Thursday, 17 May 2018

SCANNING (Web Vulnerability Analysis)

Vulnerability


Vulnerability is designed to generate a priority list of vulnerabilities, Vulnerability will be used by hackers as a way to enter the system illegally. Hackers will usually create an Exploit that is tailored to the vulnerability it has found, Any application (service, desktop, web base) must have a vulnerability or vulnerability. Not all malicious hackers, if the security hole found by malicious hackers (Black Hat) may be used to exploit the system to use for its own benefit, but if found by a good hacker (white hat) biasnaya he will report the security hole to the application developers tesebut for repair. for leading companies such as facebook, google, microsoft etc., they will give a considerable reward for the inventor of bug / vulnerabillity in his system.

On this occasion I will try to do the scanning of Semarang State University website at www.unnes.ac.id using Acunetix Web Vulnerbility tool.


Step use of tools Acunetix Web Vulnerbility
 

First download tools Acunetix Web Vulnerbility
Open the Acunetix tool and input the targeted website on the Scan single website column
acunetik1

Determining the Options selected, at this stage we can choose what options we will scan from the website, if overall select Default.
acunetik2

Menscan Information from the intended target (information from the website that we input)
acunetix3

Login Sequence next
acunetix4


Stage analysis of the targeted website
acunetix5

In the picture above this stage we will get some information about the subdomain contained on the scanned website, the subdomain we can scan also to find other gaps contained in the main website domain.
acunetix6 analisis

In the picture above obtained information about the level of threat (threat) that is on the website of the State University of Semarang the level of threat is located at level 2 (Medium) and Low level. In this level even a gap for a hacker to carry out an attack is very likely to occur.

Red Color : High (high threat level)
Orange Color : Medium (medium threat level)
Blue Color : Low (low threat level)
Green Color : contains information only, but can be made a gap as well

In the Target Information section, there is information about Responsive, Web Server Banner, Operating System used by server and Technology used by Semarang State University website, Unnes is still using apache web server and this web is responsive, with debian linux server.

We also can find statistical data on this web like picture below
acunetix7 analisis

Analysis conclusions 

Website Semarang State University www.unnes.ac.id has a threat level of middle and low class hacks (Medium Level & Low Level), such a gap is still very vulnerable and can be rested by hackers to enter the web server to get all the information contained in it for the benefit of the hacker.



good luck.................


No comments:

Post a Comment