<![CDATA[Background: The advancement of information and electronic systems has significantly transformed export and import processes. In Indonesia, the Lembaga National Single Window (LNSW) plays a pivotal role in facilitating international trade by integrating procedures and information related to exports, imports, and document flows. Objective: This study aims to assess the security of LNSW’s export and import application by identifying vulnerabilities based on the Open Web Application Security Project (OWASP) Top 10 framework. It also compares the effectiveness of Static Application Security Testing (SAST) using SonarQube and Dynamic Application Security Testing (DAST) using ZAP (Zed Attack Proxy) in detecting various types of vulnerabilities. Methods: The analysis involved the use of SonarQube for source code scanning and ZAP for runtime testing. Each detected vulnerability was evaluated using the Common Vulnerability Scoring System (CVSS) to determine its severity level. Recommended mitigation strategies were provided accordingly. Results: A total of eight vulnerabilities were identified, comprising two High-severity and six Medium-severity issues. SonarQube proved more effective in detecting Identification and Authentication Failures (three instances), while ZAP excelled in identifying Vulnerable and Outdated Components (two instances). Notably, each tool uncovered four unique types of vulnerabilities that the other did not detect. Conclusion: These findings highlight the practical benefits of combining SAST and DAST techniques. By integrating both approaches, organizations can achieve a more comprehensive and reliable security assessment, ultimately leading to more resilient software systems. ]]>
Copyrights © 2026
