https://onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=Report_Penetration_Test%3A_Contoh_Rekomendasi_Mitigasi
Report Penetration Test: Contoh Rekomendasi Mitigasi - Revision history
2026-04-04T03:50:11Z
Revision history for this page on the wiki
MediaWiki 1.35.4
https://onnocenter.or.id/wiki/index.php?title=Report_Penetration_Test:_Contoh_Rekomendasi_Mitigasi&diff=70729&oldid=prev
Onnowpurbo at 01:05, 1 October 2024
2024-10-01T01:05:23Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 01:05, 1 October 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">Berikut adalah contoh rekomendasi mitigasi sementara yang dapat dimasukkan ke dalam laporan hasil penetration test untuk kuliah ethical hacking:</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">==Rekomendasi Mitigasi Sementara==</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">---</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">'''Temuan:''' SQL Injection pada form login aplikasi web. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">'''Risiko:''' Potensi akses tidak sah ke basis data, termasuk manipulasi data atau eskalasi hak akses.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">### Rekomendasi Mitigasi Sementara</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">==Langkah-langkah mitigasi sementara:==</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>*<del class="diffchange diffchange-inline">*Temuan</del>:** <del class="diffchange diffchange-inline">SQL Injection </del>pada form login <del class="diffchange diffchange-inline">aplikasi web</del>. <del class="diffchange diffchange-inline"> </del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">'''Validasi Input Sementara</ins>:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>**<del class="diffchange diffchange-inline">Risiko:** Potensi akses tidak sah ke basis data, termasuk manipulasi data </del>atau <del class="diffchange diffchange-inline">eskalasi hak akses</del>.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** <ins class="diffchange diffchange-inline">Implementasikan sanitasi input </ins>pada <ins class="diffchange diffchange-inline">level aplikasi dengan memastikan setiap data yang masuk ke </ins>form login <ins class="diffchange diffchange-inline">di-*escape* dan difilter dari karakter khusus seperti `'`, `"`, `--`, dan `;`</ins>.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** <ins class="diffchange diffchange-inline">Gunakan fungsi seperti `mysqli_real_escape_string()` (PHP) </ins>atau <ins class="diffchange diffchange-inline">parameterized query di aplikasi lain untuk mencegah injeksi langsung</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>*<del class="diffchange diffchange-inline">*Langkah-langkah mitigasi sementara</del>:**</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">'''Pembatasan Hak Akses Database</ins>:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** <ins class="diffchange diffchange-inline">Batasi hak akses user aplikasi pada basis data. Misalnya, pastikan user yang terhubung melalui aplikasi hanya memiliki izin "SELECT" dan "INSERT", serta tidak memiliki hak "DROP", "UPDATE", atau "DELETE" hingga perbaikan penuh dapat dilakukan.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">1. </del>*<del class="diffchange diffchange-inline">*Validasi Input Sementara</del>:<del class="diffchange diffchange-inline">**</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">'''Penerapan WAF (Web Application Firewall)</ins>:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> - Implementasikan sanitasi input pada level aplikasi dengan memastikan setiap data yang masuk ke form login di-</del>*<del class="diffchange diffchange-inline">escape</del>* <del class="diffchange diffchange-inline">dan difilter dari karakter khusus seperti `'`, `"`, `-</del>-<del class="diffchange diffchange-inline">`, dan `;`</del>.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** <ins class="diffchange diffchange-inline">Gunakan WAF sementara untuk memblokir pola</ins>-<ins class="diffchange diffchange-inline">pola serangan umum SQL Injection</ins>. <ins class="diffchange diffchange-inline">Banyak solusi WAF komersial atau open</ins>-<ins class="diffchange diffchange-inline">source (</ins>seperti <ins class="diffchange diffchange-inline">ModSecurity</ins>) <ins class="diffchange diffchange-inline">dapat digunakan </ins>untuk <ins class="diffchange diffchange-inline">memantau dan memblokir permintaan berbahaya</ins>.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>- <del class="diffchange diffchange-inline">Gunakan fungsi </del>seperti <del class="diffchange diffchange-inline">`mysqli_real_escape_string(</del>)<del class="diffchange diffchange-inline">` (PHP) atau parameterized query di aplikasi lain </del>untuk <del class="diffchange diffchange-inline">mencegah injeksi langsung</del>.</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">2. </del>*<del class="diffchange diffchange-inline">*Pembatasan Hak Akses Database</del>:**</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">'''Penerapan Log Monitoring</ins>:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> - Batasi hak akses user </del>aplikasi <del class="diffchange diffchange-inline">pada basis data</del>. <del class="diffchange diffchange-inline">Misalnya, pastikan user </del>yang <del class="diffchange diffchange-inline">terhubung melalui aplikasi hanya memiliki izin "SELECT" dan "INSERT", serta </del>tidak <del class="diffchange diffchange-inline">memiliki hak "DROP", "UPDATE", </del>atau <del class="diffchange diffchange-inline">"DELETE" hingga perbaikan penuh dapat dilakukan</del>.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** <ins class="diffchange diffchange-inline">Aktifkan dan pantau log </ins>aplikasi <ins class="diffchange diffchange-inline">serta server untuk mendeteksi aktivitas yang mencurigakan terkait SQL Injection</ins>. <ins class="diffchange diffchange-inline">Ini termasuk mendeteksi permintaan </ins>yang tidak <ins class="diffchange diffchange-inline">lazim </ins>atau <ins class="diffchange diffchange-inline">pola percobaan eksploitasinya</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">3. *</del>*<del class="diffchange diffchange-inline">Penerapan WAF (Web Application Firewall)</del>:**</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">'''Penggunaan Rate Limiting</ins>:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> - Gunakan WAF sementara untuk memblokir pola-pola </del>serangan <del class="diffchange diffchange-inline">umum </del>SQL Injection<del class="diffchange diffchange-inline">. Banyak solusi WAF komersial atau open</del>-<del class="diffchange diffchange-inline">source (seperti ModSecurity) dapat digunakan </del>untuk <del class="diffchange diffchange-inline">memantau dan memblokir permintaan berbahaya</del>.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** <ins class="diffchange diffchange-inline">Batasi jumlah permintaan yang dapat dikirim ke form login dalam waktu tertentu. Ini akan mengurangi kemungkinan </ins>serangan <ins class="diffchange diffchange-inline">brute force </ins>SQL Injection <ins class="diffchange diffchange-inline">yang berulang</ins>-<ins class="diffchange diffchange-inline">ulang dilakukan </ins>untuk <ins class="diffchange diffchange-inline">mengekstraksi informasi dari basis data</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">4. </del>*<del class="diffchange diffchange-inline">*Penerapan Log Monitoring</del>:**</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">'''Implementasi CAPTCHA</ins>:<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> - Aktifkan dan pantau log aplikasi serta server </del>untuk <del class="diffchange diffchange-inline">mendeteksi aktivitas </del>yang <del class="diffchange diffchange-inline">mencurigakan terkait </del>SQL <del class="diffchange diffchange-inline">Injection. Ini termasuk mendeteksi permintaan yang tidak lazim atau pola percobaan eksploitasinya</del>.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** <ins class="diffchange diffchange-inline">Pasang CAPTCHA pada form login </ins>untuk <ins class="diffchange diffchange-inline">mengurangi serangan otomatis </ins>yang <ins class="diffchange diffchange-inline">mungkin mencoba mengeksekusi injeksi </ins>SQL <ins class="diffchange diffchange-inline">secara berulang-ulang</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">5. **Penggunaan Rate Limiting</del>:<del class="diffchange diffchange-inline">**</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">'''Catatan</ins>:<ins class="diffchange diffchange-inline">''' Langkah</ins>-<ins class="diffchange diffchange-inline">langkah mitigasi sementara ini tidak menggantikan perbaikan penuh</ins>. <ins class="diffchange diffchange-inline">Sebaiknya, perbaikan utama berupa penggunaan parameterized query atau ORM (Object</ins>-<ins class="diffchange diffchange-inline">Relational Mapping) segera diimplementasikan </ins>untuk <ins class="diffchange diffchange-inline">mencegah injeksi SQL secara keseluruhan</ins>.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>- <del class="diffchange diffchange-inline">Batasi jumlah permintaan yang dapat dikirim ke form login dalam waktu tertentu</del>. <del class="diffchange diffchange-inline">Ini akan mengurangi kemungkinan serangan brute force SQL Injection yang berulang</del>-<del class="diffchange diffchange-inline">ulang dilakukan </del>untuk <del class="diffchange diffchange-inline">mengekstraksi informasi dari basis data</del>.</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">6</del>. <del class="diffchange diffchange-inline">**Implementasi CAPTCHA:**</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">Rekomendasi ini dapat diadaptasi sesuai dengan jenis kerentanan yang ditemukan</ins>. <ins class="diffchange diffchange-inline">Fokusnya adalah memberikan solusi sementara </ins>untuk mengurangi <ins class="diffchange diffchange-inline">risiko sambil menunggu perbaikan penuh</ins>.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> - Pasang CAPTCHA pada form login </del>untuk mengurangi <del class="diffchange diffchange-inline">serangan otomatis yang mungkin mencoba mengeksekusi injeksi SQL secara berulang-ulang</del>.</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">**Catatan:** Langkah-langkah mitigasi sementara ini tidak menggantikan perbaikan penuh. Sebaiknya, perbaikan utama berupa penggunaan parameterized query atau ORM (Object-Relational Mapping) segera diimplementasikan untuk mencegah injeksi SQL secara keseluruhan.</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">---</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">==Pranala Menarik==</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">Rekomendasi ini dapat diadaptasi sesuai dengan jenis kerentanan yang ditemukan. Fokusnya adalah memberikan solusi sementara untuk mengurangi risiko sambil menunggu perbaikan penuh.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* [[Ethical Hacking]]</ins></div></td></tr>
</table>
Onnowpurbo
https://onnocenter.or.id/wiki/index.php?title=Report_Penetration_Test:_Contoh_Rekomendasi_Mitigasi&diff=70725&oldid=prev
Onnowpurbo: Created page with "Berikut adalah contoh rekomendasi mitigasi sementara yang dapat dimasukkan ke dalam laporan hasil penetration test untuk kuliah ethical hacking: --- ### Rekomendasi Mitigasi..."
2024-10-01T00:42:13Z
<p>Created page with "Berikut adalah contoh rekomendasi mitigasi sementara yang dapat dimasukkan ke dalam laporan hasil penetration test untuk kuliah ethical hacking: --- ### Rekomendasi Mitigasi..."</p>
<p><b>New page</b></p><div>Berikut adalah contoh rekomendasi mitigasi sementara yang dapat dimasukkan ke dalam laporan hasil penetration test untuk kuliah ethical hacking:<br />
<br />
---<br />
<br />
### Rekomendasi Mitigasi Sementara<br />
<br />
**Temuan:** SQL Injection pada form login aplikasi web. <br />
**Risiko:** Potensi akses tidak sah ke basis data, termasuk manipulasi data atau eskalasi hak akses.<br />
<br />
**Langkah-langkah mitigasi sementara:**<br />
<br />
1. **Validasi Input Sementara:**<br />
- Implementasikan sanitasi input pada level aplikasi dengan memastikan setiap data yang masuk ke form login di-*escape* dan difilter dari karakter khusus seperti `'`, `"`, `--`, dan `;`.<br />
- Gunakan fungsi seperti `mysqli_real_escape_string()` (PHP) atau parameterized query di aplikasi lain untuk mencegah injeksi langsung.<br />
<br />
2. **Pembatasan Hak Akses Database:**<br />
- Batasi hak akses user aplikasi pada basis data. Misalnya, pastikan user yang terhubung melalui aplikasi hanya memiliki izin "SELECT" dan "INSERT", serta tidak memiliki hak "DROP", "UPDATE", atau "DELETE" hingga perbaikan penuh dapat dilakukan.<br />
<br />
3. **Penerapan WAF (Web Application Firewall):**<br />
- Gunakan WAF sementara untuk memblokir pola-pola serangan umum SQL Injection. Banyak solusi WAF komersial atau open-source (seperti ModSecurity) dapat digunakan untuk memantau dan memblokir permintaan berbahaya.<br />
<br />
4. **Penerapan Log Monitoring:**<br />
- Aktifkan dan pantau log aplikasi serta server untuk mendeteksi aktivitas yang mencurigakan terkait SQL Injection. Ini termasuk mendeteksi permintaan yang tidak lazim atau pola percobaan eksploitasinya.<br />
<br />
5. **Penggunaan Rate Limiting:**<br />
- Batasi jumlah permintaan yang dapat dikirim ke form login dalam waktu tertentu. Ini akan mengurangi kemungkinan serangan brute force SQL Injection yang berulang-ulang dilakukan untuk mengekstraksi informasi dari basis data.<br />
<br />
6. **Implementasi CAPTCHA:**<br />
- Pasang CAPTCHA pada form login untuk mengurangi serangan otomatis yang mungkin mencoba mengeksekusi injeksi SQL secara berulang-ulang.<br />
<br />
**Catatan:** Langkah-langkah mitigasi sementara ini tidak menggantikan perbaikan penuh. Sebaiknya, perbaikan utama berupa penggunaan parameterized query atau ORM (Object-Relational Mapping) segera diimplementasikan untuk mencegah injeksi SQL secara keseluruhan.<br />
<br />
---<br />
<br />
Rekomendasi ini dapat diadaptasi sesuai dengan jenis kerentanan yang ditemukan. Fokusnya adalah memberikan solusi sementara untuk mengurangi risiko sambil menunggu perbaikan penuh.</div>
Onnowpurbo