ANALISIS RISIKO DAN STRATEGI PERLINDUNGAN SISTEM TERHADAP ANCAMAN SIBER PADA WEBSITE 'SAMBANG' KABUPATEN JOMBANG

This research aims to analyze security risks and formulate system
protection strategies against cyber threats on the “SAMBANG” website
owned by the Jombang Regency Government. The research approach used is
exploratory qualitative through observation, literature study, and nondestructive penetration testing based on OWASP and NIST standards. The
results of the study show that the “SAMBANG” website still has a number of
vulnerabilities with a high level of risk, especially in the Open Data,
Statistical Data, Data Catalog, and Data Request features, which are
vulnerable to Cross-Site Scripting (XSS) attacks, both reflected and stored.
In addition, the potential risk of SQL Injection was identified, although it was
not directly exploited, as well as authentication weaknesses on the login page
that were vulnerable to brute force. The Data Request form was also found to
lack a Cross-Site Request Forgery (CSRF) token mechanism, making it
potentially exploitable by attackers. This study recommends the
implementation of input validation, output encoding, Content Security Policy
(CSP), prepared statements, multi-factor authentication, login restrictions,
and file upload validation to improve system protection. With these results,
the study provides practical contributions for regional public information
system managers in strengthening government website security and building
more adaptive cyber resilience.