Penetration Testing of XYZ Application using OWASP WSTG and NIST SP 800-115

Abstract

Security is one of the most important aspect in information system, a system that connected to the internet opens up the potential of security hole. Therefore security testing is required to minimize the risk of attack on the system, namely by conducting penetration testing. The objective of this research is to implement security testing on XYZ application using OWASP WSTG (Web Security Testing Guide) and NIST SP 800-115 framework. The conducted testing was able to identify several security vulnerabilities of varying severity. Both frameworks are capable of performing penetration testing, with differences in primary focus, testing approach, level of technical detail, depth and tester skill.