Analysis of Information System Security Using OWASP ZAP on a Web-Based Electronic Archiving System

Virda Ramadhani Putri; Ade Sobandi; Budi Santoso

doi:10.31315/telematika.v22i3.14241

Authors

Virda Ramadhani Putri Universitas Pendidikan Indonesia
Ade Sobandi Universitas Pendidikan Indonesia
Budi Santoso Universitas Pendidikan Indonesia

DOI:

https://doi.org/10.31315/telematika.v22i3.14241

Keywords:

Website Security, OWASP ZAP, Vulnerabilities, Penetration Testing

Abstract

Purpose: Web-based information systems have become an essential bridge for facilitating accessibility and the use of information. However, with the convenience of access and usage, serious threats related to data security in web systems have also emerged. These threats may arise due to vulnerabilities in the web system, which can be exploited by irresponsible parties to carry out cyberattacks aimed at stealing, damaging, or altering the available information. Therefore, this research is conducted as a preventive measure against these threats through preventive actions by analyzing security vulnerabilities on websites using penetration testing, one of which utilizes the Open Web Application Security Project (OWASP).

Design/methodology/approach: Security analysis of information systems using OWASP ZAP with a penetration testing method.

Findings/result: The testing results and analys conducted on the target website of the web-based electronic archiving system, http://silancarbedas.bandungkab.go.id/, revealed 13 security vulnerabilities categorized under several OWASP ZAP 10:2021 frameworks. Based on these findings, several suggestions or recommendations have been provided to address the website vulnerabilities, which can be used by the website developers to enhance the site's security

Originality/value/state of the art: Vulnerability testing on the web-based electronic archiving information system at http://silancarbedas.bandungkab.go.id/ has not been conducted previously.

References

P. Haryani, “PENILAIAN KUALITAS LAYANAN WEBSITE PEMERINTAH KOTA YOGYAKARTA MENGGUNAKAN METODE E-GOVQUAL,” J. Ilm. DASI, vol. 17, no. 3, hlm. 44–50, 2016.

BPPTIK Kominfo, “Jenis-Jenis Serangan Siber di Era Digital,” 2023. https://bpptik.kominfo.go.id/Publikasi/detail/jenis-jenis-serangan-siber-di-era-digital.

M. A. Rizaty, “Data Jumlah Serangan Siber ke Indonesia hingga 2023,” 2024. https://dataindonesia.id/internet/detail/data-jumlah-serangan-siber-ke-indonesia-hingga-2023.

G. H. A. Kusuma, “IMPLEMENTASI OWASP ZAP UNTUK PENGUJIAN KEAMANAN SISTEM INFORMASI AKADEMIK,” J. Teknol. Inf. J. Keilmuan dan Apl. Bid. Tek. Inform., vol. 16, no. 2, hlm. 178–186, 2022, doi: https://doi.org/10.47111/jti.v16i2.3995.

A. W. Kuncoro dan F. Rahma, “Analisis Metode Open Web Application Security Project ( OWASP ) pada Pengujian Keamanan Website : Literature Review,” Pros. Autom., vol. 3, no. 1, 2022, [Daring]. Tersedia pada: https://journal.uii.ac.id/AUTOMATA/article/view/21893.

S. A. Febriani, A. Muni, B. Rianto, M. Jalil, dan Chrismondari, “ANALISIS KERENTANAN KEAMANAN SISTEM INFORMASI AKADEMIK MENGGUNAKAN OWASP-ZAP DI UNIVERSITAS ISLAM INDRAGIRI,” J. Sist. Inf., vol. 2, no. 6, 2024.

OWASP, “OWASP Top 10: 2021,” 2021. https://owasp.org/Top10/.

P. Engebretson, The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy 2nd Edition. Rockland: Syngress, 2013.

EC-Council, Certified Ethical Hacker v8 : Module 20 Penetration Testing. New Mexico, 2012.