Analisis Keamanan Website SMK VIP Al-Huda Kebumen Menggunakan Metode Penetration Testing Execution Standard (PTES)

Abdur Rahman Fadilah; Ghufron Zaida Muflih

doi:10.58602/chain.v4i3.290

Abdur Rahman Fadilah ^{(Corresponding Author)} Universitas Maarif Nahdlatul Ulama Kebumen
Ghufron Zaida Muflih Universitas Maarif Nahdlatul Ulama Kebumen

DOI: https://doi.org/10.58602/chain.v4i3.290

Keywords: PTES, Website Security, Penetration Testing, OWASP ZAP, Cybersecurity

Abstract

The rapid growth of information technology and internet usage has increased cybersecurity threats to web-based applications. The website of SMK VIP Al Huda Kebumen, which functions as a digital information and service platform, has the potential to become a target of cyberattacks if security evaluations are not conducted regularly. This study aims to analyze the security level of the SMK VIP Al Huda Kebumen website using the Penetration Testing Execution Standard (PTES) method. PTES was chosen because it provides systematic testing stages including pre-engagement interaction, information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. The testing process utilized several tools such as Zenmap/Nmap, OWASP ZAP, SQLMap, DNS Scan, and Infoga. The results indicate that the website still has several potential security vulnerabilities, including open service ports, brute force attack risks on SSH services, credential theft risks on FTP services, and possible exploitation of cPanel services. In addition, the vulnerability analysis identified several low and medium risk vulnerabilities that could potentially be exploited by attackers. Although the system is protected by a firewall and uses Linux operating system with Apache web server, further improvements are still required through regular system updates, better encryption implementation, service access restrictions, and additional security policies. This research is expected to become a reference for improving school website security and preventing cyber threats in educational environments.

References

G. Z. Muflih, I. Riadi, A. Yudhana, and H. I. Azmi, “Comparison Of Forensic Tools On Social Media Services Using,” JIKO (Jurnal Inform. dan Komputer), vol. 6, no. 1, pp. 52–61, 2023, doi: 10.33387/jiko.v6i1.5872.

E. S. Mubasyier Fatah , Yohanes Ngamal, “Kemajuan Tik, Digitaslisasi Membuka Jalan Bagi Pertumbuhan Ekonomi Digital Indonesia,” Manaj. BISNIS, vol. XVI, no. 1, 2024.

A. Fahrudin, G. Z. Muflih, and T. Informatika, “Analisis Forensik Digital Pada Pesan Whatsapp Yang Terenkripsi Dengan Pretty Good Privacy ( Pgp ) Menggunakan Framework Dfrws,” vol. 9, no. 1, pp. 780–787, 2025, doi: https://doi.org/10.36040/jati.v9i1.12506.

S. Lika, R. Dwi, P. Halim, and I. Verdian, “Analisa Serangan Sql Injeksi Menggunakan Sqlmap Implementation Of Online Accounting Software As Supporting Of Financial Statement,” vol. 4, no. 2, pp. 88–94, 2018, doi: https://doi.org/10.31961/positif.v4i2.610.

M. A. Dio Wahyu Saputra , Risqy Siwi Pradini, “Analisis dan Rekomendasi Keamanan Website Kampus X,” vol. 6, no. 1, pp. 830–843, 2025, doi: https://doi.org/10.35870/jimik.v6i1.1306.

N. H. Nurasmawati, Mansur, “Analisis Kerentanan Keamanan pada Website Kelurahan Rimba Sekampung dengan Menggunakan Framework OWASP ZAP,” JUTIN J. Tek. Ind. Terintegrasi, vol. 8, no. 4, 2025, doi: 10.31004/jutin.v8i4.48523.

I. Rahayu and J. M. Parenreng, “Pengujian Keamanan Website Sistem Informasi Pengajuan Judul ( SIMPEL ) menggunakan Metode Pengujian Penetrasi,” vol. 0, pp. 1–18.

R. Rahman, “Analisis Penerapan Ssl / Tls Dalam Menjaga Keamanan Transmisi Data Pada Aplikasi Web,” vol. 10, no. 1, pp. 171–173, 2026.

G. Z. Muflih, F. Teknik, T. Informatika, K. Jaringan, M. Routeros, and P. Pesantren, “Implementasi Web Filtering Firewall untuk Keamanan pada Jaringan Internet di Pondok Pesantren Al Hidayah Kebumen,” vol. 8, pp. 46–59, 2025, doi: https://doi.org/10.36080/skanika.v8i1.3298.

S. Alhidamkara and I. Lucia Kharisma, “Analisis Keamanan Website Sekolah Menengah Atas Negeri 1 Surade Dengan Pendekatan Comprehensive Website Security Assessment Website Security Analysis for State Senior High School 1 Surade with a Comprehensive Website Security Assessment Approach,” pp. 57–65, 2023.

D. A. Utama, K. Khairil, and R. Supardi, “Analisis Keamanan Website Menggunakan Ptes (Penetration Testing Execution And Standart),” J. Media Infotama, vol. 20, no. 1, pp. 106–112, 2024, [Online]. Available: https://jurnal.unived.ac.id/index.php/jmi/article/view/5367%0Ahttps://jurnal.unived.ac.id/index.php/jmi/article/download/5367/4261

B. P. Zen, R. A. G. Gultom, A. H. S. Reksoprodjo, P. T. Penginderaan, F. T. Pertahanan, and U. Pertahanan, “Analisis Security Assessment Menggunakan Metode Penetration Testing Dalam Menjaga Kapabilitas Keamanan Teknologi Informasi Pertahanan Negara,” pp. 105–122.

S. Utoro, B. A. Nugroho, M. Meinawati, and S. R. Widianto, “Analisis Keamanan Website E-Learning SMKN 1 Cibatu Menggunakan Metode Penetration Testing Execution Standard,” Multinetics, vol. 6, no. 2, pp. 169–178, 2020, doi: 10.32722/multinetics.v6i2.3432.

F. Y. Fauzan and S. Syukhri, “Analisis Metode Web Security PTES (Penetration Testing Execution And Standart) Pada Aplikasi E-Learning Universitas Negeri Padang,” Voteteknika (Vocational Tek. Elektron. dan Inform., vol. 9, no. 2, p. 105, 2021, doi: 10.24036/voteteknika.v9i2.111778.

M. Nur Fikri, B. Parga Zen, R. Adhitama, and E. Ahmad Firdaus, “Analisis Keamanan Sistem Informasi Website SMA Negeri 1 Sokaraja Menggunakan Metode Penetration Testing Execution Standard (PTES),” J. Inform., vol. 2, no. 2, pp. 19–27, 2023, doi: 10.57094/ji.v2i2.1046.