Web Security Vulnerability Analysis and Mitigation Based on OWASP TOP 10

Authors

  • M.Syarifudin Universitas Bumigora
  • Lilik Widyawati Universitas Bumigora
  • Ondi Asroni Universitas Bumigora

DOI:

https://doi.org/10.59934/jaiea.v4i3.1029

Keywords:

Information Security, Website, OWASP TOP 10, Penetration Testing

Abstract

Information security is present as one of the main pillars in the challenges of the current era of technological development, especially on websites used by XYZ institutions. This study aims to test system security using penetration testing techniques with the latest standards, namely using OWASP TOP 10 in evaluating its security. The methods used in this research include scope, information gathering, vulnerability analysis, exploit, report and remediation, and testing is carried out based on the vulnerabilities obtained during vulnerability analysis according to the list of 10 types of vulnerabilities found in the OWASP Top 10 2021. The results showed that the system still has several security gaps consisting of security misconfiguration, vulnerable and outdated components, and identification and authentication failures. With appropriate improvements, the system can be more secure in the face of cyberattacks and maintain the confidentiality of mustahik data (zakat distributors). This research is expected to be a reference for system developers in improving the security of web-based applications, especially in the context of data protection.

Downloads

Download data is not yet available.

References

S. Sabariman, H. Haeruddin, and D. Lee, “Analisis Kerentanan Aplikasi Akademik Berbasis Website Xyz Menggunakan Owasp,” J. Khatulistiwa Inform., vol. 11, no. 2, pp. 92–102, 2024, doi: 10.31294/jki.v11i2.20194.

BSSN, “Lanskap Keamanan Siber Indonesia,” no. 70, 2024, [Online]. Available: https://www.bssn.go.id/wp-content/uploads/2024/03/Lanskap-Keamanan-Siber-Indonesia-2023.pdf

P. Studi et al., “ANALISIS PERKEMBANGAN KEAMANAN SIBER DAMPAK DARI KEBOCORAN DATA PUSAT DATA NASIONAL SEMENTARA 2 SURABAYA ASSESSING AND UNDERSTANDING THE CURRENT SITUATION : ANALYSIS OF CYBER SECURITY DEVELOPMENTS THE IMPACT OF THE,” vol. 2, no. June, 2024.

F. Rahman Najwa, “Analisis Hukum Terhadap Tantangan Keamanan Siber: Studi Kasus Penegakan Hukum Siber di Indonesia,” AL-BAHTS J. Ilmu Sos. Polit. dah Huk., vol. 2, no. 1, pp. 8–16, 2024, doi: 10.32520/albahts.v2i1.3044.

S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),” J. Algoritm., vol. 18, no. 1, pp. 77–86, 2021, doi: 10.33364/algoritma/v.18-1.827.

B. Wicaksono, Y. R. Kusumaningsih, and C. Iswahyudi, “Pengujian Celah Keamanan Aplikasi Berbasis Web Menggunakan Teknik Penetration Testing Dan DAST (Dynamic Application Security Testing),” J. Jarkom, vol. 8, no. 1, pp. 1–9, 2020, [Online]. Available: https://journal.akprind.ac.id/index.php/jarkom/article/view/2755/2103

J. J. B. H. Yum Thurfah Afifa Rosaliah, “Pengujian Celah Keamanan Website Menggunakan Teknik Penetration Testing dan Metode OWASP TOP 10 pada Website SIM,” Senamika, vol. 2, no. September, pp. 752–761, 2021.

S. Andriansyah and Nurhasanah, “Seminar Nasional Industri dan Teknologi (SNIT), Politeknik Negeri Bengkalis,” Konsep Desain Menentukan Hull Type, Mater. Dan Propulsi Unmanned Surf. Veh. Untuk Patroli Di Wil. Rokan Hiir Dengan Metod. Desicion Tree, no. Lcm, pp. 478–486, 2020.

J. Greig, “Dmitry - Deepmagic Information Gathering Tool.” [Online]. Available: https://github.com/jaygreig86/dmitry

I. Abdurrohim, “Penetration Testing Sistem Keamanan Aplikasi Web Berbasis e-Commerce Pada Perusahaan Hptasik,” J. Ilmu Komput., vol. 1, no. March, pp. 125–131, 2019.

S. Utoro, B. A. Nugroho, M. Meinawati, and S. R. Widianto, “Analisis Keamanan Website E-Learning SMKN 1 Cibatu Menggunakan Metode Penetration Testing Execution Standard,” Multinetics, vol. 6, no. 2, pp. 169–178, 2020, doi: 10.32722/multinetics.v6i2.3432.

M. Noval, R. Darmawan, Y. Muhyidin, and D. Singasatia, “Analisis Keamanan Web Sman 1 Wanayasa Menggunakan Sqlmapdengan Metode Penetration Testing Execution Standard (Ptes),” vol. 2, pp. 110–121, 2024, [Online]. Available: https://jurnal.kolibi.org/index.php/scientica/article/view/2748/2658

Downloads

Published

2025-06-15

How to Cite

M.Syarifudin, Widyawati, L. ., & Asroni, O. (2025). Web Security Vulnerability Analysis and Mitigation Based on OWASP TOP 10. Journal of Artificial Intelligence and Engineering Applications (JAIEA), 4(3), 1829–1834. https://doi.org/10.59934/jaiea.v4i3.1029

Issue

Vol. 4 No. 3 (2025): June 2025

Section

Articles

License

Copyright (c) 2025 Journal of Artificial Intelligence and Engineering Applications (JAIEA)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.