SYSTEMATIC LITERATURE REVIEW PENETRATION TESTING PADA KEAMANAN WEBSITE

Authors

  • Lamintang Ramadhan Politeknik Imigrasi
  • Nurul Maharani Piranti Politeknik Imigrasi
  • Okky Pratama Martadireja Politeknik Imigrasi

DOI:

https://doi.org/10.23969/jp.v10i04.33554

Keywords:

cybersecurity , literature review, OWASP, penetration testing

Abstract

Advances in internet technology pose major challenges in maintaining website security against various cyber threats. This Systematic Literature Review (SLR) aims to identify and analyze the methods and tools used in website security testing with a focus on penetration testing. This study was conducted by screening 1,911,363 initial articles obtained from various academic repositories, such as IEEE Xplore, Springer Link, Crossref, Semantic, and Google Scholar, resulting in 32 articles that met the inclusion criteria based on their relevance and quality. The results of the study show that the penetration testing approach is dominated by various security frameworks, including OWASP, ISSAF, OSSTMM, and PTES, which are used to evaluate and strengthen web system security. In addition, this study reveals that tools such as Acunetix, Nmap, Metasploit, Burp Suite, and SQLmap are often used to detect and exploit security vulnerabilities. Several studies also highlight the integration of machine learning technology in detecting attacks such as SQL Injection and Cross-Site Scripting (XSS), which indicates a new trend in website security testing. The conclusion of this study emphasizes the need for a more adaptive approach to penetration testing, combining automation techniques and manual analysis to improve the effectiveness of threat detection and mitigation. The results of this study can serve as a reference for academics and cybersecurity practitioners in choosing the optimal strategy to secure website systems from evolving threats.

Downloads

Download data is not yet available.

References

Yuan, Y., Apruzzese, G., & Conti, M. (2025). Beyond the west: Revealing and bridging the gap between Western and Chinese phishing website detection. Computers & Security, 148(June 2024), 104115. https://doi.org/10.1016/j.cose.2024.104115

Ariyadi, T., Salsabila, A. P., & Nugroho, Y. P. (2025). Implementasi secure code pada pengembangan sistem keamanan website Teknik Komputer Universitas Bina Darma menggunakan penetration testing dan OWASP ZAP. Jurnal, 4(1).

Ainurrohman, M., & Nurasri, Y. (2025). Pengujian keamanan website JDIH Kab. Tegal menggunakan Acunetix dengan standar ISO/IEC 27001:2013. Jurnal, 2(3), 3320–3323.

Issaf, M. (2025). Analisis dan rekomendasi keamanan website Kampus X. Jurnal, 6(1), 830–843.

Mario, F., Tjiptabudi, H., & Ndaumanu, R. I. (2024). Evaluasi celah keamanan website Dana Pensiun X melalui penetration testing berdasarkan ISSAF framework. Algoritma, 21(2), 9–17. https://doi.org/10.33364/algoritma/v.21-2.1644

Huovila, V. (2024). Improving the security of SQL Server using SQL-Map tool. Jurnal, (February).

Perdianza, M. E., Firdaus, M. A., Indah, D. R., Sriwijaya, U., Ilir, O., & Selatan, S. (2024). Information technology risk management using ISO 31000 based on the ISSAF penetration testing framework. Jurnal, 839–851.

Agung, I. G., & Pramana, S. (2024). Web application penetration testing on Udayana University’s OASE E-learning platform using Information System Security Assessment Framework (ISSAF) and Open Source Security Testing Methodology Manual (OSSTMM). International Journal of Information Technology and Computer Science, 16(2), 45–56. https://doi.org/10.5815/ijitcs.2024.02.04

Jaelani, W. L., Yanto, Y., & Khoirunnisa, F. (2023). Penetration testing website dengan metode black box testing untuk meningkatkan keamanan website pada instansi. Naratif: Jurnal Nasional Riset, Aplikasi, dan Teknologi Informasi, 5(1), 1–8. https://doi.org/10.53580/naratif.v5i1.180

Pratama, K. D., & Anwar, N. (2023). Impact analysis of web application firewall on website-based application security (Case study PPDB Kak Seto School Website). Mobile Forensics, 5(1), 44–58. https://doi.org/10.12928/mf.v5i1.8914

Andriyani, S., Sidiq, M. F., & Zen, B. P. (2023). Analisis celah keamanan pada website dengan menggunakan metode penetration testing dan framework ISSAF pada website SMK Al-Kautsar. Jurnal Informatika dan Information Technology, 8798, 1–13.

Adha, M., KWA, Z. D., & Muhammad, A. H. (2023). Website security test at the University of Mataram using vulnerability assessment. JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), 8(2), 647–655. https://doi.org/10.29100/jipi.v8i2.3830

Altulaihan, E. A., Alismail, A., & Frikha, M. (2023). A survey on web application penetration testing. Electronics, 12(5). https://doi.org/10.3390/electronics12051229

Kaur, J., Garg, U., & Bathla, G. (2023). Detection of cross-site scripting (XSS) attacks using machine learning techniques: A review. Artificial Intelligence Review, 56(11). https://doi.org/10.1007/s10462-023-10433-3

Safitra, M. F., Lubis, M., & Widjajarto, A. (2023). Security vulnerability analysis using Penetration Testing Execution Standard (PTES): Case study of government’s website. ACM International Conference Proceeding Series, 139–145. https://doi.org/10.1145/3592307.3592329

Nabila, A., Mas, E., & Saptono, R. (2023). Analysis and implementation of the ISSAF framework on OSSTMM on website security vulnerabilities testing in Polinema. Jurnal, 13(1).

Fitri, I. N. (2023). Analisis keamanan website. Fakultas Teknik dan Sains, UMP.

Shaik, A. (2023). Pentesting on web applications using ethical hacking. Gannon University.

Utama, A. W., & Fitrani, A. S. (2022). Techniques for testing website security using the escaping metacharacter method. Procedia Engineering and Life Science, 2(2). https://doi.org/10.21070/pels.v2i2.1223

Ashar, R. (2022). Analysis of open website security using OWASP and ISSAF methods. Jurnal Informasi dan Teknologi, 4(4), 187–194. https://doi.org/10.37034/jidt.v4i4.233

Ilmi, A., Seta, H. B., & Pradnyana, I. W. W. (2022). Evaluasi risiko celah keamanan menggunakan metodologi Open-Source Security Testing Methodology Manual (OSSTMM) pada aplikasi web terbaru Fakultas Ilmu Komputer UPN Veteran Jakarta. Jurnal, 4221, 190–197.

Azis, R., & Yazid, S. (2021). Pengujian kerentanan website Wordpress dengan menggunakan penetration testing untuk menghasilkan website yang aman. Jurnal Restikom: Riset Teknik Informatika dan Komputer, 3(3), 93–105.

Alanda, A., Satria, D., Ardhana, M. I., Dahlan, A. A., & Mooduto, H. A. (2021). Web application penetration testing using SQL injection attack. International Journal of Informatics and Visualization, 5(3), 320–326. https://doi.org/10.30630/joiv.5.3.470

Wibowo, R. M., & Sulaksono, A. (2021). Web vulnerability through cross site scripting (XSS) detection with OWASP Security Shepherd. Indonesian Journal of Information Systems, 3(2), 149–159. https://doi.org/10.24002/ijis.v3i2.4192

Devi, R. S., & Kumar, M. M. (2020). Testing for security weakness of web applications using ethical hacking. Proceedings of the 4th International Conference on Trends in Electronics and Informatics (ICOEI 2020), 354–361. https://doi.org/10.1109/ICOEI48184.2020.9143018

Sanjaya, I. G. A. S., Sasmita, G. M. A., & Arsa, D. M. S. (2020). Evaluasi keamanan website Lembaga X melalui penetration testing menggunakan framework ISSAF. Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), 8(2), 113. https://doi.org/10.24843/jim.2020.v08.i02.p05

Sanjaya, I. G. A. S., Sasmita, G. M. A., & Arsa, D. M. S. (2020). Information technology risk management using ISO 31000 based on ISSAF framework penetration testing (Case study: Election commission of X city). International Journal of Computer Networks and Information Security, 12(4), 30–40. https://doi.org/10.5815/ijcnis.2020.04.03

Rodríguez, G. E., Torres, J. G., Flores, P., & Benavides, D. E. (2020). Cross-site scripting (XSS) attacks and mitigation: A survey. Computer Networks, 166(November). https://doi.org/10.1016/j.comnet.2019.106960

Simran, G., & D, S. (2019). Vulnerability assessment of web applications using penetration testing. International Journal of Recent Technology and Engineering, 8(4), 1552–1556. https://doi.org/10.35940/ijrte.b2133.118419

Sahiti, V., Tilakchand, P., Kowshik, B., Avinash, P., & Kavya, S. L. (2019). Penetration testing using Wireshark and defensive mechanisms against MITM. International Journal of Recent Technology and Engineering, 7(6), 880–885.

Goutam, A., & Tiwari, V. (2019). Vulnerability assessment and penetration testing to enhance the security of web application. Proceedings of the 4th International Conference on Information Systems and Computer Networks (ISCON 2019), 601–605. https://doi.org/10.1109/ISCON47742.2019.9036175

Nagendran, K., Adithyan, A., Chethana, R., Camillus, P., & Varshini, K. B. B. S. (2019). Web application penetration testing. International Journal of Innovative Technology and Exploring Engineering, 8(10), 1029–1035. https://doi.org/10.35940/ijitee.J9173.0881019,

Downloads

Published

2026-02-17

Issue

Vol. 10 No. 04 (2025): Volume 10 No. 04 Desember 2025 In Published

Section

Articles

License

Copyright (c) 2026 Pendas : Jurnal Ilmiah Pendidikan Dasar

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.