As well as a lack of solution - focused research, effective remediation of vulnerabilities found on AB and XY Service websites. This may provide an overview of methods and approaches used to identify and address possible vulnerabilities available on the AB and XY Service websites. The purpose is primarily to identify and address vulnerabilities in the existing security on the AB and XY Service websites.

With website scanning, researchers can collect information about possible vulnerabilities available on the AB and XY Office websites. Scanning Vulnerability: Whatweb has also identified possible vulnerabilities. There are on the AB and XY Office websites. Function of the website port scan with Unicornscan is to analyze open ports or can be accessed on the AB and XY Office websites.

Identification: By scanning the doors using Unicornscan, the researcher can identify the open doors at the AB and XY Office sites. Identify Vulnerability: This method aims to identify potential vulnerabilities. It exists on the AB and XY Office websites.

Fig. 1. Research Flowchart

Nikto

This tool sends serial requests to the web server to inspect existence gap security that is common such as vulnerability injection, gap security configuration, weakness encryption and other vulnerabilities that are generally exploited by attackers. This tool try to insert script malicious and fake SQL queries to in the submitted input to the web server to see if the application is prone to attack. This tool tries to identify files or folders that can be accessed in a way that is not valid, URLs that are not protected, or other possible features that can be exploited by attackers.

This tool analyzes AB's website to look for security gaps such as folder open, file downloadable, and vulnerabilities to known web server attacks. This tool designed specifically to detect gap, general security happens on a web server, such as weakness configuration, files that are not accessible and vulnerabilities related to device software used. Provide Information Vulnerable Configuration: Nikto helps identify weaknesses in web server configuration that may reveal security vulnerabilities.

OWASP ZAP

Skipfish

Skipfish is an open source web application scanning tool with a C programming structure. The purpose of this tool is similar to the use of nmap and nessus, but skipfish allows web development to perform reconnaissance. A previous study of Skipfish tools in use shows that Skipfish is an open source web application scanning tool used to find vulnerabilities in web applications before a hacker can exploit them. The final report produced by this tool is intended to act as a basis for web application security assessment [34].

This tool is used to assess security and authentication related vulnerabilities with web application configuration, settings and structure. This tool is used to analyze the structure of the web application, the configuration related to the search vulnerability that it provides and identify the possible security gap there. Skipfish is security scanning tool used for web application security testing and to identify security holes.

Skipfish scans the structure and content of the web application thoroughly to identify vulnerabilities and gaps in security. This tool try to map the entire structure web page, including URL, parameters and other functions, to check for strength vulnerability. Information useful to map and understand more continues with analyzed medium web application.

Scanning Vulnerability Structured: Skipfish scans the structure of the web application to identify possible security holes there. With card structure web application for thorough tools, this can find related vulnerabilities with configuration, settings or implementation that is not secure. This tool may reveal that server settings are not secure, file permissions are incorrect, or others may show vulnerability in the web application.

This tool helps in complete vulnerability scanning in a comprehensive manner in an effort to increase the security of the web application.

Rapidscan

Objective use Skipfish in the studio this is for scanning on the AB Office and XY Office websites. Rapidscan in investigation, this is for do scan vulnerabilities on AB Office and XY Office websites. This tool is used to look for general vulnerability such as SQL injection, XSS, LFI and others.

Objectives Finally, identify vulnerability and provide recommendations necessary repairs to increase security web application. Scan Vulnerability Auto: Rapidscan automatically scans for web application with different types of common attacks and scenarios used by attackers. This tool checks for common vulnerabilities like SQL injection, XSS vulnerabilities, LFI (Local File Inclusion), RFI (Remote File Inclusion) and so on.

This tool attempts to detect vulnerable configurations, such as file permissions that are incorrect, server settings that are not secure, or parameters that are not protected. This tool attempts to take advantage of the potential security that occurs when user input is not processed directly by the web application. The information collected relates to the version of vulnerable software on the device, the server settings are not secure or other possible configurations show vulnerability in the web application.

With do scan auto, Rapidscan can reveal potential vulnerabilities that were missed or not discovered during manual testing. Rapidscan's role in identifying web application security gaps, scanning, automating and analyzing configuration security. This tool helps improve the security of the web application by revealing possible vulnerabilities and resolving possible actions appropriately.

This tool tends to focus on vulnerability general and possible No detect more vulnerability Specific or new.

Website Testing Brute Force Attack

Limitations: Rapidscan Possible No depth tests at your own level and complete the same functions as Burp Suite. In addition, testing of Rapidscan's capabilities may be limited to vulnerabilities and already known components, and may not be effective at detecting more specific or new vulnerabilities. Evaluate password strength: By trying different password combinations, Brute Force Attack testing can help evaluate the password strength used in the system.

If the system can be easily compromised with a Brute Force attack, the password may be vulnerable and should be strengthened. Password Test: Testing Brute Force Attack, try different password combinations and now look for the correct password. Identifying Weak Passwords: Using a Brute Force attack, this method can identify weak or vulnerable passwords.

If the system or application allows passwords to be easily guessed or not strong, Brute Force attacks can easily work. Increase Awareness Security: Testing Brute Force Attack can help an organization or developer understand the importance of using strong passwords and policies for good security. Brute force attacks often become the easiest and most effective method for attackers to gain access without a valid reason.

RESULTS AND DISCUSSION

• Results of Scanning Port Website AB and XY Services using Unicornscan
• Results of Analysis Vulnerability Assessment Web Service AB
• OWASP Result Testing
• Result of Tools Wapiti
• Result of Nikto
• Results of Analysis Vulnerability Assessment Website XY Service
• Result of Burp Suite
• Skipfish Tools Results
• Result Tools Rapidscan
• Results of Testing Websites using Brute Force Attack
• Comparison with another research

Vulnerable JavaScript library components: Vulnerability of these possible Cross-Site Scripting (XSS) attacks that can cause the execution code to be dangerous on the client side. The results of the analysis in Table 4 show a number of findings vulnerabilities on the AB Dinas website analyzed using OWASP tools. The results of the existing analysis in Table 5 show findings of evaluation using the Wapiti tool on the AB website.

The analysis results indicate that several security components on the website are not well defined. In conclusion, the results analysis shows that there are a number of component protections on the website that are not defined with ok. Set the Secure Flag attribute on the cookies sent over a secure connection (HTTPS) to prevent a hijacking attack.

Enable the HttpOnly Flag attribute on the cookie containing sensitive information to protect it from cross-site scripting (XSS) attacks. Analysis results in table 6 indicate a number of findings in evaluation vulnerabilities on the website AB uses the tool Nikto. Absence of good X-Frame-Options settings on the site can make it prone to clickjacking attacks.

TLS cookies without secure flag: Insufficiently setting the secure flag on the TLS cookie can cause vulnerability in the security session. Apply Strict Transport Security (HSTS) settings on the website to ensure that all connections are made through the secure HTTPS protocol. Analysis results in Table 7 show a number of findings in evaluation vulnerability on the website Service XY uses the Burp Suite tool.

Analysis results in table 8 show a number of findings in evaluation vulnerability on the website Service XY uses tool skipfish. However, this also exposes a number of limitations to the security of the XY website. In Findings this, no There is a successful result obtained from Brute Force attack performed on XY website.

Table 2. Scanning the AB Service website port using Unicornscan Port Open Protocol Layers Results

CONCLUSION

Based on these findings, the strength of the XY site is a robust system and effective security against brute force attacks. However, the findings that it also has limitations in providing information highlight the strengths and limitations of the XY site as a whole. The findings are only related to Brute Force attacks and do not provide a detailed description of the security vulnerability, another possible Exists on the XY site.

Study Comparison: Study the comparison with similar websites to evaluate the strengths and weaknesses of XY website security. Penetration Test: Perform a penetration test in a thorough manner to identify the potential of the vulnerability still detected on the XY website. Penetration testing can include serial technique attack and more security testing, as far as XY website can withstand various attacks.

Security Monitoring: Regularly monitor security on the XY site to detect suspicious attacks or activity. Security Training: Conduct security training for XY site developers and administrators to increase their awareness of security best practice. Through the studies, it is expected that they can provide a better understanding of the strengths and weaknesses of XY website security and provide guidance to increase security overall.

Study about mobile security app: Study about mobile security app about XY website. Building Intelligence and Security Research: Research into the use of artificial intelligence and related technology to enhance the security of the XY website, e.g. smart intrusion system detection or automatic attack of input pattern. Study Privacy and Compliance Regulation: Study the XY site's compliance with applicable privacy regulation rules, such as the General Data Protection Regulation (GDPR) in the European Union.

Prospects for future research, this will help increase the understanding of XY site security and involve the latest aspects in security system information.