Deteksi Kerentanan Keamanan Dan Mitigasi Situs Web Crowdo.Co.Id Berbasis OWASP Zed Attack Proxy (ZAP )
DOI:
https://doi.org/10.61132/merkurius.v3i1.585Keywords:
Vulnerability, Security, OWASP, ZAPAbstract
This study aims to analyze security vulnerabilities and mitigation on the crowdo.co.id website using the OWASP Zed Attack Proxy (ZAP) tool, which is a web application security testing tool. High-level security attacks have increasingly risen alongside the advancement of information technology, making vulnerability testing crucial to ensure the integrity and security of information systems. This research involved scanning the crowdo.co.id website to identify various vulnerabilities, including those listed in the OWASP Top 10. The research process encompassed active and passive scanning, data analysis from the scans, and the formulation of mitigation strategies for each identified vulnerability. The findings revealed that the website had 14 detected vulnerabilities, consisting of 1 high-priority vulnerability, 3 medium-priority vulnerabilities, 7 low-priority vulnerabilities, and 3 additional informational alerts. The security dimensions tested included potential XSS attacks, SQL Injection, and other deficiencies that could jeopardize user data. Based on these results, recommended mitigations include code improvements, enhanced security configurations, and the implementation of additional preventive measures. This study concludes that while the website’s security is in the medium category, further improvements are necessary to reduce vulnerability risks. Through this approach, the study provides significant contributions to enhancing web application security.
References
Arenas, A. E., Podar, M., & Dalvi, P. (2013). Managing risks in crowd-funding platforms. AIS Electronic Library (AISeL). http://aisel.aisnet.org/wisp2012/32
Babate, I., Musa, A., Kida, M., & Saidu, K. (2015). State of cyber security: Emerging threats landscape. International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015), 3(1), 113–119.
Charly, P., Diatmika, K. E., Prayoga, I. M. P., & Listartha, I. M. E. (2022). Pendeteksian keamanan website SMA Greenschool menggunakan metode OWASP dengan pengujian XSS. Format: Jurnal Ilmiah Teknik Informatika, 11(1), 77. https://doi.org/10.22441/10.22441/format.2022.v11.i1.008
Copyright. (2016). iv. https://doi.org/10.1016/s0065-2458(16)30017-1
Elanda, A., & Lintang Buana, R. (2020). Analisis keamanan sistem informasi berbasis website dengan metode Open Web Application Security Project (OWASP) versi 4: Systematic review (Vol. 5, Issue 2). www.xyz.com
Longueira-Romero, Á., Engineering, A., & Program, P. (2022). Cybersecurity evaluation methodology based on metrics for industrial embedded systems.
Musa Shuaibu, B., Md Norwawi, N., Selamat, M. H., & Al-Alwani, A. (2015). Systematic review of web application security development model. Artificial Intelligence Review, 43(2), 259–276. https://doi.org/10.1007/s10462-012-9375-6
Subject Index. (2016). 5, 251–257. https://doi.org/10.1016/s0065-2458(16)30021-3
Ullrich, P. (2017). The risk to breach vote privacy by unanimous voting. Journal of Information Security and Applications, 35, 168–174. https://doi.org/10.1016/j.jisa.2017.07.001
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Merkurius : Jurnal Riset Sistem Informasi dan Teknik Informatika
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.