<![CDATA[In the context of educational digitalization, data security becomes a critical factor, particularly in protecting sensitive information such as financial transactions and user data. Therefore, it is essential to conduct an in-depth evaluation of application security aspects. This study aims to assess the system’s security level through the implementation of penetration testing based on the OWASP Top 10 standard. The testing was carried out using OWASP Zed Attack Proxy (ZAP) version 2.16.1 with a black-box testing approach. The results revealed several medium-level vulnerabilities, including Cookie Without Secure Flag, Content Security Policy (CSP) Header Not Set, and Missing Anti-clickjacking Header. This research provides mitigation recommendations to enhance application security, such as reconfiguring security headers, implementing Secure and HttpOnly flags, and applying a Content Security Policy (CSP).]]>
Copyrights © 2026
