSS), and Error Message on Page. However, 80% of these were false positives, effectively filtered by Alibaba Cloud’s Web Application Firewall (WAF). The IDOR vulnerability was confirmed as valid, allowing unauthorized access to sensitive data through manipulation of the ID parameter in the URL. The original contribution of this research is the specific recommendation for implementing Indirect Object References mechanisms such as ID encryption, as well as emphasizing the need for comprehensive routine testing to improve security and prevent potential data misuse.

Downloads

Download data is not yet available.

Downloads

Published

01-07-2025

Issue

Section

Articles

How to Cite

Vulnerability Analysis on Semarang City Road Section Information System Website Using VAPT Method. (2025). INOVTEK Polbeng - Seri Informatika, 10(2), 1119-1130. https://doi.org/10.35314/gdaky847