Identifikasi Celah Kerentanan Keamanan Pada Website Dengan Metode Pengujian Penetrasi OWASP ZAP

Authors

  • Devani Laras Sati Universitas Amikom Purwokerto
  • Devina Laras Sita Universitas Amikom Purwokerto
  • Khairunnisak Nur Isnaini Universitas AMIKOM Purwokerto

DOI:

https://doi.org/10.31598/jurnalresistor.v7i3.1459

Keywords:

security vulnerabilities, vulnerability, information security, OWASP ZP, security

Abstract

Resepedia is a website that presents a variety of food recipes and culinary articles. In addition, resepedia also stores user data including sensitive information such as names, emails, and passwords. The existence of this information carries a potential security risk, which can cause potential leakage of user data that can make misuse of data or information. Therefore, this study uses OWASP Zed Attack Proxy (OWASP ZAP) to identify security holes and evaluate potential risks on the Resepedia website. The results identified 16 types of potential threats, with 3 categories having a Medium threat level, 6 categories having a Low threat level, and 7 categories being Informative. Thus, the level of information security on the Resepedia website is considered to be at the Medium level. This research proves that OWASP ZAP can be used to identify information security vulnerabilities based on the results obtained. This research is expected to provide an in-depth understanding, comprehensive security risk analysis, and become the foundation for further research related to security analysis on the website.

Downloads

Download data is not yet available.

References

Pandi. “Laporan Statistik”. Internet: https://pandi.id/laporan-statistik, Oktober, 2023 [Nov. 2 2023].[2] F. Kurniawan, "Pengguna website di Indonesia naik 61,6% sepanjang 2020." Internet: https://tekno.sindonews.com, 25 Maret 2021 [Jan. 1, 2024] Fikri Kurniawan, “Pengguna Website di Indonesia Naik 61,6% Sepanjang 2020,” tekno.sindonews.com.

A. Lidwina, "Masyarakat lebih sering memasak di rumah sejak pandemi Covid-19." Internet: https://databoks.katadata.co.id, 15 Juli 2020 [Jan. 2, 2024]. Andrea Lidwina, “Masyarakat Lebih Sering Memasak di Rumah sejak Pandemi Covid-19,” databoks.katadata.co.id.[4] D. Irawan, "Mencuri informasi penting dengan mengambil alih akun Facebook dengan metode phising," JIKI (Jurnal Ilmu Komputer & Informatika), vol. 1, no. 1, pp. 43-46, 2020. D. Irawan and S. Kom, “MENCURI INFORMASI PENTING DENGAN MENGAMBIL ALIH AKUN FACEBOOK DENGAN METODE PHISING,” 2020.

M. R. Ramdani, N. Heryana, and A. S. Y. Irawan, "Penetration testing pada website Universitas Singaperbangsa Karawang menggunakan Open Web Application Security Project (OWASP)," Jurnal Pendidikan dan Konseling (JPDK), vol. 4, no. 4, pp. 5522-5529, 2022. J. Pendidikan and D. Konseling, “Penetration Testing pada Website Universitas Singaperbangsa Karawang Menggunakan Open Web Application Security Project (OWASP).”

M. D. K. Perdani, Widyawan, dan P. I. Santosa, "Blockchain untuk keamanan transaksi elektronik perusahaan financial technology (studi kasus pada PT XYZ)," Semnasteknomedia Online, vol. 6, no. 1, pp. 1-14, 2018. M. Dolorosa Kusuma Perdani and P. Insap Santosa, “BLOCKCHAIN UNTUK KEAMANAN TRANSAKSI ELEKTRONIK PERUSAHAAN FINANCIAL TECHNOLOGY (STUDI KASUS PADA PT XYZ),” UNIVERSITAS AMIKOM Yogyakarta, 2018.

T. Adianto, Y. Ali, dan E. Saptono, "Penilaian risiko serangan siber pada sistem manajemen keamanan informasi PT. UAV," Manajemen Pertahanan: Jurnal Pemikiran dan Penelitian Manajemen Pertahanan, vol. 6, no. 1, 2020. T. Adianto, Y. Ali, E. Saptono, : Penilaian, R. Serangan, and S. Pada…, “RISK ASSESSMENT OF CYBER ATTACKS ON INFORMATION SECURITY MANAGEMENT SYSTEM OF PT. UAV.” [Online]. Available: https://jatim.sindonews.com/read/8917/1/bssn-sebut-ada-10-sektor-yang-rentan-serangan-siber-

Jonny, J., and Darujati, C., "Penilaian risiko data sistem informasi manajemen puskesmas dan aset menggunakan ISO 27005," Sistemasi: Jurnal Sistem Informasi, vol. 10, no. 1, pp. 13-25, 2021. J. Jonny, A. Ambarwati, and C. Darujati, “Penilaian Risiko Data Sistem Informasi Manajemen Puskesmas dan Aset Menggunakan ISO 27005,” SISTEMASI, vol. 10, no. 1, p. 1, Jan. 2021, doi: 10.32520/stmsi.v10i1.995.

Listartha, I. M. E., Mitha, I. M. A. P., Arta, M. W. A., dan Arimika, I. K. W. Y., "Analisis kerentanan website SMA Negeri 2 Amlapura menggunakan metode OWASP (Open Web Application Security Project)," Jurnal Sistem Informasi dan Sistem Komputer, vol. 7, no. 1, pp. 23-27, 2022. I. M. Edy Listartha, I. M. A. Premana Mitha, M. W. Aditya Arta, and I. Km. W. Yuda Arimika, “Analisis Kerentanan Website SMA Negeri 2 Amlapura Menggunakan Metode OWASP (Open Web Application Security Project),” SIMKOM, vol. 7, no. 1, pp. 23–27, Jan. 2022, doi: 10.51717/simkom.v7i1.63.

A. C. Izumi dan I. R. Widiasari, "'SIASAT' UKSW (Universitas Kristen Satya Wacana) website security analysis using OWASP (Open Web Application Security Project)," Jurnal Teknik Informatika (JUTIF), vol. 3, no. 3, 2022. A. Calvina Izumi and I. R. Widiasari, “‘SIASAT’ UKSW (UNIVERSITAS KRISTEN SATYA WACANA) WEBSITE SECURITY ANALYSIS USING OWASP (OPEN WEB APPLICATION SECURITY PROJECT),” Jurnal Teknik Informatika (JUTIF), vol. 3, no. 3, 2022, doi: 10.20884/1.jutif.2022.3.3.346.

B. Appiah, E. Opoku-Mensah, dan Z. Qin, "SQL injection attack detection using fingerprints and pattern matching technique," in 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), IEEE, Nov. 2017, pp. 583–587. B. Appiah, E. Opoku-Mensah, and Z. Qin, “SQL injection attack detection using fingerprints and pattern matching technique,” in 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), IEEE, Nov. 2017, pp. 583–587. doi: 10.1109/ICSESS.2017.8342983.

A. Kurniawan, "Penerapan framework OWASP dan network forensics untuk analisis, deteksi, dan pencegahan serangan injeksi di sisi host-based," Jurnal Telematika, vol. 14, no. 1, pp. 9-18, 2019. A. Kurniawan, “Penerapan Framework OWASP dan Network Forensics untuk Analisis, Deteksi, dan Pencegahan Serangan Injeksi di Sisi Host-Based,” Jurnal Telematika, vol. 14, no. 1.

R. V. Aditama dan E. S. Negara, "Pemindai kerentanan terhadap website Jago Masak dengan metode pengujian penetrasi OWASP ZAP," Jurnal Mantik, vol. 6, no. 3, pp. 3406-3412, 2022. R. V. Aditama and E. S. Negara, “Pemindai Kerentanan Terhadap Website Jago Masak Dengan Metode Pengujian Penetrasi OWASP ZAP”.

G. C. Utami, A. B. Supramaji, dan K. N. Isnaini, "Penilaian risiko keamanan informasi pada website dengan metode DREAD dan ISO 27005:2018," JUSTINDO (Jurnal Sistem dan Teknologi Informasi Indonesia), vol. 8, no. 1, pp. 47–56, Feb. 2023. Gina Cahya Utami, Aden Bahtiar Supramaji, and Khairunnisak Nur Isnaini, “Penilaian Risiko Keamanan Informasi pada Website dengan Metode DREAD dan ISO 27005:2018,” JUSTINDO (Jurnal Sistem dan Teknologi Informasi Indonesia), vol. 8, no. 1, pp. 47–56, Feb. 2023, doi: 10.32528/justindo.v8i1.219.

H. Sofyan, M. Sugiarto, dan B. M. Akbar, "Implementation of penetration testing on websites to improve security of information assets UPN 'Veteran' Yogyakarta," Telematika: Jurnal Informatika dan Teknologi Informasi, vol. 20, no. 2, pp. 153-162, 2023. I. Uji et al., “Implementation of Penetration testing on Websites to Improve Security of Information Assets UPN ‘Veteran’ Yogyakarta,” Jurnal Informatika dan Teknologi Informasi, vol. 20, no. 2, pp. 153–162, 2023, doi: 10.31515/telematika.v20i2.7757.

K. N. Isnaini dan S. A. Solikhatin, "Information security analysis on physical security in University X using maturity model," Jurnal Informatika, vol. 14, no. 2, pp. 76-84, 2020. K. N. Isnaini and S. A. Solikhatin, “Information security analysis on physical security in university x using maturity model,” Jurnal Informatika, vol. 14, no. 2, p. 76, May 2020, doi: 10.26555/jifo.v14i2.a14434.

I. R. Widiasari, "'SIASAT' UKSW (Universitas Kristen Satya Wacana) website security analysis using OWASP (Open Web Application Security Project)," Jurnal Teknik Informatika (Jutif), vol. 3, no. 3, pp. 763-770, 2022. A. Calvina Izumi and I. R. Widiasari, “‘SIASAT’ UKSW (UNIVERSITAS KRISTEN SATYA WACANA) WEBSITE SECURITY ANALYSIS USING OWASP (OPEN WEB APPLICATION SECURITY PROJECT),” Jurnal Teknik Informatika (JUTIF), vol. 3, no. 3, 2022, doi: 10.20884/1.jutif.2022.3.3.346.

M. F. A. Ramadhan and A. S. Ilmananda, "Analisis Ancaman Keamanan pada Sistem Informasi Akademik Kampus Menggunakan Metode OWASP ZAP," JATI, vol. 8, no. 4, pp. 7985–7991, 2024.

A. Gustiyonoo, E. I. Alwi, and S. M. Abdullah, "Analisa Kerentanan Website Terhadap Serangan Cross-Site Scripting (XSS) Metode Penetration Testing," JATI, vol. 7, no. 1, pp. 25–33, May 2024

R. Rahman and D. F. Razak, "Pengujian Penetrasi Jaringan Menggunakan OWASP ZAP dan SQLMAP untuk Mengidentifikasi Kerentanan Keamanan Website," Jurnal Riset Sistem Informasi, vol. 1, no. 4, pp. 8–11, Oct. 2024.

S. D. Hilda, N. Heryana, and A. A. Ridha, "Website Security Analysis Curug Village Government Using Open Web Application Security Project (OWASP)," JATI, vol. 12, no. 3S1, pp. 3941–3957, 2024.

Downloads

Published

2024-12-31

How to Cite

Sati, D. L., Sita, D. L., & Isnaini, K. N. (2024). Identifikasi Celah Kerentanan Keamanan Pada Website Dengan Metode Pengujian Penetrasi OWASP ZAP. Jurnal RESISTOR (Rekayasa Sistem Komputer), 7(3), 153–161. https://doi.org/10.31598/jurnalresistor.v7i3.1459