Pengujian Keamanan Website XYZ Menggunakan Metode Vulnerability Assessment & Penetration Testing

Website security especially in the e-commerce sector, is an aspect that needs to be considered in implementing Cloudflare and Strict-Transport-Security Header to maintain data availability to increase customer or supplier trust. This study aims to test the security of the XYZ website using the Vulnerability Assessment Penetration Testing (VAPT) method. The implementation of the VAPT method has 4 stages starting from information gathering, vulnerability scanning, penetration testing, and report and result. The testing method used is the Disributed Denial of Service (DDoS), Clickjacking and Cross Site Request Forgery (CSRF) techniques. The results of the study showed that the website was not safe from DDoS attacks found on port 80 based on the results of scanning open ports using nmap, and with the CSRF technique on login elements that did not use CSRF anti-tokens. To avoid DDoS and CSRF attacks, the prevention is to use Cloudflare, the Laravel framework, the X-Frame-Option-Header configuration, implementing Content Security Policy (CSP) and HTTP Strict-Transport-Security (HSTS).