Deteksi Kerentanan Keamanan Dan Mitigasi Situs Web Crowdo.Co.Id Berbasis OWASP Zed Attack Proxy (ZAP )

Authors

  • Mochammad Fadilah STMIK Widuri
  • Nur Nawaningtyas STMIK Widuri

DOI:

https://doi.org/10.61132/merkurius.v3i1.585

Keywords:

Vulnerability, Security, OWASP, ZAP

Abstract

This study aims to analyze security vulnerabilities and mitigation on the crowdo.co.id website using the OWASP Zed Attack Proxy (ZAP) tool, which is a web application security testing tool. High-level security attacks have increasingly risen alongside the advancement of information technology, making vulnerability testing crucial to ensure the integrity and security of information systems. This research involved scanning the crowdo.co.id website to identify various vulnerabilities, including those listed in the OWASP Top 10. The research process encompassed active and passive scanning, data analysis from the scans, and the formulation of mitigation strategies for each identified vulnerability. The findings revealed that the website had 14 detected vulnerabilities, consisting of 1 high-priority vulnerability, 3 medium-priority vulnerabilities, 7 low-priority vulnerabilities, and 3 additional informational alerts. The security dimensions tested included potential XSS attacks, SQL Injection, and other deficiencies that could jeopardize user data. Based on these results, recommended mitigations include code improvements, enhanced security configurations, and the implementation of additional preventive measures. This study concludes that while the website’s security is in the medium category, further improvements are necessary to reduce vulnerability risks. Through this approach, the study provides significant contributions to enhancing web application security.

References

Arenas, A. E., Podar, M., & Dalvi, P. (2013). Managing risks in crowd-funding platforms. AIS Electronic Library (AISeL). http://aisel.aisnet.org/wisp2012/32

Babate, I., Musa, A., Kida, M., & Saidu, K. (2015). State of cyber security: Emerging threats landscape. International Journal of Advanced Research in Computer Science & Technology (IJARCST 2015), 3(1), 113–119.

Charly, P., Diatmika, K. E., Prayoga, I. M. P., & Listartha, I. M. E. (2022). Pendeteksian keamanan website SMA Greenschool menggunakan metode OWASP dengan pengujian XSS. Format: Jurnal Ilmiah Teknik Informatika, 11(1), 77. https://doi.org/10.22441/10.22441/format.2022.v11.i1.008

Copyright. (2016). iv. https://doi.org/10.1016/s0065-2458(16)30017-1

Elanda, A., & Lintang Buana, R. (2020). Analisis keamanan sistem informasi berbasis website dengan metode Open Web Application Security Project (OWASP) versi 4: Systematic review (Vol. 5, Issue 2). www.xyz.com

Longueira-Romero, Á., Engineering, A., & Program, P. (2022). Cybersecurity evaluation methodology based on metrics for industrial embedded systems.

Musa Shuaibu, B., Md Norwawi, N., Selamat, M. H., & Al-Alwani, A. (2015). Systematic review of web application security development model. Artificial Intelligence Review, 43(2), 259–276. https://doi.org/10.1007/s10462-012-9375-6

Subject Index. (2016). 5, 251–257. https://doi.org/10.1016/s0065-2458(16)30021-3

Ullrich, P. (2017). The risk to breach vote privacy by unanimous voting. Journal of Information Security and Applications, 35, 168–174. https://doi.org/10.1016/j.jisa.2017.07.001

Downloads

Published

2024-12-24

How to Cite

Mochammad Fadilah, & Nur Nawaningtyas. (2024). Deteksi Kerentanan Keamanan Dan Mitigasi Situs Web Crowdo.Co.Id Berbasis OWASP Zed Attack Proxy (ZAP ). Merkurius : Jurnal Riset Sistem Informasi Dan Teknik Informatika, 3(1), 66–76. https://doi.org/10.61132/merkurius.v3i1.585

Similar Articles

1 2 > >> 

You may also start an advanced similarity search for this article.