Analysis and Penetration Testing Eprocurement Application with SQL Injection

— Eprocurement is a web-based application that is used for processing goods and services in one of social security company. Security in applications is certainly the main thing because organizational data must be kept confidential. On the other hand, this application can be accessed via internet. ISO 27001 A12.6 Control Objective (Technical Vulnerability Management) states that "information about the technical vulnerability of the information system used must be obtained in a timely manner, the organization's exposure to the vulnerability is evaluated and appropriate actions taken to address the associated risks". One attempt to evaluate the security of a system is by doing penetration testing. Penetration testing helps identify vulnerability gaps and provides details about vulnerabilities or threats that exist on the system, and provides guidance on how to overcome them. Therefore in this study an analysis and penetration testing of the eprocurement application for SQL Injection was carried out using the blackbox method. From the test results will get eprocurement application vulnerabilities along with recommendations for handling sql injection.