Mitigation Web Server for Cross-Site Scripting Attack Using Penetration Testing Method

• Published in: International journal of safety and security engineering Vol. 12; no. 2; pp. 201 - 208
• Main Authors: Fadlil, Abdul, Riadi, Imam, Fachri, Fahmi
• Format: Journal Article
• Language: English
• Published: 29.04.2022
• ISSN: 2041-9031; 2041-904X
• DOI: 10.18280/ijsse.120208

The increasing number of user-oriented applications uploading all their information to the web is causing cyber-attacks and data theft. One of the most prevalent vulnerabilities is Cross-Site Scripting (XSS). Intruders take advantage of these attacks to access sensitive user data. This study aims to mitigate XSS attacks by using the penetration testing method as an official effort to improve web server security. The subject of this research uses the login form from the academic information system web server. This study offers a mitigation system prototype against XSS using the penetration test method and the secure code algorithm. This method plays a role in obtaining vulnerability data and security code as a prevention system. The results of this study indicate three categories of web server weaknesses: five at the high level, 164 at the medium level, and 52 vulnerabilities at the low level. Mitigation measures use secure code by denying repeated failed login attempts. These results provide a strategy for web managers to improve security and consider the risk of cyberattacks.