PT.XYZ is a CRM solutions provider that helps businesses manage their interactions with customers. Through in-depth research, a security vulnerability was discovered on PT.XYZ's platform that could be exploited by unauthorized parties to escalate their access rights unlawfully. This research involved a comprehensive analysis of CRM system. The research method included application analysis, exploitation, impact evaluation, solution development, and reporting. The findings revealed a vulnerability in the user management mechanism, allowing a regular user to escalate their access rights to an administrator level. This could potentially lead to customer data misuse, operational disruptions, and financial losses for the company. The research process involved penetration testing, impact analysis, and the development of mitigation solutions. Thanks to these findings, PT.XYZ has implemented system improvements to address the security gap. This research demonstrates the importance of conducting regular security testing to ensure a company's information systems remain protected from cyber threats.

Devtools, Penetration Testing, Privilege Escalation, Website

A. R. S. Firdaus and A. Voutama, “Memanfaatkan Kerentanan Broken Access Control pada Website Orami untuk Membatalkan Pesanan dan Meniru Identitas Pengguna,” TeIKa, vol. 13, no. 02, Art. no. 02, Oct. 2023, doi: 10.36342/teika.v13i02.3113.

F. Fachri, A. Fadlil, and I. Riadi, “Analisis Keamanan Webserver menggunakan Penetration Test,” J. Inform., vol. 8, no. 2, pp. 183–190, Aug. 2021, doi: 10.31294/ji.v8i2.10854.

I. Riadi, Herman, and A. Z. Ifani, “Optimasi Keamanan Web Server terhadap Serangan Broken Authentication Menggunakan Teknologi Blockchain,” JISKA J. Inform. Sunan Kalijaga, vol. 6, no. 3, pp. 139–148, Sep. 2021, doi: 10.14421/jiska.2021.6.3.139-148.

I. M. Edy Listartha, I. M. A. Premana Mitha, M. W. Aditya Arta, and I. Km. W. Yuda Arimika, “Analisis Kerentanan Website SMA Negeri 2 Amlapura Menggunakan Metode OWASP (Open Web Application Security Project),” SIMKOM, vol. 7, no. 1, pp. 23–27, Jan. 2022, doi: 10.51717/simkom.v7i1.63.

E. I. Alwi, H. Herdianti, and F. Umar, “Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning,” INFORMAL Inform. J., vol. 5, no. 2, p. 43, Aug. 2020, doi: 10.19184/isj.v5i2.18941.

I. G. A. S. Sanjaya, G. M. A. Sasmita, and D. M. S. Arsa, “Evaluasi Keamanan Website Lembaga X Melalui Penetration Testing Menggunakan Framework ISSAF,” J. Ilm. Merpati Menara Penelit. Akad. Teknol. Inf., p. 113, Jul. 2020, doi: 10.24843/JIM.2020.v08.i02.p05.

S. Utoro, B. A. Nugroho, M. Meinawati, and S. R. Widianto, “Analisis Keamanan Website E-Learning SMKN 1 Cibatu Menggunakan Metode Penetration Testing Execution Standard,” MULTINETICS, vol. 6, no. 2, pp. 169–178, Dec. 2020, doi: 10.32722/multinetics.v6i2.3432.

A. Budiman, S. Ahdan, and M. Aziz, “ANALISIS CELAH KEAMANAN APLIKASI WEB E-LEARNING UNIVERSITAS ABC DENGAN VULNERABILITY ASSESMENT,” vol. 9, no. 2, 2021.

Y. Arta, M. Ilhan, and A. Hanafiah, “Analisis Keamanan Informasi Aplikasi HRIS Dengan Metode SQUARE Pada PT. XYZ,” vol. 7, 2021.

R. V. Aditama and E. S. Negara, “Pemindai Kerentanan Terhadap Website Jago Masak Dengan Metode Pengujian Penetrasi OWASP ZAP,” no. 03.

Mira Orisa and M. Ardita, “VULNERABILITY ASSESMENT UNTUK MENINGKATKAN KUALITAS KEMANAN WEB,” J. Mnemon., vol. 4, no. 1, pp. 16–19, Feb. 2021, doi: 10.36040/mnemonic.v4i1.3213.

M. D. P. Khairani, “Audit Web E-Government Dengan Acunetix Web Vulnerability Guna Menganalisis Dan Perbaikan Celah Keamanan Website,” vol. 9, 2024.

D. Ariyana, S. Ningtyas, A. Fauzi, and R. Ramadhan, “Implementasi Metode Pemindai Online Untuk Menemukan Kerentanan di Server Website: Studi Kasus: website gramedia.com,” vol. 1, pp. 16–25, Jun. 2023, doi: 10.56855/jeep.v1i1.304.

K. Isnaini, G. J. Nofita Sari, and A. P. Kuncoro, “Analisis Risiko Keamanan Informasi Menggunakan ISO 27005:2019 pada Aplikasi Sistem Pelayanan Desa,” J. Eksplora Inform., vol. 13, no. 1, pp. 37–45, Sep. 2023, doi: 10.30864/eksplora.v13i1.696.

R. Yulia Andarini, P. Hendradi, and S. Nugroho, “MENINGKATKAN KEAMANAN TERHADAP SQL INJECTION STUDI KASUS SISTEM KEPEGAWAIAN BNN,” Indones. J. Bus. Intell. IJUBI, vol. 6, no. 1, Jun. 2023, doi: 10.21927/ijubi.v6i1.3161.

W. Wahyudin, H. Kuswara, R. Resti, and S. Dalis, “Metode Vulnerability Assesment Dalam Pengujian Kinerja Sistem Keamanan Website Points of Sales,” Comput. Sci. CO-Sci., vol. 4, no. 1, pp. 44–52, Jan. 2024, doi: 10.31294/coscience.v4i1.2978.