SECURITY ANALYSIS OF PAYROLL SYSTEM USING THE PENETRATION TESTING EXECUTION STANDARD (PTES) AND OWASP TOP 10 2021

Authors

DOI:

https://doi.org/10.33480/pilar.v22i1.8267

Keywords:

OWASP Top 10, payroll system, penetration testing, PTES, web application security

Abstract

The payroll system plays a critical role in human resource management as it processes and stores sensitive employee data, including personal identity, salary information, financial records, and employment history. The increasing reliance on web-based applications has significantly improved operational efficiency; however, it also increases exposure to cybersecurity threats when security controls are not optimally implemented. This study aims to analyze security vulnerabilities in the payroll system of PT. Vidira Eshan Abadi using the Penetration Testing Execution Standard (PTES) methodology, with OWASP Top 10 2021 used as a vulnerability classification framework. The research stages include pre-engagement interactions, reconnaissance, scanning, enumeration, exploitation, post-exploitation analysis, and reporting. Security testing was conducted using tools such as Nuclei, Gobuster, Dirsearch, Burp Suite, and SQLMap. The results indicate the presence of several vulnerabilities with low to high severity levels, including security misconfiguration, absence of authentication rate limiting, potential SQL injection, and stored Cross-Site Scripting (XSS) vulnerabilities across multiple system modules. This study recommends implementing strict input validation mechanisms, consistent output encoding, improved server configuration, and enhanced authentication protection to strengthen the security posture of the payroll system.

Downloads

Download data is not yet available.

References

Adinata, P. G. S., Putra, I. P. W. P., Juliantari, N. P. A. I., & Sutrisna, K. D. A. (2022). Analisis Perbandingan Tools SQL Injection Menggunakan SQLmap , SQLsus dan The Mole. JURNAL INFORMATIK, 18(3), 286–292. https://doi.org/10.52958/iftk.v18i3.5373

Astrida, D. N., Saputra, A. R., & Assaufi, A. I. (2022). Analysis and Evaluation of Wireless Network Security with the Penetration Testing Execution Standard (PTES). Sinkron, 7(1), 147–154. https://doi.org/10.33395/sinkron.v7i1.11249

Bardian, H. A., & Sutanto, I. (2025). PENGEMBANGAN APLIKASI VULNERABILITY SCANNER UNTUK MENDETEKSI CELAH KEAMANAN SIBER PADA WEBSITE. JATI (Jurnal Mahasiswa Teknik Informatika), 9(3), 4404–4411.

Budiyanto, B. (2025). Pengantar Cybercrime dalam Sistem Hukum Pidana di Indonesia (A. Iftitah, ed.). Retrieved from https://books.google.co.id/books?id=QSc9EQAAQBAJ

Huda, M. (2020). Keamanan Informasi. Retrieved from https://books.google.co.id/books?id=CcjZDwAAQBAJ

Lubis, D. S., Devi, S., & Donargo, M. (2024). Implementasi Transaksi Sistem Penggajian Dengan Metode Payroll ( Studi Kasus : PT . Diva Abadi ). Majalah Ilmiah Warta Dharmawangsa, 18(4), 1440–1450. https://doi.org/10.46576/wdw.v18i4.5340

Ridwan, R. (2024). Using the Penetration Testing Execution Standard Method (PTES) for Wireless Network Security Analysis. Greenation Computer and Information Review, 1(1), 25–32. https://doi.org/10.38035/gcir.v1i1.336

Safitra, M. F., Lubis, M., & Widjajarto, A. (2023). Security Vulnerability Analysis using Penetration Testing Execution Standard (PTES): Case Study of Government’s Website. Proceedings of the 2023 6th International Conference on Electronics, Communications and Control Engineering, 139–145. https://doi.org/10.1145/3592307.3592329

Saputra, A. D., Dione, F., & Uluputty, I. (2023). Pengelolaan Keamanan Informasi dan Persandian di Dinas Komunikasi dan dan Informatika Provinsi Kalimantan Timur. Jurnal Teknologi Dan Komunikasi Pemerintahan, 5(2), 159–187. https://doi.org/10.33701/jtkp.v5i2.3735

Susanto, B., Hadianto, A., Chariri, F. N., Rochman, M., Syaukani, M. M., & Daniswara, A. A. (2020). Penggunaan Digital Marketing untuk Memperluas Pasar dan Meningkatkan Daya Saing UMKM. Community Empowerment, 6(1), 42–47. https://doi.org/10.31603/ce.4244

Tandrio, F., & Fianty, M. I. (2026). WEB-BASED PAYROLL SYSTEM DEVELOPMENT USING THE PROTOTYPING METHOD AND STRUCTURED DATABASE DESIGN. JITK (Jurnal Ilmu Pengetahuan Dan Teknologi Komputer), 11(3), 851–863. https://doi.org/10.33480/jitk.v11i3.7044.WEB-BASED

Theocharidou, M., Lella, I., Naydenov, R., & Malatras, A. (2025). Enisa Threat Landscape: Finance Sector. https://doi.org/10.2824/5410466

Utama, I. M. P., Putri, K. R., Wirayuda, A. A. E., Herlambang, V. A. T. P., Listartha, I. M. E., & Saskara, G. A. J. (2022). Analisis Perbandingan Kinerja Tool Website Directory Brute Force dengan Target Website DVWA. JURNAL INFORMATIK, 18(3), 278–285. https://doi.org/10.52958/iftk.v18i3.5256

Widianto, F., Wijaya, E. S., Harjono, H., & Wicaksono, A. P. (2025). Analisis Kerentanan Pada Aplikasi Web Menggunakan Metode PTES. Jurnal Pendidikan Dan Teknologi Indonesia (JPTI), 5(1), 155–166. https://doi.org/10.52436/1.jpti.609

Zairina, Z., Huwae, R. B., & Jatmika, A. H. (2025). IMPLEMENTASI OWASP TOP 10 DALAM PENGUJIAN PENETRASI WEBSITE : MENGIDENTIFIKASI CELAH KEAMANAN DALAM SISTEM PENGELOLAAN VOTING INDONESIA. Jurnal Teknologi Informasi, Komputer, Dan Aplikasinya (JTIKA ). Retrieved from https://api.semanticscholar.org/CorpusID:278116413

Downloads

Published

2026-03-27

Issue

Vol. 22 No. 1 (2026): Pilar Nusa Mandiri : Journal of Computing and Information System Publishing Period for March 2026

Section

Articles

License

Copyright (c) 2026 Monas Tarigan

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

An author who publishes in the Pilar Nusa Mandiri: Journal of Computing and Information System agrees to the following terms:

  1. Author retains the copyright and grants the journal the right of first publication of the work simultaneously licensed under the Creative Commons Attribution-NonCommercial 4.0 License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal
  2. Author is able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book) with the acknowledgement of its initial publication in this journal.
  3. Author is permitted and encouraged to post his/her work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of the published work (See The Effect of Open Access).
    Read more about the Creative Commons Attribution-NonCommercial 4.0 Licence here: https://creativecommons.org/licenses/by-nc/4.0/.

How to Cite

SECURITY ANALYSIS OF PAYROLL SYSTEM USING THE PENETRATION TESTING EXECUTION STANDARD (PTES) AND OWASP TOP 10 2021. (2026). Jurnal Pilar Nusa Mandiri, 22(1), 96-101. https://doi.org/10.33480/pilar.v22i1.8267