<![CDATA[Academic websites serve as central platforms for managing higher education services, including academic records, financial data, and institutional communication. However, such systems are increasingly vulnerable to cyberattacks due to their internet exposure and insufficient protection against security flaws. This study proposes an integrated solution that combines automated scanning with OWASP ZAP and a local artificial intelligence model (Mistral) executed via the Ollama platform. The entire process is automated using Python scripting, covering stages such as spidering, active scanning, JSON result extraction, and AI-based mitigation recommendation generation. The research was conducted on the Global Academic Information System website. The scan results revealed a total of 193 vulnerabilities, including 4 high, 8 medium, 111 low, and 70 informational risks. Each vulnerability was analyzed using the local AI model to produce specific technical recommendations, such as adding security headers, implementing CSRF tokens, and configuring secure cookies. All outputs were automatically compiled into a structured Excel report suitable for developers. This approach proves effective in streamlining the security audit process, reducing manual workload, and preserving data privacy, as all operations are conducted locally without reliance on cloud services. The study demonstrates that integrating OWASP methods with local AI provides a practical, adaptive, and standalone solution for web application security testing.]]>
Copyrights © 2025
