Journal on Pustaka Cendekia Informatika
Vol. 3 No. 1 (2025): Journal on Pustaka Cendekia Informatika: Volume 3 Nomor 1 February - May 2025

Analisis Kerentanan Web Menggunakan ZAP oleh Checkmarx pada Website FIKSI (Fakultas Ilmu Komputer dan Sistem Informasi) Universitas Kebangsaan Republik Indonesia

M. Abie Rafdi Fauzy (Unknown)
Restu Rahmat Fajri (Unknown)
Rian Hidayat (Unknown)
Salsabila Rosnie (Unknown)
Thomas Aldi Fikri (Unknown)
Subhanjaya Angga Atmaja (Unknown)

Article Info

Publish Date
10 Jul 2025

Abstract

This study aims to identify and analyze security vulnerabilities in faculty web applications using the Zed Attack Proxy (ZAP) automated tool developed by OWASP and now managed by Checkmarx. Using a descriptive quantitative approach, a scan was conducted on the public domain cdnjs.cloudflare.com which has a technical structure similar to the faculty web system. The scan results found four vulnerabilities, namely: use of a vulnerable JavaScript library (moment.js) (high risk), insecure Cross-Origin Resource Sharing (CORS) configuration (medium risk), suspicious comments in the code (informational risk), and inappropriate cache settings (informational risk). These findings are analyzed based on the OWASP Top 10 categories, and are complemented by mitigation recommendations for each risk. In addition, a visualization of the distribution of alerts is presented based on the level of risk and confidence. The results of this study emphasize the importance of routine scanning and manual validation in maintaining the security of higher education institution web applications.

Copyrights © 2025




Citation Download
RIS
EndNote, Reference Manager, ProCite
BibTex
Latex, Jabref
Original Source
Download Original
Google Scholar
Check in Google Scholar
Journal Info
Journal on Pustaka Cendekia Informatika
Website

Abbrev

pcif

Publisher

PT Pustaka Cendekia Group

Subject

Aerospace Engineering Automotive Engineering Chemical Engineering, Chemistry & Bioengineering Electrical & Electronics Engineering Industrial & Manufacturing Engineering

Description

Journal on Pustaka Cendekia Informatika (PCIF) is published by the PT PUSTAKA CENDEKIA GROUP (NOMOR : AHU-012686.AH.01.30.Tahun 2023) in helping academics, researchers, and practitioners to disseminate their research results. PCIF is a double blind peer-reviewed journal dedicated to publishing ...