Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal Journal on Pustaka Cendekia Informatika
M. Abie Rafdi Fauzy
Unknown Affiliation
Aerospace Engineering Automotive Engineering Chemical Engineering, Chemistry & Bioengineering Electrical & Electronics Engineering Industrial & Manufacturing Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Analisis Kerentanan Web Menggunakan ZAP oleh Checkmarx pada Website FIKSI (Fakultas Ilmu Komputer dan Sistem Informasi) Universitas Kebangsaan Republik Indonesia M. Abie Rafdi Fauzy; Restu Rahmat Fajri; Rian Hidayat; Salsabila Rosnie; Thomas Aldi Fikri; Subhanjaya Angga Atmaja
Journal on Pustaka Cendekia Informatika Vol. 3 No. 1 (2025): Journal on Pustaka Cendekia Informatika: Volume 3 Nomor 1 February - May 2025
Publisher : PT Pustaka Cendekia Group

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.70292/pctif.v3i1.68

Abstract

This study aims to identify and analyze security vulnerabilities in faculty web applications using the Zed Attack Proxy (ZAP) automated tool developed by OWASP and now managed by Checkmarx. Using a descriptive quantitative approach, a scan was conducted on the public domain cdnjs.cloudflare.com which has a technical structure similar to the faculty web system. The scan results found four vulnerabilities, namely: use of a vulnerable JavaScript library (moment.js) (high risk), insecure Cross-Origin Resource Sharing (CORS) configuration (medium risk), suspicious comments in the code (informational risk), and inappropriate cache settings (informational risk). These findings are analyzed based on the OWASP Top 10 categories, and are complemented by mitigation recommendations for each risk. In addition, a visualization of the distribution of alerts is presented based on the level of risk and confidence. The results of this study emphasize the importance of routine scanning and manual validation in maintaining the security of higher education institution web applications.
Co-Authors Restu Rahmat Fajri Rian Hidayat Salsabila Rosnie Subhanjaya Angga Atmaja Thomas Aldi Fikri