Penetration Testing and Vulnerability Analysis of SINTA Platform to Strengthen Privacy and Data Protection

DOI: https://doi.org/10.30996/jitcs.12216
Keywords: cybersecurity, pentesting, Science and Technology Index, Sinta

Abstract

The increasing reliance on digital platforms for academic and governmental purposes necessitates robust cybersecurity measures. Consequently, identifying vulnerability is critical to ensuring data security and providing actionable recommendations for cybersecurity officers. Platforms like Sinta (Science and Technology Index), which focus on collecting peer-reviewed papers and maintaining researcher’s research records, represents significant governmental contributions in academia. Cybersecurity awareness is demonstrated through events organized to evaluate the vulnerability of the platform, enabling researchers to access its security and report potential issues. This study addresses these concerns by conducting system penetration testing using the OWASP and Burp Suite Framework, focusing on identifying five critical vulnerabilities. The evaluation examines issues, such as sensitive data exposure in API responses, error log disclosures, email enumeration, and improper access to system files. The results reveal that the platform suffers from multiple levels of security vulnerabilities, prompting recommendations for authorities to take actions to mitigate potential risks effectively. 

Downloads

Download data is not yet available.

Author Biographies

Supangat Supangat, Universitas 17 Agustus 1945 Surabaya

Department of Information Systems and Technology

Anis Rahmawati Amna, Universitas 17 Agustus 1945 Surabaya

Department of Information Systems and Technology

Mochamad Yovi Fatchur Rochman, Universiti Tun Hussein Onn Malaysia

Faculty of Computer Science and Information Technology

References

Acunetix. (2023, 09 28). Composer installed.json publicly accessible. Retrieved from Acunetix: https://www.acunetix.com/vulnerabilities/web/composer-installed-json-publicly-accessible/

Albalawi, N., Alamrani, N., Aloufi, R., Albalawi, M., Aljaedi, A., & Alharbi, A. R. (2023). The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities. Electronics, 12(12), 2664. doi:https://doi.org/10.3390/electronics12122664

Alhamed, M., & Rahman, M. M. (2023). A Systematic Literature Review on Penetration Testing in Networks: Future Research Directions. Applied Sciences, 13(12), 6986. doi:https://doi.org/10.3390/app13126986

Althunayyan, M., Saxena, N., Li, S., & Gope, P. (2022). Evaluation of Black-Box Web Application Security Scanners in Detecting Injection Vulnerabilities. Electronics, 11(13), 2049. doi:https://doi.org/10.3390/electronics11132049

Cahyanto, I. (2023). Privacy Challenges in Using Wearable Technology in Education Literature Review. Formosa Journal of Applied Sciences (FJAS), 2(6), 909-928. doi:https://doi.org/10.55927/fjas.v2i6.4272

Dobon, D. (2023, 08). Email enumeration vulnerability on “Password Reset” dialogue. Retrieved from Discourse: https://meta.discourse.org/t/email-enumeration-vulnerability-on-password-reset-dialogue/273449

Folorunso, A., Wada, I., Samuel, B., & Mohammed, V. (2024). Security compliance and its implication for cybersecurity. World Journal of Advanced Research and Reviews, 24(1), 2105–2121. doi:https://doi.

org/10.30574/wjarr.2024.24.1.3170

Kementerian Pendidikan, Kebudayaan, Riset, dan Teknologi Republik Indonesia. (2020). Sinta (Science and Technology Index). Retrieved 02 10, 2025, from Kementerian Pendidikan, Kebudayaan, Riset, dan Teknologi Republik Indonesia: https://sinta.kemdikbud.go.id/

Kyriazoglou, J. (2024). Summarizing ISO 27K and Major Privacy Regulations. In J. Kyriazoglou, Information Security Incident and Data Breach Management: A Step-by-Step Approach (pp. 15–26). Berkeley, CA: Apress. doi:https://doi.org/10.1007/979-8-8688-0870-8_2

OWASP. (2017). OWASP Top Ten 2017: A3:2017-Sensitive Data Exposure. Retrieved from OWASP: https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure

OWASP. (2021). A07:2021 – Identification and Authentication Failures. Retrieved from OWASP: https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/

OWASP. (2024). OWASP Top Ten. Retrieved 02 10, 2025, from OWASP: https://owasp.org/www-project-top-ten/

Sánchez-García, I. D., Mejía, J., & Gilabert, T. S. ( 2023). Cybersecurity Risk Assessment: A Systematic Mapping Review, Proposal, and Validation. Applied Sciences, 13(1), 395. doi:https://doi.org/10.3390/app13010395

Santos, F., & Acosta, N. (2023). An Approach Based on Web Scraping and Denoising Encoders to Curate Food Security Datasets. Agriculture, 13(5), 1015. doi:https://doi.org/10.3390/agriculture13051015

Seara, J. P., & Serrão, C. (2024). Automation of System Security Vulnerabilities Detection Using Open-Source Software. Electronics, 13(5), 873. doi:https://doi.org/10.3390/electronics13050873

Shahid, J., Hameed, M. K., Javed, I. T., Qureshi, K. N., Ali, M., & Crespi, N. (2022). A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions. Applied Sciences, 12(8). doi:https://doi.org/10.3390/app12084077

Stef, M. P., & Polgar, Z. A. (2024). Software Platform for the Comprehensive Testing of Transmission Protocols Developed in GNU Radio. Information, 15(1), 62. doi:https://doi.org/10.3390/info15010062

Tenable. (2019, 05 16). Gitignore File Detected. Retrieved from tenable: https://www.tenable.com/plugins/was/98595

Yazıcıoğlu, M. B. (2024). ISO 27001, KVKK, and GDPR: A Comparison of Information Security and Data Protection Standards. Journal of Engineering and Technology, 5(1), 11-21. Retrieved from https://dergipark.org.tr/en/pub/jetech/issue/85597/1488191

Zardari, S., Alam, S., Salem, H. A., Reshan, M. S., Shaikh, A., Malik, A. F., . . . Mouratidis, H. (2022). A Comprehensive Bibliometric Assessment on Software Testing (2016–2021). Electronics, 11(13), 1984. doi:https://doi.org/10.3390/electronics11131984

Published
2025-03-03
How to Cite
Supangat, S., Amna, A. R., & Rochman, M. Y. F. (2025). Penetration Testing and Vulnerability Analysis of SINTA Platform to Strengthen Privacy and Data Protection. Journal of Information Technology and Cyber Security. https://doi.org/10.30996/jitcs.12216
Issue
2025
Section
Research Article

Copyright (c) 2025 The Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

 

Copyright Notice based on COPE (Committee on Publication Ethics) for JITCS: Journal of Information Technology and Cyber Security

  1. Ownership and Copyright:

    1. JITCS: Journal of Information Technology and Cyber Security respects the intellectual property rights of authors. The copyright for individual articles published in JITCS is retained by the respective authors, unless otherwise specified.
    2. The articles published in JITCS are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND 4.0), which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial, and no modifications or adaptations are made.
    3. JITCS serves as the initial publisher of the articles, providing them with the first publication platform.

  2. Permissions and Usage:

    1. Distribution for Non-Commercial Purposes: Permitted: Users are allowed to distribute the article for non-commercial purposes, provided the original work is properly cited and no modifications or adaptations are made.
    2. Distribution for Commercial Purposes: Not Permitted: The article may not be distributed for any commercial purposes without obtaining prior written permission from the author(s).
    3. Inclusion in a Collective Work (e.g., Anthology) for Non-Commercial Purposes: Permitted: Users are allowed to include the article in a collective work, such as an anthology, as long as the use is non-commercial and the work remains unchanged.
    4. Inclusion in a Collective Work for Commercial Purposes: Not Permitted: The article may not be included in any collective work or anthology intended for commercial purposes without prior permission from the author(s).
    5. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works (e.g., Translation) for Non-Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for non-commercial purposes.
    6. Creation and Distribution of Revised Versions, Adaptations, or Derivative Works for Commercial Purposes: Not Permitted: Users may not create or distribute revised versions, adaptations, or derivative works, including translations, for commercial purposes.
    7. Text or Data Mining for Non-Commercial Purposes: Permitted: Users are permitted to engage in text or data mining of the article for non-commercial research purposes, provided the original work is properly attributed.
    8. Text or Data Mining for Commercial Purposes: Not Permitted: Users may not engage in text or data mining of the article for commercial purposes without obtaining explicit permission from the author(s).

  3. Attribution and Citation:

    1. Proper attribution and citation of the published work should be provided when using or referring to content from JITCS. This includes clearly indicating the authors, the title of the article, the journal name (JITCS), the volume/issue number, the publication year, and the article's DOI (Digital Object Identifier) when available.
    2. When adapting or modifying the published content, proper attribution to the original source should be given, and the adapted or modified content should be shared under the same CC BY-NC-ND 4.0 license.

  4. Plagiarism and Copyright Infringement:

    1. JITCS considers plagiarism and copyright infringement as serious ethical violations. Authors are responsible for ensuring that their submitted work is original and does not infringe upon the copyright or intellectual property rights of others.
    2. Any allegations of plagiarism or copyright infringement will be investigated promptly and thoroughly. If proven, appropriate actions, including rejection of the manuscript, retraction of the published article, or other corrective measures, will be taken.

  5. Open Access Licensing:

    1. JITCS supports open access publishing and encourages authors to consider publishing their work under the CC BY-NC-ND 4.0 license to promote the dissemination and use of knowledge in the field of information technology and cyber security.
    2. The specific terms and conditions of the CC BY-NC-ND 4.0 license will be clearly indicated on the published articles.

  6. Policy Review: This Copyright Notice will be periodically reviewed and updated to ensure its continued relevance and compliance with copyright laws, ethical standards, and open access principles in scholarly publishing. Any updates or revisions to the notice will be communicated to the relevant stakeholders.

By adhering to this Copyright Notice, JITCS aims to protect the rights of authors, promote proper attribution and citation practices, and facilitate the responsible and legal use of the published content in accordance with the CC BY-NC-ND 4.0 license.