Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal Journal on Pustaka Cendekia Informatika
Syifa Khofifah
Unknown Affiliation
Aerospace Engineering Automotive Engineering Chemical Engineering, Chemistry & Bioengineering Electrical & Electronics Engineering Industrial & Manufacturing Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Analisis Kerentanan Web Menggunakan ZAP oleh Checkmarx pada Situs Kuliah Daring LMS Universitas Kebangsaan Republik Indonesia: Penelitian Mughni Al Muzaki; Reksi Zender Perdian; Rohman Fajar; Saripah; Syifa Khofifah; Subhanjaya Angga Atmaja
Journal on Pustaka Cendekia Informatika Vol. 3 No. 1 (2025): Journal on Pustaka Cendekia Informatika: Volume 3 Nomor 1 February - May 2025
Publisher : PT Pustaka Cendekia Group

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.70292/pctif.v3i1.63

Abstract

This study aims to conduct a security analysis on the online lecture site using the ZAP (Zed Attack Proxy) tool version 2.16.1, developed by OWASP and distributed by Checkmarx. The method used is black-box testing with an active scanning approach to identify security vulnerabilities that may exist in the application. The scanning process was carried out on all main pages and site resources, paying attention to various aspects such as HTTP headers, session management, JavaScript library usage, and other security configurations. The results of the scanning process showed 14 potential vulnerabilities classified into four risk levels: high (1 finding), medium (4 finding), low (6 finding), and informational (3 finding). The most significant findings were the use of a vulnerable (outdated) JavaScript library, the absence of a content security policy (CSP), and deficiencies in the implementation of important HTTP headers such as X-Frame-Options, Strict-Transport-Security, and X-Content-Type-Options. In addition, weaknesses in cookie attributes and the use of external JavaScript files without adequate source control were also found. Based on these results, a series of recommendations were developed that adhere to OWASP standards, including updating software libraries, reconfiguring security headers, strengthening session management, and implementing more secure cache policies.
Co-Authors Mughni Al Muzaki Reksi Zender Perdian Rohman Fajar Saripah Subhanjaya Angga Atmaja