Open AccessMitigation Web Server for Cross-Site Scripting Attack Using Penetration Testing Method
Author(s) -
Abdul Fadlil,
Imam Riadi,
Fahmi Fachri
Publication year - 2022
Publication title -
international journal of safety and security engineering
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.202
H-Index - 10
eISSN - 2041-904X
pISSN - 2041-9031
DOI - 10.18280/ijsse.120208
Subject(s) - cross site scripting , computer security , computer science , login , web application security , web server , scripting language , web application , vulnerability (computing) , upload , world wide web , web page , database , web development , the internet , operating system
The increasing number of user-oriented applications uploading all their information to the web is causing cyber-attacks and data theft. One of the most prevalent vulnerabilities is Cross-Site Scripting (XSS). Intruders take advantage of these attacks to access sensitive user data. This study aims to mitigate XSS attacks by using the penetration testing method as an official effort to improve web server security. The subject of this research uses the login form from the academic information system web server. This study offers a mitigation system prototype against XSS using the penetration test method and the secure code algorithm. This method plays a role in obtaining vulnerability data and security code as a prevention system. The results of this study indicate three categories of web server weaknesses: five at the high level, 164 at the medium level, and 52 vulnerabilities at the low level. Mitigation measures use secure code by denying repeated failed login attempts. These results provide a strategy for web managers to improve security and consider the risk of cyberattacks.