Security Testing of Personnel Management Information System (SIMPEG) Website Using the OWASP Web Security Testing (WSTG) Framework

Abrar Khalida; Aulia Syarif  Aziz

doi:10.59141/jiss.v6i4.1687

Security Testing of Personnel Management Information System (SIMPEG) Website Using the OWASP Web Security Testing (WSTG) Framework

Authors

Abrar Khalida Universitas Islam Negeri Ar-Raniry
Aulia Syarif Aziz Universitas Islam Negeri Ar-Raniry, Indonesia

DOI:

https://doi.org/10.59141/jiss.v6i4.1687

Keywords:

Web Security, OWASP, Information System, Penetration Testing, Client-side testing

Abstract

This research examines the security of the Employee Management Information System (SIMPEG) at UIN Ar-Raniry Banda Aceh using the OWASP Web Security Testing Guide (WSTG) framework. The aim of this study is to identify and address potential security vulnerabilities within the system. The research is divided into three phases: identifying the issues, performing grey-box penetration testing with a focus on client-side testing as outlined in OWASP WSTG, and reporting the findings using the WSTG Checklist. The testing results revealed that out of the thirteen tests conducted, one vulnerability related to Cross Origin Resource Sharing (CORS) was discovered. This study concludes that the SIMPEG system at UIN Ar-Raniry Banda Aceh demonstrates a good level of security, though further improvements are necessary to address the identified issues. Recommendations for enhancing the security of SIMPEG include continuous testing and updates to address emerging threats.

Downloads

Published

2025-04-26

How to Cite

Khalida, A., & Aziz, A. S. . (2025). Security Testing of Personnel Management Information System (SIMPEG) Website Using the OWASP Web Security Testing (WSTG) Framework. Jurnal Indonesia Sosial Sains, 6(4), 1061–1066. https://doi.org/10.59141/jiss.v6i4.1687

Download Citation

Issue

Vol. 6 No. 4 (2025): Jurnal Indonesia Sosial Sains

Section

Articles

License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike 4.0 International. that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.