Analisis Vulnerability Assessment pada Sistem Informasi Website IITC Intermedia Universitas Amikom Purwokerto Menggunakan OWASP ZAP
DOI:
https://doi.org/10.62951/bridge.v3i2.425Keywords:
Information System, OWASP Top 10, OWASP ZAP, Vulnerability Assessment, Website SecurityAbstract
Information system security is a crucial aspect in maintaining the confidentiality and integrity of user data. The IITC Intermedia website of Amikom Purwokerto University serves as an information system for national events and stores participants' personal data, necessitating a security evaluation. This study aims to analyze vulnerabilities on the website using the Vulnerability Assessment method with the OWASP ZAP tool. The research process involves data collection, vulnerability scanning, result analysis based on the OWASP Top 10 2021 categories, and providing technical recommendations. The scan results revealed 23 vulnerabilities, consisting of 1 high-risk, 4 medium-risk, 9 low-risk, and 9 informational findings. Among these, 15 vulnerabilities fall under the OWASP Top 10 classification. Key vulnerabilities identified include the use of outdated JavaScript libraries, security header misconfigurations, and weaknesses in session management and access control. Based on these findings, several mitigation measures are recommended to strengthen system security. This study emphasizes the importance of implementing OWASP standards in the development and management of web-based information systems.
Downloads
References
Adha, M., KWA, Z. D., & Muhammad, A. H. (2023). Website security test at the University of Mataram using vulnerability assessment. JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), 8(2), 647–655. https://doi.org/10.29100/jipi.v8i2.3830
Asosiasi Penyelenggara Jasa Internet Indonesia (APJII). (n.d.). Jumlah pengguna internet Indonesia tembus 221 juta orang. Asosiasi Penyelenggara Jasa Internet Indonesia (APJII).
Faliandy, M. Y. L., & Sutabri, T. (2023). Analisis kesadaran keamanan siber pada pengguna aplikasi E-Court di lingkungan pengadilan. Jurnal Ilmiah Binary STMIK Bina Nusantara Jaya Lubuklinggau, 5(2), 101–107. https://doi.org/10.52303/jb.v5i2.106
Hasibuan, A. F., Tommy, & Handoko, D. (2023). Analisis kerentanan website dengan aplikasi OWASP ZAP. Jurnal Ilmu Komputer dan Sistem Informasi (JIRSI), 2(2), 141–154.
Kusuma, G. H. A. (2022). Implementasi OWASP ZAP untuk pengujian keamanan sistem informasi akademik. Jurnal Teknologi Informasi: Jurnal Keilmuan dan Aplikasi Bidang Teknik Informatika, 16(2).
NCSI. (n.d.). National Cyber Security Index (NCSI): Indonesia. National Cyber Security Index (NCSI).
Noe’man, H., Hartanti, D., & Prayitno, H. (2021). Pelatihan pembuatan website dalam menghadapi perkembangan teknologi bagi siswa di SMK Galajuara Bekasi. Journals Journal of Computer Science Contributions, 1(2), 111–118.
Nurrahman, A., Dimas, M., Ma’sum, M. F., Ino, M. F., Institut, A., & Dalam Negeri, P. (2021). Pemanfaatan website sebagai bentuk digitalisasi pelayanan publik di Kabupaten Garut. Jurnal Teknologi dan Komunikasi Pemerintahan, 3(1), 78–93. http://ejournal.ipdn.ac.id/JTKP
Pembuktian, T., Kasus, D., Siber-Nurul, K., Al, E., Aini, N., & Lubis, F. (2024). Tantangan pembuktian dalam kasus kejahatan siber. Judge: Jurnal Hukum, 5. https://doi.org/10.54209/judge.v5i02.566
Priambodo, D. F., Rifansyah, A. D., & Hasbi, M. (2023). Penetration testing Web XYZ berdasarkan OWASP Risk Rating. Teknika, 12(1), 33–46. https://doi.org/10.34148/teknika.v12i1.571
Rohim, A., & Setiyani, L. (2023). Analisis celah keamanan E-Learning perguruan tinggi menggunakan vulnerability assessment. JIPAKIF, 1(1), 1–10. http://jurnal.edunovationresearch.org/
Saputra, R., Abdullah, D., Daud, M., Maulana, F. R., & Studi Magister Teknologi Informasi. (2024). Analisis assessment vulnerability pada website dan aplikasi publik di Dinas Komunikasi Informatika dan Statistik Kota Banda Aceh. Jurnal Janitra Informatika dan Sistem Informasi, 4(2), 87–91. https://doi.org/10.59395/janitra.v4i2.205
Supriadi, D., Suryadi, E., Muslim, R., Samsumar, L. D., & Universitas Teknologi Mataram. (2024). Implementasi Vulnerability Assessment OWASP (Open Web Application Security Project) pada website Universitas Teknologi Mataram. Journal of Data Analytics, Information, and Computer Science (JDAICS), 1(4), 3032–4696.
Yel, M. B., & Nasution, M. K. M. (2022). Keamanan informasi data pribadi pada media sosial. Jurnal Informatika Kaputama (JIK), 6(1).
Zirwan, A. (2022). Pengujian dan analisis kemanan website menggunakan Acunetix Vulnerability Scanner. Jurnal Informasi dan Teknologi, 70–75. https://doi.org/10.37034/jidt.v4i1.190
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Bridge : Jurnal Publikasi Sistem Informasi dan Telekomunikasi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
