To see the other types of publications on this topic, follow the link: OWASP ZAP.
Journal articles on the topic 'OWASP ZAP'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'OWASP ZAP.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Putra Pura, Calvin Bernandra, Try Yudha Maulana, Aldi Februri, and Tamsir Ariyadi. "Analisis Celah Keamanan Website Menggunakan Tools OWASP ZAP Di Kali Linux." JUSTER : Jurnal Sains dan Terapan 4, no. 1 (2025): 46–51. https://doi.org/10.57218/juster.v4i1.1341.
Full textAbstract:
Seiring dengan meningkatnya penggunaan internet untuk berbagai macam aktivitas, keamanan website menjadi salah satu masalah yang sangat penting. Melakukan audit dan pengujian celah keamanan adalah salah satu cara untuk memastikan situs web aman. Alat OWASP Zed Attack Proxy (ZAP), sebuah alat sumber terbuka yang digunakan untuk mengidentifikasi serangan, digunakan dalam penelitian ini. OWASP ZAP diaktifkan di Kali Linux untuk mengidentifikasi potensi masalah keamanan web. Penelitian ini bertujuan untuk menganalisis celah keamanan pada website dengan menggunakan tools OWASP Zed Attack Proxy (ZAP) di lingkungan Kali Linux. OWASP ZAP merupakan salah satu tools open-source yang banyak digunakan untuk mengidentifikasi kerentanan pada aplikasi web. Penelitian ini menggunakan pendekatan eksperimen dengan memanfaatkan OWASP ZAP untuk melakukan scanning terhadap website target. Proses ini mencakup identifikasi celah keamanan, analisis risiko, dan pemberian rekomendasi mitigasi terhadap kerentanan yang ditemukan. Hasil penelitian menunjukkan beberapa kerentanannya, seperti serangan Cross-Site Scripting (XSS), SQL Injection, dan kesalahan konfigurasi keamanan yang dapat diperbaiki untuk meningkatkan keamanan website.
2
Wenny, Rizca, and Fandi Yulian Pamuji. "Perbandingan Evaluasi Kerentanan Menggunakan Tenable Nessus Scanner dan Owasp Zed Attack Proxy untuk Meningkatkan Keamanan Sistem Informasi Kepegawaian di Universitas Merdeka Malang." Jurnal Ilmiah Universitas Batanghari Jambi 24, no. 3 (2024): 2451. http://dx.doi.org/10.33087/jiubj.v24i3.5488.
Full textAbstract:
This study aims to compare the vulnerability analysis between Tenable Nessus Scanner and OWASP Zed Attack Proxy (ZAP) for improving the security of the Human Resource Information System (HRIS) website at Universitas Merdeka Malang. The research methodology includes the use of both Nessus and OWASP ZAP tools to scan the HRIS website for potential vulnerabilities. The findings of this research indicate that OWASP ZAP identified several critical web application vulnerabilities such as the absence of Anti-CSRF tokens, lack of Content Security Policy (CSP) headers, and missing Anti-Clickjacking headers, which are essential for maintaining the security and integrity of user data. On the other hand, Nessus Scanner focused more on network and server infrastructure vulnerabilities. The results suggest that OWASP ZAP is more effective for web application security in this context. Recommendations are provided to address the identified vulnerabilities and enhance the overall security of the HRIS website.
3
Singh, Yuvraj. "WebSec : Exploring and Modulating Vulnerabilities." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 04 (2024): 1–5. http://dx.doi.org/10.55041/ijsrem30620.
Full textAbstract:
This research investigates the performance of the OWASP Zed Attack Proxy (OWASP ZAP) and Paros open-source vulnerability scanners on the Damn Vulnerable Web Application (DVWA). By evaluating their capability to identify vulnerabilities, along with assessing their user-friendliness and features, the study highlights each scanner's strengths and weaknesses. The insights aim to assist developers and security professionals in selecting the most effective tools for improving the security posture of web applications. Keywords—Web Application Security, Vulnerability Scanners, OWASP ZAP, Paros, Damn Vulnerable Web Application (DVWA), Open Source Tools, Cybersecurity, Penetration Testing.
4
Putra, Fauzan Prasetyo Eka, Ubaidi Ubaidi, Amir Hamzah, Walid Agel Pramadi, and Alief Nuraini. "Systematic Literature Review: Security Gap Detection On Websites Using Owasp Zap." Brilliance: Research of Artificial Intelligence 4, no. 1 (2024): 348–55. http://dx.doi.org/10.47709/brilliance.v4i1.4227.
Full textAbstract:
This research highlights the detection of security vulnerabilities on websites using OWASP ZAP, a highly regarded open-source web security testing tool. Through a comprehensive literature review approach and systematic research methodology, this research emphasizes the urgency of addressing the ever-evolving security threats in web systems. Web security is a crucial aspect of information technology as more and more sensitive data is transmitted through web applications. OWASP ZAP, recognized for its reliability in identifying various security holes, was used to evaluate its effectiveness and efficiency in detecting vulnerabilities in web applications. This tool assists developers and security researchers in finding and fixing weaknesses that could be exploited by attackers. The results of the study show that OWASP ZAP is not only effective in identifying vulnerabilities such as SQL Injection, XSS (Cross-Site Scripting), and misconfiguration but also provides practical solutions to strengthen overall web security. Additionally, this research identifies several challenges faced when using OWASP ZAP and offers recommendations to address these issues. This study makes a significant contribution towards a better understanding of web security and offers recommendations for the implementation of better security testing tools in web development environments. Consequently, this research encourages the adoption of more proactive and systematic security practices in web application development.
5
Muhammad Amirul Mu'min, Yana Safitri, Galih Pramuja Inngam Fanani, Setiawan Ardi Wijaya, and Novi Tristanti. "Security Analysis of XYZ Website Using OWASP Zap Tools." Journix: Journal of Informatics and Computing 1, no. 1 (2025): 10–20. https://doi.org/10.63866/journix.v1i1.1.
Full textAbstract:
In the growing digital era, website security is a critical aspect that must be considered. Vulnerabilities such as Cross-Site Scripting (XSS), Clickjacking, and Man-in-the-Middle can pose serious risks to data integrity and security. Therefore, effective tools are needed to identify and evaluate such vulnerabilities to prevent costly exploitation. This research aims to analyze security vulnerabilities on the website using OWASP ZAP (Zed Attack Proxy) as a penetration testing tool, and provide mitigation recommendations to improve system security. The method used is penetration testing by utilizing OWASP ZAP to identify security vulnerabilities on the website. The research stages include testing, analyzing the results, and preparing mitigation recommendations based on the findings of vulnerabilities such as A01, A03, and A04. The results showed that OWASP ZAP successfully identified various vulnerabilities, including XSS, Clickjacking, and Man-in-the-Middle. Recommended mitigation measures include configuring security headers and protecting sensitive data to prevent exploitation. OWASP ZAP proved to be effective in detecting and evaluating security vulnerabilities on websites. In addition, the tool also raises awareness of the importance of strong security policies. With the implementation of mitigation recommendations, website owners can better protect sensitive data, maintain user trust, and stay safe in an increasingly complex digital environment.
6
Aryadi, Tamsir, Andini Putri Salsabila, and Yoga Pratama Nugroho. "Implementasi Secure Code Pada Pengembangan Sistem Keamanan Website Teknik Komputer Universitas Bina Darma Menggunakan Penetration Testing dan OWASP ZAP." JUSTER : Jurnal Sains dan Terapan 4, no. 1 (2025): 27–30. https://doi.org/10.57218/juster.v4i1.1321.
Full textAbstract:
Keamanan website merupakan aspek yang sangat penting dalam melindungi data dan informasi dari ancaman siber. Penelitian ini bertujuan untuk mengimplementasikan secure code pada pengembangan sistem keamanan website Teknik Komputer Universitas Bina Darma. Metode yang digunakan mencakup penerapan penetration testing dan pemanfaatan OWASP ZAP (Zed Attack Proxy) untuk mengidentifikasi serta memperbaiki potensi kerentanan dalam kode program. Penelitian dimulai dengan melakukan analisis keamanan menggunakan OWASP ZAP untuk mendeteksi kelemahan seperti injeksi SQL, cross-site scripting (XSS), dan serangan lainnya. Berdasarkan temuan tersebut, dilakukan penerapan secure coding principles seperti input validation, parameterized queries, dan enkripsi data. Hasil penelitian menunjukkan bahwa penerapan secure code mampu secara signifikan mengurangi potensi kerentanan pada website yang diuji. Dengan mengintegrasikan penetration testing dan OWASP ZAP dalam proses pengembangan, sistem keamanan website menjadi lebih andal dalam menghadapi ancaman siber. Studi ini diharapkan dapat menjadi acuan dalam meningkatkan keamanan aplikasi web di lingkungan pendidikan tinggi.
7
Riyan Farismana and Dian Pramadhana. "Perbandingan Vulnerability Assesment Menggunakan Owasp Zap dan Acunetix Pada Sistem Informasi Repositori Politeknik Negeri Indramayu." Jurnal Teknik Informatika dan Teknologi Informasi 3, no. 2 (2023): 26–32. http://dx.doi.org/10.55606/jutiti.v3i2.2853.
Full textAbstract:
The security of web-based systems is an important thing that an organization needs to pay attention to, considering that currently all organizational business processes rely on the web to store and process their data. POLINDRA is also not left behind, which uses web technology to store and process a list of student work repositories into a web-based information system. This requires simultaneous testing and risk assessment to determine the level of existing risks and vulnerabilities. The results of the vulnerability assessment to determine security gaps carried out in the scientific work repository information system on the sista.polindra.ac.id page using two different tools, namely Owasp Zap and Acunetix, have several different results. On Owasp Zap, there were 22 warnings, while Acunetix found 499 warnings. Even though the number of alerts using Acunetix is greater, the alert type results are not as complete as Owasp Zap, which produces 22 alerts, while Acunetix only produces 10 alerts.
8
Yuzar, Arnefia, and Alam Rahmatulloh. "PERBANDINGAN EFEKTIVITAS OWASP ZAP, ACUNETIX, NIKTO MENGGUNAKAN VULNERABILITY SCANNING UNTUK DETEKSI KERENTANAN APLIKASI WEB." JATI (Jurnal Mahasiswa Teknik Informatika) 9, no. 2 (2025): 2975–82. https://doi.org/10.36040/jati.v9i2.13227.
Full textAbstract:
Keamanan aplikasi web menjadi isu penting seiring meningkatnya penggunaan aplikasi berbasis web, risiko serangan terhadap data sensitif yang dikelola juga meningkat. Vulnerability scanning merupakan metode efektif untuk mengidentifikasi dan menilai kerentanan aplikasi web. Penelitian ini bertujuan untuk membandingkan efektivitas tiga alat vulnerability scanning diantaranya OWASP ZAP, Acunetix, dan Nikto. Hasilnya dianalisis berdasarkan jumlah, jenis kerentanan, waktu pemindaian, kecepatan dan efisiensi alat. Hasil penelitian menunjukkan Acunetix sebagai alat paling komprehensif, mendeteksi total 20 kerentanan, termasuk seperti Cross-Site Scripting (XSS), dengan risiko tinggi dan menengah mencapai 75%. OWASP ZAP mendeteksi 13 kerentanan seperti Content Security Policy (CSP). Nikto mendeteksi 5 kerentanan seperti ketidakhadiran header X-XSS-Protection dan Expect-CT. Kombinasi ketiga alat ini memberikan cakupan keamanan yang lebih menyeluruh, OWASP ZAP mendeteksi kelemahan dasar, Acunetix mengidentifikasi kerentanan tingkat lanjut, dan Nikto memverifikasi konfigurasi server. Rekomendasi alat disusun berdasarkan hasil analisis, sehingga dapat menjadi langkah proaktif dalam meningkatkan keamanan aplikasi web terhadap ancaman siber.
9
Umar, Rusydi, Imam Riadi, and Sonny Abriantoro Wicaksono. "APPLICATION OF OWASP ZAP FRAMEWORK FOR SECURITY ANALYSIS OF LMS USING PENTEST METHOD." JITK (Jurnal Ilmu Pengetahuan dan Teknologi Komputer) 10, no. 2 (2024): 224–30. http://dx.doi.org/10.33480/jitk.v10i2.5534.
Full textAbstract:
Learning Management System (LMS) is an application currently popular for online learning. The presence of LMS offers better prospects for the world of education, where its highly efficient use allows learning anywhere and anytime through the internet or other computer media. This study focuses on analyzing the security of the Learning Management System (LMS) on the domain e-learning.ibm.ac.id using the Pentest method with the Owasp Zap Framework. Security is a crucial step that needs to be considered by IBM Bekasi in protecting data and information from hacker threats. In this study, the method used is Pentest. Pentest is a series of methods used to test the security of a system by conducting literature studies, searching for data information, and domain information, followed by testing using Owasp Zap to find security-related vulnerabilities. The results of the testing using the Pentest method involve several stages of testing and scanning. The first step is checking domain information using Whois Lookup tools and then scanning using ZenMap on e-learning.ibm.ac.id. In this domain information search, the domain status serverTransferProhibited and clientTransferProhibited was found. The next stage is Vulnerability Analysis, where scanning is performed on the domain e-learning.ibm.ac.id using Owasp Zap tools. Based on the results from Owasp Zap scan, 16 vulnerabilities were found, with the breakdown being 2 high risk, 3 medium risk, 6 low risk, and 5 informational. In the exploitation stage using SQLMap, errors were found in the tested parameters, preventing injection.
10
Rahman, Aulia, Indra Indra, Nuralamsah Zulkarnaim, Muhammad Mukhram, and Agung Rizaldi. "ANALISIS IMPLEMENTASI NUCKLEI VULNERABILITY DAN OWASP-ZAP SCANNER UNTUK DETEKSI KERENTANAN KEAMANAN (SECURE SYSTEM) PADA PLATFORM WEB BASED." Jurnal Komputer Terapan 11, no. 1 (2025): 10–15. https://doi.org/10.35143/jkt.v11i1.6430.
Full textAbstract:
Web-based platform security is an important aspect that developers must consider. However, numerous developer still exhibit insufficient attention to enhancing the security level of their websites, thereby increasing the likelihood of these platforms becoming targets of cyber attacks. To address this challenge, the utilization of tools such as Nuclei Vulnerability Scnner and Owasp Zap presents an effective solution for the rapid detection of potential vulnerabilities in web-based platforms. This research involved testing a locally developed dummy web application , with scanning processes conducted using the Nuclei Vulnerability Scanner and Owasp Zap tools. The findings reveal that Nuclei Vulnerability Scanner proves effective in identifying vulnerabilities at the network layer, particularly in relation to SSL/TLS protocols and proxy configurations. In contrast, Owasp Zap is more focused on detecting vulnerabilities within the web application layer, especially concerning security header configurations that may be exploited through browser-based attacks such as XSS and clickjacking. Mitigation of the identified vulnerabilities resulted in a substantial reduction in their severity, with a 90% decrease in Nuclei and an 80% reduction in Owasp Zap. Both tools demonstrated high accuracy and efficient scanning times, establishing them as effective solutions for enhancing security across both network and application layers. This study recommends the integration of these tools into a comprehensive cyber security strategy to safeguard system integrity and availability while addressing the continuously evolving threat landscape, in alignment with the layered security principle advocated in contemporary literature.
11
Abdul Fattah Hasibuan, Tommy, and Divi Handoko. "Analisis Keretanan Website Dengan Aplikasi Owasp Zap." Jurnal Ilmu Komputer dan Sistem Informasi 2, no. 2 (2023): 257–70. https://doi.org/10.70340/jirsi.v2i2.51.
Full textAbstract:
Website security is often ignored by developers, including small websites or company profile websites that have data that may be stolen by irresponsible parties. Self-test is needed in order to find out security holes that might be attacked. Therefore, a vulnerability assessment is needed to find security holes. Vulnerability Assessment (VA) is a system scanning process to find vulnerabilities and loopholes in a website system, this loophole provides a backdoor for attackers to attack the victim's system. Owasp-zap is an application that can look for a security hole in the website system, after information about the vulnerability is obtained, the developer can make changes or add scripts to a system so that security holes can be overcome in order to maintain data integrity from attacks by irresponsible parties.
12
Nisa, Khairrun, Muklas Adi Putra, Rizky Akbar Siregar, and Muhammad Dedi Irawan. "Analisis Website Tapanuli Tengah Menggunakan Metode Open Web Application Security Project Zap (Owasp Zap)." Bulletin of Information Technology (BIT) 3, no. 4 (2022): 308–216. http://dx.doi.org/10.47065/bit.v3i4.389.
Full textAbstract:
Data security on the website is very important to prevent misuse of data or information on the website. Due to the rapid advancement of technology, many irresponsible persons who are often called hackers or hackers steal data. The author is interested in learning more about the security of the Central Tapanuli website (TAPTENG) as a result of this research. In this section, the author checks the security of the Tapanuli Tengah website using the OWASP ZAP method to assist in determining the actions that need to be taken to mitigate the vulnerability. There are several stages of OWASP that are carried out including Information Gathering, Session Management Testing, Data Validation Testing, and Webservices Testing. From the overall research results detected on the 192.187.99.170 website, the results obtained were 22079 instances with the threat name Timestamp Disclosure - Unix with the threat level at the Low level, which means it is at a low level.
13
Kusuma, Gregorius. "IMPLEMENTASI OWASP ZAP UNTUK PENGUJIAN KEAMANAN SISTEM INFORMASI AKADEMIK." Jurnal Teknologi Informasi: Jurnal Keilmuan dan Aplikasi Bidang Teknik Informatika 16, no. 2 (2022): 178–86. http://dx.doi.org/10.47111/jti.v16i2.3995.
Full textAbstract:
Information security is an important thing that must be considered for every individual and institution in order to avoid crime. Poor information systems can threaten the critical infrastructure of an organization. Problems with system security vulnerabilities or disruptions are widely scattered on the internet. Early detection of the weakness of a system is the initial solution in securing a system. Therefore we need an analysis of the vulnerability of a system that refers to the security standardization of the Open Web Application Security Project (OWASP) by performing an active scan. Website vulnerability analysis using the OWASP ZAP technique with the help of several security tools is able to determine the security level of a website based on the results of scans and tests that have been carried out where almost every test category is able to find vulnerabilities, although there are several categories that do not have vulnerabilities. The purpose of this study is to identify the vulnerabilities contained in the University Academic Information System website and conduct testing and analysis to determine the condition of the vulnerability of the University Academic Information System website using the Open Web Application Security Project (OWASP). The research method used as a website security parameter is OWASP Top-10 2021.
14
Haeruddin, Gautama Wijaya, Hendra Winata, Sukma Aji, and Muhammad Nur Faiz. "Website Security Analysis Using Vulnerability Assessment Method." Journal of Innovation Information Technology and Application (JINITA) 6, no. 2 (2024): 173–80. https://doi.org/10.35970/jinita.v6i2.2476.
Full textAbstract:
In today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this research was vulnerability assessment. It will involve gathering information with the tools such as, Nmap, whois and nslookup. OWASP ZAP detected 11 vulnerabilities, categorized into 6 medium level and 5 low level, including Content Security Policies (CSP) and anti-clickjacking headers. Otherwise, Nessus only detected one medium level vulnerability, the absence of HTTP Strict Transport Security (HSTS). The difference in detection results from the tools that OWASP ZAP is better at finding web application weakness that are consistent with the OWASP Top Ten 2021, while Nessus specifically targets server and network configuration. For educational institutions, these results emphasize the importance of conducting regular vulnerability assessment to protect sensitive data. Recommended action include implementing CSP to prevent Cross-site scripting (XSS) and other injection attacks, enforcing HSTS to secure communication, and its recommend to updating software to mitigate the unknown vulnerabilities. By adopting these measures, institutions can reduce their exposure to cyber attacks, its also can maintain user trust, and strengthen overall security. This research provides a pratical framework for stregthening the security of educational websites against evolving threats. These findings highlight that the importance of using multiple tools can provide a more comprehensive view of security gaps.
15
Pramuja Inngam Fanani, Galih, Muhammad Amirul Mu’min, and Novi Tristanti. "Analisis dan Pengujian Kerentanan Website Menggunakan OWASP ZAP." Jurnal Riset Sistem dan Teknologi Informasi 3, no. 1 (2025): 36–50. https://doi.org/10.30787/restia.v3i1.1886.
Full textAbstract:
Penggunaan internet sedang meningkat, dengan situs web seperti mesin pencari, e-commerce, media sosial, dan portal berita yang sering diakses. Namun, situs web ini sering memiliki celah keamanan yang dapat dieksploitasi untuk ancaman siber. Oleh karena itu penelitian ini bertujuan untuk meningkatkan ketahanan web terhadap serangan siber dan memastikan pengalaman pengguna yang lebih aman, lebih andal dan data pengguna terlindungi. OWASP ZAP adalah alat keamanan yang banyak digunakan yang membantu organisasi mengidentifikasi dan mengatasi kerentanan dalam aplikasi web. Alat ini menawarkan fitur seperti pemindaian otomatis, kemampuan pengujian manual, dan fungsionalitas pelaporan yang komprehensif. Analisis kerentanan berbasis OWASP ZAP membantu mengidentifikasi tingkat keamanan aplikasi web melalui metode pemindaian pasif dan aktif, mendeteksi celah keamanan seperti injeksi SQL, skrip lintas situs, dan konfigurasi yang tidak aman. Temuan kerentanan seperti A01, A03, A04, A05, A06, A08, dan A09 yang mencakup ancaman seperti Cross-Site Scripting (XSS), Clickjacking, dan Man-in-the-Middle menyoroti pentingnya penerapan langkah-langkah mitigasi untuk melindungi keamanan situs web. Penerapan solusi seperti konfigurasi header keamanan (CSP, HSTS, dan X-Frame Options) serta perlindungan terhadap data sensitif sangat penting untuk mencegah eksploitasi. Sehingga dalam pencegahannya diperlukan penerapan protokol enkripsi, pembaruan perangkat lunak secara berkala, pelaksanaan penilaian kerentanan, dan pelatihan karyawan tentang praktik terbaik keamanan siber
16
Sati, Devani Laras, Devina Laras Sita, and Khairunnisak Nur Isnaini. "Identifikasi Celah Kerentanan Keamanan Pada Website Dengan Metode Pengujian Penetrasi OWASP ZAP." Jurnal RESISTOR (Rekayasa Sistem Komputer) 7, no. 3 (2024): 153–61. https://doi.org/10.31598/jurnalresistor.v7i3.1459.
Full textAbstract:
Resepedia is a website that presents a variety of food recipes and culinary articles. In addition, resepedia also stores user data including sensitive information such as names, emails, and passwords. The existence of this information carries a potential security risk, which can cause potential leakage of user data that can make misuse of data or information. Therefore, this study uses OWASP Zed Attack Proxy (OWASP ZAP) to identify security holes and evaluate potential risks on the Resepedia website. The results identified 16 types of potential threats, with 3 categories having a Medium threat level, 6 categories having a Low threat level, and 7 categories being Informative. Thus, the level of information security on the Resepedia website is considered to be at the Medium level. This research proves that OWASP ZAP can be used to identify information security vulnerabilities based on the results obtained. This research is expected to provide an in-depth understanding, comprehensive security risk analysis, and become the foundation for further research related to security analysis on the website.
17
Tara, Tara Rizkayanti, and Yunanri W. "ANALISIS KEAMANAN WEBSITE SISTEM INFORMASI ADMINISTRASI KEPENDUDUKAN MENGGUNAKAN METODE VULNERABILITY ASSESMENT." JURNAL TEKNOLOGI INFORMATIKA DAN KOMPUTER (JURTIKOM) 1, no. 1 (2023): 1–9. http://dx.doi.org/10.51401/jurtikom.v1i1.3172.
Full textAbstract:
Website is an information page that is provided via the internet so that it can be accessed throughout the world as long as internet activity on a device is connected. Information security on a website is the most important at this time, including the website of the Ministry of Home Affairs in the field of population and civil registration which provides information about community personal data. This problem is very important if it is accessed by irresponsible people. The method used in this study is the Vulnerability Assessment method. This research has found information related to the target website and several vulnerability warnings after testing a vulnerability scanner with a high level of risk so that the research recommends fixing the vulnerability to minimize security holes exploited by hackers. Testing was carried out using Kali Linux and OWASP ZAP.
 
 Keywords: Security, Website, Dukcapil, Kali Linux, OWAPS ZAP
18
Hidayat, Nanda, and Muhammad Agung Nugroho. "ANALISIS CELAH KEAMANAN PADA WEBSITE SMA NEGERI 3 BERAU DENGAN METODE PENETRATION TESTING." Journal of Information System Management (JOISM) 6, no. 2 (2025): 102–8. https://doi.org/10.24076/joism.2025v6i2.1858.
Full textAbstract:
Perkembangan informasi digital membuat website menjadi sangat berguna dan semkain mudah untuk diraih oleh semua khalayak. SMA Negeri 3 Berau adalah salah satu institusi Pendidikan di Talisayan yang menerapkan pengembangan website sebagai sistem informasi. Akan tetapi dengan beragamnya penggunaan website yang tersedia beragam juga penyimpangan internet akan terjadi. Untuk menghalau hal tersebut bisa dilakukan dengan metode penetration testing dengan tahap-tahap seperti footprinting dengan menggunakan DNSDumpster dan WPThemeDetector, Scanning fingerprinting dengan alat seperti OWASP ZAP, WPScan, dan Nikto untuk memindai titik-titik celah keamanan website SMAN 3 Berau. Hasil pemindaian keamanan website SMAN 3 Berau diperoleh 7 titik kerentanan dengan OWASP ZAP, 4 kerentanan diperoleh dengan WPScan, dan 9 Kerentanan yang diperoleh menggunakan Nikto. Sehingga output dari pemindaian berupa daftar celah keamanan dimanfaatkan sebagai pertimbangan pencegahan bagi pihak pengelola website.
19
Bhanu, Mohammad Shinaz, Durgam Varshini, Poosala Srikanth, and Payyavula Lokesh. "Exploiting Vulnerabilities in Weak CAPTCHA Mechanisms within DVWA." Journal of Information Technology and Digital World 7, no. 2 (2025): 119–29. https://doi.org/10.36548/jitdw.2025.2.003.
Full textAbstract:
This research focuses on identifying vulnerabilities in the CAPTCHA implementation of the Damn Vulnerable Web Application (DVWA). We utilize Optical Character Recognition (OCR) with Tesseract, capture internet traffic using OWASP ZAP, and develop Python-based automated scripts to bypass substandard CAPTCHA implementations. Throughout the study, we uncover critical vulnerabilities, including the lack of CAPTCHA verification for sensitive actions such as password changes. We provide a detailed step-by-step analysis of how attackers can exploit these vulnerabilities. We conclude by comparing these weak CAPTCHA methods with more robust alternatives, such as Google reCAPTCHA, and recommend best practices, including server-side validation, CAPTCHA obfuscation, and the implementation of multi-layered security systems. The research employs software tools including Tesseract OCR v5.3, OWASP ZAP 2.12.0, Python 3.10, and DVWA 1.10 on XAMPP.
20
Carlos P. Flores Jr. "Evaluation of Common Security Vulnerabilities of State Universities and Colleges Websites Based on OWASP." Journal of Electrical Systems 20, no. 5s (2024): 1396–404. http://dx.doi.org/10.52783/jes.2471.
Full textAbstract:
The security of state universities' and colleges' websites in the Philippines is vital because they play a critical role in delivering education and information to a wide variety of users. However, these institutions are also exposed to several security flaws due to their growing reliance on digital platforms. The objective of this study is to analyze security vulnerabilities in state universities and colleges websites, utilizing the OWASP Zed Attack Proxy (ZAP), an open-source tool. By adhering to the Open Web Application Security Project (OWASP) Top 10, we can identify potential hazards and suggest appropriate measures to mitigate risks. The steps of the test include gathering data about the test target, using OWASP ZAP to do automatic scanning, exploitation of the scan results, reporting, and offering recommendations. Seventeen (17) SUCs were examined, and the results show that 23.53% are vulnerable to injection, 40.06% had insecure design, 70.59% had outdated components, 88.24% have security misconfiguration, and 94.12% are vulnerable to Broken Access Control. Malicious actors use these vulnerabilities to obtain unauthorized access to software, networks, and systems. By raising the privileges and granting the user ID additional access inside the ecosystem, it can harm the availability, confidentiality, or integrity of data. SUCs should embrace the OWASP Top 10 and begin the process of ensuring that the risks associated with their websites are minimized.
21
Aura Arnelia Zahrani, Dzihni Safwa Alifah, Yulia Cahyani, and Ilham Albana. "Analisis Vulnerability Assessment pada Sistem Informasi Website IITC Intermedia Universitas Amikom Purwokerto Menggunakan OWASP ZAP." Bridge : Jurnal Publikasi Sistem Informasi dan Telekomunikasi 3, no. 2 (2025): 55–68. https://doi.org/10.62951/bridge.v3i2.425.
Full textAbstract:
Information system security is a crucial aspect in maintaining the confidentiality and integrity of user data. The IITC Intermedia website of Amikom Purwokerto University serves as an information system for national events and stores participants' personal data, necessitating a security evaluation. This study aims to analyze vulnerabilities on the website using the Vulnerability Assessment method with the OWASP ZAP tool. The research process involves data collection, vulnerability scanning, result analysis based on the OWASP Top 10 2021 categories, and providing technical recommendations. The scan results revealed 23 vulnerabilities, consisting of 1 high-risk, 4 medium-risk, 9 low-risk, and 9 informational findings. Among these, 15 vulnerabilities fall under the OWASP Top 10 classification. Key vulnerabilities identified include the use of outdated JavaScript libraries, security header misconfigurations, and weaknesses in session management and access control. Based on these findings, several mitigation measures are recommended to strengthen system security. This study emphasizes the importance of implementing OWASP standards in the development and management of web-based information systems.
22
Syam Al'Am'yubi, Muhammad Ramdani, and Danur Wijayanto. "Analisis Sistem Keamanan Website XYZ Menggunakan Framework OWASP ZAP." Jurnal Ilmu Komputer (JUIK) 3, no. 1 (2023): 1. https://doi.org/10.31314/juik.v3i1.1974.
Full textAbstract:
Layanan website telah menjadi sebuah platform yang paling sering digunakan oleh hampir seluruh kalangan untuk mendapatkan informasi yang dibutuhkan. Selain itu layanan website juga bisa menjadi sebagai media profile seperti website XYZ yang merupakan website dari Wahyu Arif Purnomo seorang Security Analyst dan Developer disalah satu perusahaan penyedia layanan yang berkaitan dengan IT. Website yang dapat diakses oleh semua pengguna internet memerlukan analisis sistem keamanan untuk menjaga website tetap aman dari ancaman serangan perentas. Dalam pengujian analisis sistem website kemanan mengunakan metode Open Web Application Security Project(OWASP) dengan perangkat lunak yaitu OWASP Zed Attack Proxy(ZAP) yang digunakan untuk melakukan pengujian keamanan dan rekomendasi perbaikan yang dapat dilakukan pada website. pada pengecekan berlangsung mendapatkan 4 kerentanan. Hasil 4 kerentanan mendapatkan 2 level low dan 2 level informational. Dengan adanya analisis ini, bisa mengetahui resiko kerentanan suatu website dan mempermudah melakukan pencegahan berdasarkan informasi yang di dapat.
23
Kurniawan, Henokh, and Erwien Christianto. "Analysis Vulnerability Website Baleomolcreative dengan Metode Penetration Testing Execution Standard & Vulnerability Assessment Pada Http Response Header Field." Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi) 8, no. 3 (2024): 734–45. http://dx.doi.org/10.35870/jtik.v8i3.2202.
Full textAbstract:
This research will analyze web security and how to find out whether there is a vulnerability or what could be called a vulnerability to enter gaps in the Baleomolcreative web, making the web unsafe. In analyzing whether there are vulnerabilities, the Penetration Testing Execution Standard and Vulnerability Assessment methods are used to determine whether there are gaps or vulnerabilities in the Baleomolcreative website that can be exploited by external parties. This method uses tools such as Owasp ZAP, Nikto, and Nmap which can be used to perform vulnerability scanning on a website. In this research, we succeeded in identifying 3 levels of vulnerability on the Baleomolcreative website, namely medium, low, and informational, with a total of 18 alerts generated from notifications on Owasp Zap. The scanning process includes vulnerability testing such as Content Security Policy, Anti-clickjacking Header, Dangerous JS Functions, Permissions Policy, and others.
24
Kurniawan, Azis, and Kalamullah Ramli. "EFFECTIVENESS OF SECURITY THROUGH OBSCURITY METHODS TO AVOID WEB APPLICATION VULNERABILITY SCANNERS." Jurnal Teknik Informatika (Jutif) 4, no. 6 (2023): 1479–86. http://dx.doi.org/10.52436/1.jutif.2023.4.6.778.
Full textAbstract:
The concept of security through obscurity is not recommended by the National Institute of Standards and Technology (NIST) as a form of system security. Basically this concept hides assets as difficult as possible so that it is not easy for attackers to find them, so that it can be used to avoid vulnerability scanner applications that are widely used by attackers to find out web system weaknesses. This research was conducted by modifying the web application firewall (WAF) and testing using the SQLMap and OWASP Zed Attack Proxy (ZAP) vulnerability scanner applications. The results of the study show that SQLMap takes up to 1238 times longer to complete a scan on a modified web application firewall than without modification, while OWASP ZAP cannot complete a scan on the same treatment. Thus the concept of security through obscurity can be applied to web security to extend vulnerability scanning time.
25
Yoon, Jong Moon. "SIEM OWASP-ZAP and ANGRY-IP Vulnerability Analysis Module and Interlocking." Jouranl of Information and Security 19, no. 2 (2019): 83–89. http://dx.doi.org/10.33778/kcsa.2019.19.2.083.
Full text
26
Aristotel Aaron Agpaoa. "Development and Employment of Cyber Security of e201 File Web Application for Data Center College of the Philippines of Laoag City, Inc." Journal of Electrical Systems 20, no. 5s (2024): 677–83. http://dx.doi.org/10.52783/jes.2289.
Full textAbstract:
Web-based systems in today's interconnected world play a vital role and need of enhanced cybersecurity measures to protect sensitive information since cybercrimes are increasing rapidly. The focus of the study is on the development of an e201 file web application for the Data Center College of the Philippines which will be accessed through a web browser. The objective study is to evaluate the cybersecurity of the developed application, particularly in handling essential personnel records using confidential data OWASP ZAP security testing tool and its software quality based on ISO 25010 specifically in software functionality, usability, and security to determine if it is ready for live deployment. The study utilizes the Research and Development model as its research design to achieve its purpose. The conceptual framework of the study utilized the used of Input-Process-Output model and the Agile Iterative model in the development. The result of the security testing and suggestions of the OWASP ZAP, cyber security was employed in the web application including Content Security Policy Header, HTTOnly Cookie flags, SameSite attribute, X-Content-Type-Options Header, and Anti-CSRF Token. With an overall mean of 4.41 in the result of Users Acceptance Testing, it implies that the system is a great help for the institution. The positive feedback received from evaluators confirmed that the development of the e201 files web application were successful. This study implies that utilizing the OWASP Zap is a great help in strengthening cybersecurity and ISO 25010 in the software quality assurance of web applications of educational institutions.
27
Priyawati, Diah, Siti Rokhmah, and Ihsan Cahyo Utomo. "Website Vulnerability Testing and Analysis of Website Application Using OWASP." International Journal of Computer and Information System (IJCIS) 3, no. 3 (2022): 142–47. http://dx.doi.org/10.29040/ijcis.v3i3.90.
Full textAbstract:
Many businesses, organizations, and social institutions use websites to support their main tasks. The various benefits of the website must be supported by the security aspects of the website in order to avoid hacking. Cyber attacks or hackers can do dangerous things like get more valuable data. So it is necessary to test a good website to find out the level of vulnerability of application features in it. A suitable test for websites where the website is distributed over a network is the grey box penetration test. This study performs a grey box penetration testing technique using the OWASP method and the OWASP ZAP tool. The test steps are collecting test target information, performing automatic scanning with the help of OWASP ZAP, exploiting the scan results, reporting, and providing recommendations. The test results show the target application website has 12 vulnerabilities with 8.3% at the high level vulnerability or 1 alert, 41.7% at the medium level or 5 alerts, 33.3% at the low level or 4 alerts, and 16.7 at the informational level or 2 alerts. These vulnerabilities are related to matters related to A01-Broken Access Control, A03-Injection, A05-Security Misconfiguration, and A08-Software and Data Integrity Failures.
28
Lakhtin, Ivan, Dmytro Mykhailenko, and Oleksii Nariezhnii. "Comparison of commercial web application vulnerability scanners and open source scanners." Computer Science and Cybersecurity, no. 2 (December 26, 2022): 41–49. http://dx.doi.org/10.26565/2519-2310-2022-2-05.
Full textAbstract:
The paper compares eight vulnerability scanners based on two intentionally vulnerable applications. The comparison is performed using five criteria: accuracy, recall, Juden index calculation, web benchmark from WASSEC and OWASP. OWASP WebGoat and Damn Vulnerable Web Application (DVWA) are selected as the tested applications. Among the tested scanners there are three commercial scanners: Acunetix, HP WebInspect, AppScan, and five open source scanners such as: Arachni, IronWASP, Skipfish, OWASP ZAP, Vega. According to the results, it was concluded that commercial scanners are more effective in a number of criteria (including the list of threats). Some open source scanners (such as ZAP and Skipfish) can be characterized as originally targeted at certain types of threats. It is emphasized that there is no single security scanner that provides consistently high detection rates for all types of vulnerabilities. Based on the results of the review, it is claimed that the existing differences in the frequency of false-positive vulnerabilities (for both groups of scanners) are due to the fact that most commercial solutions have automated scanners, which are more effective than manual settings by the tester. It is obvious that the results of manual settings have a direct relationship with the actual level of the tester's competence, and largely determine the final results.
29
Ningsih, Shita Widya. "Analisis Pengujian Kerentanan Situs Pemerintahan XYZ dengan PTES." JATISI (Jurnal Teknik Informatika dan Sistem Informasi) 8, no. 3 (2021): 1543–56. http://dx.doi.org/10.35957/jatisi.v8i3.1224.
Full textAbstract:
Pesatnya perkembangan teknologi sejalan dengan perkembangan aplikasi berbasis web, serta meningkatkan serangan keamanan dan berbagai teknik ancaman yang menyerang web. Kantor layanan terpadu pada pemerintah daerah XYZ telah menggunakan website untuk membantu salah satu proses bisnisnya. Dengan begitu, diperlukan vulnerability assessment dan penetration testing untuk mengetahui celah keamanan pada wwebsite. Vulnerability Assessment adalah metode untuk mencari kerentanan keamanan yang ada pada sebuah website dan penetration testing adalah metode untuk menguji kerentanan keamanan pada sebuah website. Pada penelitian ini akan dilakukan vulnerability assessment dan penetration testing pada situs layanan terpadu pemerintahan daerah XYZ menggunakan standar PTES dengan beberapa tools yang digunakan yaitu OWASP ZAP, Acunetix, dan Paros pada Kali Linux. Hasil penilaian kerentanan yang diperoleh pada website layanan terpadu memiliki jenis kerentanan dan tingkat risiko yang berbeda-beda sesuai dengan tools yang digunakan. Pada pengujian yang dilakukan pada tool OWASP ZAP didapatkan kerentanan dengan tingkat risiko tinggi sebesar 10%. Tool Acunetix mendapat tingkat risiko tinggi 16.6%, dan tool Paros mendapat kerentanan dengan tingkat risiko tinggi 20%.
30
Abdulghaffar, Khaled, Nebrase Elmrabit, and Mehdi Yousefi. "Enhancing Web Application Security through Automated Penetration Testing with Multiple Vulnerability Scanners." Computers 12, no. 11 (2023): 235. http://dx.doi.org/10.3390/computers12110235.
Full textAbstract:
Penetration testers have increasingly adopted multiple penetration testing scanners to ensure the robustness of web applications. However, a notable limitation of many scanning techniques is their susceptibility to producing false positives. This paper presents a novel framework designed to automate the operation of multiple Web Application Vulnerability Scanners (WAVS) within a single platform. The framework generates a combined vulnerabilities report using two algorithms: an automation algorithm and a novel combination algorithm that produces comprehensive lists of detected vulnerabilities. The framework leverages the capabilities of two web vulnerability scanners, Arachni and OWASP ZAP. The study begins with an extensive review of the existing scientific literature, focusing on open-source WAVS and exploring the OWASP 2021 guidelines. Following this, the framework development phase addresses the challenge of varying results obtained from different WAVS. This framework’s core objective is to combine the results of multiple WAVS into a consolidated vulnerability report, ultimately improving detection rates and overall security. The study demonstrates that the combined outcomes produced by the proposed framework exhibit greater accuracy compared to individual scanning results obtained from Arachni and OWASP ZAP. In summary, the study reveals that the Union List outperforms individual scanners, particularly regarding recall and F-measure. Consequently, adopting multiple vulnerability scanners is recommended as an effective strategy to bolster vulnerability detection in web applications.
31
Nurjannah and Abdul Muni. "ANALISIS KEAMANAN WEBSITE SEKOLAH SMAN 1 TEMPULING DENGAN MENGGUNAKAN OPEN WEB APPLICATION SECURITY PROJECT (OWASP)." JURNAL PERANGKAT LUNAK 6, no. 2 (2024): 351–61. http://dx.doi.org/10.32520/jupel.v6i2.3442.
Full textAbstract:
Keamanan website merupakan satu hal penting dalam perancangan sebuah website, namun masih banyak pengembang website yang kurang berhati-hati dalam meningkatkan keamanan website nya. Pengembang situs web harus menerapkan keamanan situs web yang baik di awal perancangan situs web, karena mungkin suatu saat situs web yang telah dibangun akan menjadi target kerusakan oleh peretas. Selain itu, pengembang situs web harus sering mengikuti tren serangan terbaru agar dapat menjaga dan meningkatkan situs web dari hal-hal yang tidak diinginkan. Vulnerability assessment merupakan sebuah keretanan, kekurangan atau celah pada sistem, yang dapat dimanfaatkan oleh satu atau lebih penyerang untuk melakukan serangan yang dapat membahayakan kerahasiaan, integritas, atau ketersediaan suatu sistem. Oleh karena itu peneliti akan melakukan pengujian mengenai keamanan website yang ada pada salah satu sekolah yaitu SMAN 1 Tempuling, SMAN 1 Tempuling merupakan Sekolah Menengah Atas Negeri yang ada di Provinsi Riau Kabupaten Indragiri Hilir Kecamatan Tempuling Kelurahan Sungai Salak yang beralamat di Jalan 21 Maret RT 006 RW 003 Sungai Salak, menggunakan aplikasi OWASP-ZAP, sebagai bahan percobaan untuk menguji bagaimana kerentanan website tersebut tehadap serangan-serangan yang dilakukan melalui aplikasi OWASP-ZAP.
32
Maniraj, S. P., Chitra Sabapathy Ranganathan, and Satheeshkumar Sekar. "SECURING WEB APPLICATIONS WITH OWASP ZAP FOR COMPREHENSIVE SECURITY TESTING." INTERNATIONAL JOURNAL OF ADVANCES IN SIGNAL AND IMAGE SCIENCES 10, no. 2 (2024): 12–23. https://doi.org/10.29284/ijasis.10.2.2024.12-23.
Full text
33
Sabariman, Sabariman, Haeruddin Haeruddin, and Deven Lee. "ANALISIS KERENTANAN APLIKASI AKADEMIK BERBASIS WEBSITE XYZ MENGGUNAKAN OWASP." Jurnal Khatulistiwa Informatika 11, no. 2 (2024): 92–102. http://dx.doi.org/10.31294/jki.v11i2.20194.
Full textAbstract:
Perkembangan teknologi informasi dan komunikasi (TIK) merupakan alasan utama sebuah instansi atau perusahaan perlu beradaptasi. Perkembangan TIK mengharuskan pengelolanya menerapkan sistem keamanan termasuk pada aplikasi berbasis website. Penerapan keamanan pada aplikasi berbasis website ditujukan untuk mengatasi kemungkinan serangan cyber. Aplikasi akademik berbasis website XYZ merupakan layanan validasi data yang diberikan universitas XYZ kepada mahasiswa. Untuk memeriksa keamanan aplikasi ini diperlukan proses pengujian kerentanan. Dalam penelitian ini pengujian dilakukan dengan menggunakan metode Open Web Application Security Project (OWASP). Beberapa tools yang digunakan diantaranya SSL Scan, Whois, Nmap, Shodan.io, Google Chrome, Metasploit Framework, dan OWASP ZAP untuk mengidentifikasi kerentanan sesuai dengan standar Top OWASP 2021 dan Top OWASP API Security Risk 2023. Melalui proses pengujian kerentanan tersebut, ditemukan sebanyak delapan belas bentuk kerentanan dengan tingkat risiko high, medium, low, dan informational dengan bentuk kerentanan yang paling critical adalah broken object level authorization untuk tahun 2023.Sementara untuk 2021 kerentanan yang paling critical adalah broken access control. Oleh karena itu diperlukan tindak lanjut pada aplikasi akademik XYZ berdasarkan penyebab yang ditemukan. Adapun solusi yang diberikan dalam penelitian ini sesuai dengan tingkat risiko kerentanan.
34
Daffa Fernaldy, Naufal, Nurul Maharani Piranti, and Catur Susaningsih. "PENGUJIAN KEAMANAN APLIKASI BERBASIS WEBSITE : SYSTEMATIC LITERATURE REVIEW." JATI (Jurnal Mahasiswa Teknik Informatika) 9, no. 4 (2025): 6826–32. https://doi.org/10.36040/jati.v9i4.13840.
Full textAbstract:
Peran keimigrasian sangat bermanfaat saat ini dimana lalu lintas orang asing merupakan hal yang lumrah terjadi di antar negara di seluruh dunia, dimana keimigrasian sendiri mengatur lalu lintas masuk dan keluarnya orang asing. Untuk mendukung sarana dan prasarana yang memadai, tidak lepas dari yang namanya teknologi informasi dan digitalisasi. Dimana sangat bermanfaat demi efisiensi baik sumber daya alam maupun sumber daya manusia yang digunakan. Kantor Imigrasi di Indonesia saat ini sudah menggunakan berbagai macam aplikasi dan website untuk mendukung berjalannya pelayanan publik dan penegakan hukum keimigrasian. Keamanan aplikasi dan website memiliki peran yang krusial dimana didalamnya mencakup data-data rahasia dan penting, serta berguna untuk pengembangan perangkat lunak modern. Studi ini menggunakan metodoe (OWASP) Open Web Application Security Project yang menyediakan berbagai metode dan panduan untuk mengidentifikasi dan mengatasi celah keamanan dan website. Penelitian ini bertujuan untuk menganalisis efektivitas penggunaan metode (OWASP) dengan teknik utama seperti OWASP top 10, OWASP Testing Guide, dan OWASP ZAP (Zed Attack Proxy). Metode penelitian ini melibatkan studi kasus pada sebuah aplikasi web untuk mengidentifikasi masalah dan celah keamanan serta kesalahan konfigurasi. Hasil pengujian menunjukkan bahwa metode OWASP mampu mengidentifikasi berbagai macam celah dan kesalahan konfigurasi yang ada pada website tersebut dengan tingkat akurasi yang tepat serta memberikan rekomendasi pencegahan. Pengujian keamanan ini menjadi solusi yang efektif bagi developer untuk memperbaiki dan meningkatkan ketahanan aplikasi terhadap serangan siber yang tidak diinginkan.
35
Wijayanto, Danur, and Arizona Firdonsyah. "Analisis Tingkat Resiko Pada Website Xyz Menggunakan Metode Owasp." Digital Transformation Technology 4, no. 1 (2024): 644–51. http://dx.doi.org/10.47709/digitech.v4i1.4485.
Full textAbstract:
Website adalah salah satu platform yang digunakan untuk menunjukkan beberapa jenis informasi. XYZ website adalah sebuah website Company Profile dari Studi Tari. Website XYZ masih menggunakan keamanan web standar yang digunakan untuk mengamankan data pribadi. Web tersebut pernah diserang menggunakan serangan XSS (Cross-Site Scripting), namun kerentanannya masih belum diketahui. Pada penelitian ini, peneliti menggunakan metode OWASP (Open Web Application Security Projects) untuk memindai web tersebut. Untuk menentukan tingkat resiko, peneliti menggunakan likelihood dan impact. Pemindaian kerentanan keamanan menghasilkan 11 kerentanan dengan tingkat resiko yang berbeda – beda seperti 9 kerentanan mempunyai kategori sedang dan 2 kerentanan mempunyai kategori rendah. Tingkat kerentanan tersebut dihitung setelah mementukan tingkatan likelihood dan impact dari hasil pemindaian menggunakan OWASP ZAP.
36
Riadi, Imam, Abdul Fadlil, and Muhammad Amirul Mu'min. "OWASP Framework-based Network Forensics to Analyze the SQLi Attacks on Web Servers." MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer 22, no. 3 (2023): 481–94. http://dx.doi.org/10.30812/matrik.v22i3.3018.
Full textAbstract:
One of dangerous vulnerabilities that attack the web is SQLi. With this vulnerability, someone can obtain user data information, then change and delete that data. The solution to this attack problem is that the design website must improve security by paying attention to input validation and installing a firewall. This study's objective is to use network forensic tools to examine the designlink website's security against SQLi attacks, namely Whois, SSL Scan, Nmap, OWASP Zap, and SQL Map. OWASP is the framework that is employed; it is utilized for web security testing. According to the research findings, there are 14 vulnerabilities in the design website, with five medium level, seven low level, and two informational level. When using SQL commands with the SQL Map tool to get username and password information on its web server design. The OWASP framework may be used to verify the security of websites against SQLi attacks using network forensic tools, according to the study's findings. So that information about the vulnerabilities found on the website can be provided. The results of this study contribute to forensic network knowledge against SQLi attacks using the OWASP framework as well as for parties involved in website security.
37
Albalawi, Neaimh, Norah Alamrani, Rasha Aloufi, Mariam Albalawi, Amer Aljaedi, and Adel R. Alharbi. "The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities." Electronics 12, no. 12 (2023): 2664. http://dx.doi.org/10.3390/electronics12122664.
Full textAbstract:
In recent years, the number of people using the Internet has increased worldwide, and the use of web applications in many areas of daily life, such as education, healthcare, finance, and entertainment, has also increased. On the other hand, there has been an increase in the number of web application security issues that directly compromise the confidentiality, availability, and integrity of data. One of the most widespread web problems is defacement. In this research, we focus on the vulnerabilities detected on the websites previously exploited and distorted by attackers, and we show the vulnerabilities discovered by the most popular scanning tools, such as OWASP ZAP, Burp Suite, and Nikto, depending on the risk from the highest to the lowest. First, we scan 1000 URLs of defaced websites by using three web application assessment tools (OWASP ZAP, Burp Suite, and Nikto) to detect vulnerabilities which should be taken care of and avoided when building and structuring websites. Then, we compare these tools based on their performance, scanning time, the names and number of vulnerabilities, and the severity of their impact (high, medium, low). Our results show that Burp Suite Professional has the highest number of vulnerabilities, while Nikto has the highest scanning speed. Additionally, the OWASP ZAP tool is shown to have medium- and low-level alerts, but no high-level alerts. Moreover, we detail the best and worst uses of these tools. Furthermore, we discuss the concept of Domain Name System (DNS), how it can be attacked in the most common ways, such as poisoning, DDOS, and DOS, and link it to our topic on the basis of the importance of its infrastructure and how it can be the cause of hacking and distorting sites. Moreover, we introduce the tools used for DNS monitoring. Finally, we give recommendations about the importance of security in the community and for programmers and application developers. Some of them do not have enough knowledge about security, which allow vulnerabilities to occur.
38
Afrizal Ramadhan, M. Fery, and Asri Samsiar Ilmananda. "ANALISIS ANCAMAN KEAMANAN PADA SISTEM INFORMASI AKADEMIK KAMPUS MENGGUNAKAN METODE OWASP ZAP." JATI (Jurnal Mahasiswa Teknik Informatika) 8, no. 4 (2024): 7985–91. http://dx.doi.org/10.36040/jati.v8i4.10599.
Full textAbstract:
Penggunaan internet di Indonesia terus meningkat, dengan jumlah pengguna mencapai 221.563.479 jiwa pada tahun 2024. Perkembangan ini mendorong kemajuan di bidang teknologi informasi, yang menjadi sangat penting bagi mahasiswa dalam meningkatkan efektivitas waktu dan hasil akademik termasuk di Universitas Merdeka Malang. Sistem informasi akademik (SIAKAD) yang digunakan di Universitas Merdeka Malang, adalah salah satu alat penting berbasis website untuk mengelola data mahasiswa dan kegiatan akademik di Universitas Merdeka Malang. Namun, website ini juga rentan terhadap berbagai ancaman keamanan siber seperti SQL injection, XSS, brute force, dan DDoS. Penelitian ini menggunakan OWASP ZAP, alat yang diakui untuk analisis keamanan web, untuk mengidentifikasi celah keamanan pada Sistem Informasi Akademik (SIAKAD) Universitas Merdeka Malang. Hasil pengujian menunjukkan 17 kerentanan dengan distribusi: 17,65% (3) High Risk Level, 17,65% (3) Medium Risk Level, 29,41% (5) Low Risk Level, dan 35,29% (6) Informational Risk Level. Rekomendasi diberikan khususnya pada kerentanan dalam kategori OWASP A02 (Cryptographic Failures), A03 (Injection), A04 (Insecure Design), dan A05 (Security Misconfiguration). Diharapkan hasil ini dapat membantu staf TI Universitas Merdeka Malang dalam meningkatkan keamanan dan kenyamanan akses website sistem informasi akademik mereka.
39
Abdillah, Muhammad Dimas, Jaka Gunawan, Rayhan Alfatih Atsil, and Aninda Muliani Harahap. "Analisis Kerentanan Website Mtss Al-Washliyah Bah Gunung Menggunakan Metode Open Web Application Security Project ZAP (OWASP ZAP)." Jurnal Sains dan Teknologi (JSIT) 3, no. 1 (2023): 61–67. http://dx.doi.org/10.47233/jsit.v3i1.487.
Full textAbstract:
Data security on the website is very important to prevent misuse of data or information on the website. Due to the rapid progress in the field of technology and information, there are many people called hackers who misuse it for negative things, such as stealing data. In this study, the authors are interested in learning more about the security of the MTSs Al-Washliyah Bah Gunung website. This test utilizes the OWASP ZAP application version 2.12.0.0 in conducting the analysis. The purpose of this research is to test the vulnerabilities on the MTSs Al-Washliyah Bah Gunung website. This research has 3 stages, namely data collection, website identification, and website security testing. The results of this analysis conclude that the website has a medium to high vulnerability.
40
Abdullah, Himli S. "Evaluation of Open Source Web Application Vulnerability Scanners." Academic Journal of Nawroz University 9, no. 1 (2020): 47. http://dx.doi.org/10.25007/ajnu.v9n1a532.
Full textAbstract:
Nowadays, web applications are essential part of our lives. Web applications are used by people for information gathering, communication, e-commerce and variety of other activities. Since they contain valuable and sensitive information, the attacks against them have increased in order to find vulnerabilities and steal information. For this reason, it is essential to check web application vulnerabilities to ensure that it is secure. However, checking the vulnerabilities manually is a tedious and time-consuming job. Therefore, there is an exigent need for web application vulnerability scanners. In this study, we evaluate two open source web application vulnerability scanners Paros and OWASP Zed Attack Proxy (OWASP ZAP) by testing them against two vulnerable web applications buggy web application (bWAPP) and Damn Vulnerable Web Application (DVWA).
41
Adinugroho, N. Bagas, Purwono Hendradi, and D. Sasongko. "ANALISIS KEAMANAN E-LEARNING MENGGUNAKAN OPEN WEB APPLICATION SECURITY PROJECT (OWASP) (STUDI KASUS MOCA UNIMMA)." Jurnal Informatika 22, no. 2 (2022): 132–38. http://dx.doi.org/10.30873/ji.v22i2.3327.
Full textAbstract:
Seperti Pendidikan Tinggi lainnya sistem e-learning Universtitas Muhammadiyah Magelang (UNIMMA) yang dikenal dengan My Online Class (MOCA) berbasis Learning Management System (LMS) Moodle menjadi sarana belajar diera pandemi dan berlanjut sampai saat ini. Dengan demikian sistem MOCA ini tersimpan data-data penting dari kegiatan pembelajaran. Sehingga tantangan berikutnya adalah sistem keamanan data. Untuk itulah dalam penelitian ini dilakukan Analisa keamanan yang bertujuan untuk memberikan gambaran serta rekomendasi pengembangannya. Dalam melakukan anlisa keamanan digunakan metode Open Web Application Security Project (OWASP) dan Tool Red Hawk dan OWASP Zap. Hasilnya diperoleh informasi 13 kerentanan atas MOCA dan 2 diantaranya berlevel high, yaitu kerentanan Cross Site Scripting dan SQL Injection. Untuk itulah dalam penelitian ini disajikan juga rekomendasi untuk 2 kerentanan tersebut.
42
Saputra, Dio Wahyu, Risqy Siwi Pradini, and Mochammad Anshori. "Analisis dan Rekomendasi Keamanan Website Kampus X Menggunakan ISSAF." Jurnal Indonesia : Manajemen Informatika dan Komunikasi 6, no. 1 (2025): 830–43. https://doi.org/10.35870/jimik.v6i1.1306.
Full textAbstract:
The security of educational institution websites is critical in the digital era, especially with the increasing reliance on web-based services. This study evaluates the security of the Campus X website in Malang City using ISSAF (Information Systems Security Assessment Framework). The research stages include information gathering, network mapping, vulnerability identification, and penetration testing. At the vulnerability identification stage, tools such as OWASP ZAP and Acunetix detect security holes in web applications. The results show that the server has implemented the TLS protocol with basic security configuration. Still, several vulnerabilities exist, such as unnecessary open ports and deficiencies in the security header settings. Scanning using OWASP ZAP identified 24 security alerts, 12.5% of which were categorized as high risk, including SQL Injection and a lack of Content Security Policy (CSP). Additionally, DDoS attack simulations demonstrated server resilience, but testing showed the need for security improvements in other aspects. Key recommendations include implementing DNSSEC, closing unused ports, adding CSP headers, and improving protection against web application-based attacks. This research emphasizes the importance of a holistic and ongoing approach to website security management, including regular audits and real-time monitoring. With this strategy, institutions hope to strengthen their security posture, protect digital assets, and minimize the risk of ever-growing cyber attacks.
43
Putra, Bagus Setya, and Dwi Budi Santoso. "Analisis Keamanan Website Berbasis WordPress melalui Penetration Testing untuk Meningkatkan Keamanan Digital." Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi) 9, no. 3 (2025): 981–90. https://doi.org/10.35870/jtik.v9i3.3692.
Full textAbstract:
The development of information technology has made the security and integrity of digital information exchange on websites extremely important. Many websites utilize Content Management Systems CMS like WordPress as an alternative choice. This research aims to conduct penetration testing on the WordPress based website teknoblog.top using the Penetration Testing Execution Standard PTES method and provide recommendations for improving existing vulnerabilities. The analysis results on teknoblog.top using the WPScan tool found 6 informational findings, which do not indicate vulnerabilities. Meanwhile, OWASP ZAP identified vulnerabilities with a total of 3 medium level alerts, 5 low level alerts, and 6 informational alerts. The vulnerability successfully exploited in this research was the Missing Anti Clickjacking Header with a medium level severity. This finding was confirmed using the BurpSuite Scanner tool. The vulnerability was caused by the website not properly configuring the security header. To verify the accuracy of the Missing Anti Clickjacking Header vulnerability findings on the OWASP ZAP scanning tool, exploitation was carried out manually using a simple HTML script and through the clickjacker.io website. It is important to address this issue to prevent web pages from being loaded in iframes on other websites. The recommended fix for this vulnerability is the addition of the X Frame Options header to protect the website from clickjacking attacks.
44
Fathoni, Fathoni, Adzka Fahmi Aulia Hakim, Rifko Akbar, Muhammad Alfarizi Ramadiansyah, and Moh Rizky Sinaga. "ANALISIS KERENTANAN KEAMANAN WEBSITE SISTEM MANAJEMEN ABSENSI KARYAWAN GO DESIGN MENGGUNAKAN METODE OWASP." JATI (Jurnal Mahasiswa Teknik Informatika) 9, no. 4 (2025): 6676–83. https://doi.org/10.36040/jati.v9i4.14151.
Full textAbstract:
Sistem Manajemen Absensi Karyawan GO!Design, yang dibangun dengan framework PHP Laravel, dirancang untuk mempermudah pengelolaan absensi karyawan dan administrasi oleh perusahaan. Namun, seiring dengan meningkatnya ancaman terhadap keamanan aplikasi web, muncul kebutuhan untuk mengevaluasi potensi kerentanannya. Tujuan dari analisis ini adalah untuk mengidentifikasi dan menilai kerentanan pada sistem tersebut guna meningkatkan keamanan. Metode yang digunakan melibatkan OWASP Risk Rating Methodology dan alat OWASP ZAP untuk mengumpulkan data risiko, menilai kemungkinan eksploitasi, dan mengevaluasi dampak dari setiap kerentanan yang ditemukan. Hasil pengujian mengungkapkan adanya 11 celah keamanan, termasuk masalah pada Access Control, SQL Injection, dan Cross-Site Scripting (XSS), yang memiliki tingkat keparahan mulai dari rendah hingga tinggi. Berdasarkan temuan tersebut, diharapkan untuk meningkatkan kontrol akses, mengenkripsi data sensitif, dan menerapkan header keamanan guna memperkuat perlindungan terhadap aplikasi dari potensi ancaman yang ada.
45
Bernal Ontiveros, Juan Manuel, Noé Ramón Rosales Morales, Marisela Palacios Reyes, Claudia Anglés Barrios, and Susan Alexandra Cervantes Cardenas. "Metodología OWASP: Un Enfoque para la Prevención y Resolución de Vulnerabilidades." Ciencia Latina Revista Científica Multidisciplinar 9, no. 2 (2025): 1558–76. https://doi.org/10.37811/cl_rcm.v9i2.16991.
Full textAbstract:
En este estudio se pretende el uso e implementación de la metodología OWASP (Open Web Application Security Project) en las organizaciones y empresas, surgió como una iniciativa global sin fines de lucro enfocada en la necesidad de dar solución a problemas de seguridad ante los ataques de infiltraciones en las aplicaciones web de los hackers mal intencionados. Se creó con la visión de ofrecer recursos accesibles y gratuitos para ayudar a desarrolladores y empresas a construir software más seguro. OWASP ha evolucionado en base al aporte de una comunidad internacional de especialistas en ciberseguridad, los cuales han desarrollado metodologías, herramientas y guías prácticas. Debido a lo anterior uno de los proyectos más influyentes es el OWASP Top 10, que es un listado que identifica las vulnerabilidades más críticas en aplicaciones web y que se ha convertido en un estándar de referencia en las empresas e instituciones gubernamentales y educativas, así como privadas. Actualmente OWASP es una organización abierta y colaborativa, con grupos en diferentes países, ofreciendo un extenso abanico de recursos como OWASP ZAP, ASVS y diversas Cheat Sheets (guías de referencia rápida que contienen buenas prácticas), diseñadas para fortalecer la seguridad en el desarrollo de software. La metodología OWASP proporciona soluciones efectivas para los problemas de seguridad que enfrentan las organizaciones, esto se da por medio de la identificación y solución de vulnerabilidades, además permite a las empresas abordar amenazas críticas como inyecciones SQL, accesos no autorizados y configuraciones erróneas, que son recurrentes en el desarrollo de software. Al adoptar la metodología OWASP, las organizaciones pueden evaluar sus aplicaciones de manera estructurada, proporcionando pautas y buenas prácticas que refuerzan la seguridad desde las fases iniciales del ciclo de desarrollo. Esto fomenta un enfoque preventivo que no solo reduce los riesgos actuales, sino que también contribuye a evitar vulnerabilidades futuras.
46
Sebrina, Aida Fitriya, Achmad Junaidi, and Andreas Nugroho Sihananto. "Testing posketanmu website with google penetration testing and OWASP Top 10." Jurnal Mantik 8, no. 1 (2024): 636–45. http://dx.doi.org/10.35335/mantik.v8i1.5204.
Full textAbstract:
Data integrity has become vital in the quickly evolving digital era, pushing cybersecurity to a critical concern. Securing cybersecurity is crucial for systems such as the Posketanmu website in Mojokerto Regency, as it is responsible for safeguarding sensitive personal information. The objective of this research is to detect, evaluate, and exploit on any security weaknesses present on the Posketanmu website. The methodology combines the Google Penetration Testing strategy with the latest OWASP Top 10 2021 criteria. The penetration testing procedure comprises five distinct steps: Initially, the process involves collecting data and comprehending the platform by utilizing several programs such as Nmap, Nslookup, Wappalizer, Whatweb, Whois, and Google Hacking. Furthermore, the process involves utilizing ZAP to do vulnerability scanning, resulting in the creation of thorough reports. Furthermore, doing a vulnerability assessment, which involves manual testing and classification according to OWASP standards. Furthermore, effectively capitalizing on all eleven identified vulnerabilities. Ultimately, the task involves adhering to the OWASP Top 10 2021 standards by documenting, reporting, and suggesting solutions for any identified issues. This investigation found and resolved four significant security vulnerabilities on the Posketanmu website: stored XSS, unset CSP header, unset Strict-Transport-Security header, and open redirect. The implementation of Google Penetration Testing and adherence to the OWASP Top 10 2021 criteria have greatly improved the security of the Posketanmu website, ensuring the protection of Mojokerto Regency citizens' data.
47
Mochammad Fadilah and Nur Nawaningtyas. "Deteksi Kerentanan Keamanan Dan Mitigasi Situs Web Crowdo.Co.Id Berbasis OWASP Zed Attack Proxy (ZAP )." Merkurius : Jurnal Riset Sistem Informasi dan Teknik Informatika 3, no. 1 (2024): 66–76. https://doi.org/10.61132/merkurius.v3i1.585.
Full textAbstract:
This study aims to analyze security vulnerabilities and mitigation on the crowdo.co.id website using the OWASP Zed Attack Proxy (ZAP) tool, which is a web application security testing tool. High-level security attacks have increasingly risen alongside the advancement of information technology, making vulnerability testing crucial to ensure the integrity and security of information systems. This research involved scanning the crowdo.co.id website to identify various vulnerabilities, including those listed in the OWASP Top 10. The research process encompassed active and passive scanning, data analysis from the scans, and the formulation of mitigation strategies for each identified vulnerability. The findings revealed that the website had 14 detected vulnerabilities, consisting of 1 high-priority vulnerability, 3 medium-priority vulnerabilities, 7 low-priority vulnerabilities, and 3 additional informational alerts. The security dimensions tested included potential XSS attacks, SQL Injection, and other deficiencies that could jeopardize user data. Based on these results, recommended mitigations include code improvements, enhanced security configurations, and the implementation of additional preventive measures. This study concludes that while the website’s security is in the medium category, further improvements are necessary to reduce vulnerability risks. Through this approach, the study provides significant contributions to enhancing web application security.
48
Priambodo, Dimas Febriyan, Asep Dadan Rifansyah, and Muhammad Hasbi. "Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating." Teknika 12, no. 1 (2023): 33–46. http://dx.doi.org/10.34148/teknika.v12i1.571.
Full textAbstract:
Website ”XYZ” merupakan aplikasi yang mempunyai fungsi dalam layanan pembuatan dokumen kependudukan, layanan pendaftaran akses masuk, dan fitur login. Penilaian kerawanan secara berkala diperlukan untuk menjamin kehandalan dari aplikasi. Penilaian kerawanan dengan menggunakan tool uji saja sekarang tidak dirasa cukup sehingga memerlukan validasi. Salah satu validasi tersebut adalah menggunakan penetration testing. Uji penetrasi pada Website XYZ Kabupaten XYZ dilaksanakan dengan mengacu kepada Open Web Application Security Project (OWASP) Top 10-2021. Penetration testing dilaksanakan dengan metode black box untuk mendapatkan hasil pengukuran tingkat kerentanan pada aplikasi. Keseluruhan penilaian kerentanan dilakukan dalam empat tahap yaitu planning, information gathering, vulnerability scanning menggunakan 2 tools otomatis yaitu Vega dan OWASP ZAP sebagai upaya untuk mendapatkan cakupan yang lebih luas terkait kerentanan yang ditemukan dikuti dengan validasi dilanjutkan tahap analysis and reporting. Hasil tahap vulnerability scanning menghasilkan 9 jenis kerentanan dengan sebaran 2 high, 1 medium, dan 6 low. Pengujian penetrasi untuk validasi mengacu pada dokumen panduan Web Security Testing Guide (WSTG) versi 4.2. Hasil proses akhir berupa rekomendasi dapat digunakan sebagai referensi pengembang aplikasi web untuk menangani kerentanan khususnya hilangnya ketersediaan layanan dan kebocoran data.
49
Ade Gustiyonoo, Erick Irawadi Alwi, and Syahrul Mubarak Abdullah. "Analisa Kerentanan Website Terhadap Serangan Cross-Site Scripting (XSS) Metode Penetration Testing." Cyber Security dan Forensik Digital 7, no. 1 (2024): 25–33. http://dx.doi.org/10.14421/csecurity.2024.7.1.4432.
Full textAbstract:
Serangan cross-site scripting (XSS) merupakan salah satu jenis serangan web yang berbahaya. Serangan ini dapat digunakan untuk mencuri data pengguna, melakukan phising, atau menjalankan skrip berbahaya di browser pengguna. Penelitian ini bertujuan untuk: Menganalisis dan mengidentifikasi kerentanan XSS pada situs website dengan menggunakan metode Penetration Testing serta memberikan rekomendasi kepada pihak PT. Tricon Metalindo Perkasa dari hasil pentest yang telah dilakukan. Metode yang digunakan adalah metode penetrasi testing dengan menggunakan tools OWASP Zap dan Hackbar. Hasil penelitian menemukan alert dianataranya Vulnerable JS Library, X-Frame-Options Header Not Set, Absence Of Anti-CSRF Tokens, Cross-Domain JavaScript Source File Inclusion, Incomplete or No Cache-Control and Pragma HTTP Header Set dan X-Content-Type-Options-Header Missing dengan Risk tingkat menengah (medium) sebanyak 2 temuan, tingkat rendah (low) sebanyak 4 dan condifence tingkat menengah (medium) sebanyak 6 dan menunjukkan bahwa terdapat kerentanan XSS pada website PT. Tricon Metalindo Perkaasa, kerentanan tersebut berupa Reflected XSS yang terletak pada kolom input pencarian dengan tingkat risk medium, kerentanan ini dapat di exsploitation oleh penyerang untuk menampilkan pop-up, melakukan phising, atau mencuri data pengguna. ---------------------------- Cross-site scripting (XSS) attacks are a malicious form of web attacks. These attacks can be used to steal user data, perform phishing, or run malicious scripts in the user's browser. This study aims to: Analyze and identify XSS vulnerability on websites using Penetration Testing method and provide recommendations to PT. Tricon Metalindo Mighty from the results of the pentest that has been carried out. The method used is penetration testing using OWASP Zap and Hackbar tools. The research findings revealed several alerts, including Vulnerable JS Library, X-Frame-Options Header Not Set, Absence of Anti-CSRF Tokens, Cross-Domain JavaScript Source File Inclusion, Incomplete or No Cache-Control and Pragma HTTP Header Set, and Missing X-Content-Type-Options-Header. There were 2 findings categorized as medium risk, 4 findings as low risk, and 6 findings with medium confidence level. These findings indicate the presence of XSS vulnerabilities on the PT. Tricon Metalindo Perkasa website, specifically in the form of reflected XSS located in the search input column with a medium-risk level. This vulnerability can be exploited by attackers to display pop-ups, carry out phishing attempts, or steal user data. Keywords: cross-site scripting (XSS), reflected XSS, OWASP Zap, Penetration
50
Zahra, Nabila Athifah, Farras Hafish Zidane, and Nur Racana Kuslaila. "ANALISIS KEAMANAN SISTEM INFORMASI PADA WEBSITE PT SENTRA VIDYA UTAMA (SEVIMA) MENGGUNAKAN METODE OWASP." Prosiding Seminar Nasional Teknologi dan Sistem Informasi 3, no. 1 (2023): 384–93. http://dx.doi.org/10.33005/sitasi.v3i1.564.
Full textAbstract:
Keamanan sistem informasi menjadi hal utama yang harus diperhatikan ketika mengembangkan sebuah aplikasi karena memiliki peran krusial untuk proses bisnis perusahaan. Salah satu perusahaan software house yang bergerak di bidang pendidikan yaitu PT Sentra Vidya Utama memiliki beberapa produk website untuk mendukung proses bisnis perusahaan, salah satu nya adalah platform maukuliah.id. Website ini memudahkan mitra kampus SEVIMA untuk melakukan promosi dan memudahkan calon mahasiswa menemukan kampus atau jurusan yang diinginkan. Terdapat beberapa fitur yang memungkinkan celah kerentanan keamanan pada website seperti fitur pencarian, formulir, dan kontak. Ancaman kerentanan tersebut berpotensi menghambat proses bisnis perusahaan. Oleh karena itu, dalam penelitian ini akan dilakukan pengujian terkait dengan keamanan website secara black box testing menggunakan metode Open Web Application Security Project (OWASP). Hasil yang diperoleh melalui pengujian menggunakan software OWASP ZAP menunjukkan bahwa tingkat kerentanan celah website maukuliah.id berada di level medium hingga low dengan skor secara keseluruhan sebesar 5.75 (medium). Untuk melakukan pencegahan diperlukan adanya pemasangan website security seperti CSP, XSS, dan lain sebagainya.