Uji Penetrasi Keamanan Website Dinas Komunikasi Dan Informatika

The official website of the Department of Communication and Informatics of XYZ Regency serves as a medium for publication, interaction, and promotion of regional potential. This website plays a crucial role in disseminating government information to the public. However, its vulnerability to attacks such as SQL Injection, Brute Force, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Distributed Denial of Service (DDoS) poses threats to data integrity and service availability. This research aims to identify security loopholes through automated and manual attacks. The results show that SQL Injection successfully extracted data, while Brute Force failed to obtain valid credentials. Existing protections were effective in preventing XSS and CSRF attacks. The DDoS attack had no significant impact due to mitigation services in place. Security recommendations include input validation and sanitization, the use of Query Builder and prepared statements, framework updates, as well as implementing CAPTCHA and login attempt restrictions. For real-time attack detection and response, Snort is recommended as an Intrusion Detection System (IDS). This study is expected to raise awareness of the importance of website security and provide practical measures to reduce the risk of attacks on the official website of the Department of Communication and Informatics of XYZ Regency.