<![CDATA[The rapid adoption of e-government systems has increased the exposure of government web applications to cybersecurity threats with the lack of security-focused implementation. Previous studies on web application security assessment commonly using automated vulnerability scanners or validated with another tools, which may produce false positives and fail to provide comprehensive insights. This research addresses this limitation by conducting a structured and multi-target security assessment of regional government web applications. The assessment integrates a systematic penetration testing process with comprehensive web application security testing guidelines. Automated scanning using OWASP ZAP and Arachni was combined with manual validation to ensure the accuracy of findings. The results identified nine validated vulnerabilities in the government portal and public service applications, and ten vulnerabilities in the legal documentation system. A significant portion of initial findings were confirmed as false positives after manual verification, highlighting the limitations of automated tools. The most common vulnerabilities were related to security misconfigurations, including missing security headers, outdated JavaScript libraries, and insecure cookie settings that highlight on weak in configuration hygiene and dependency management in this regional goverment. This study also demonstrates that combining structured penetration testing with detailed validation provides a more accurate and reliable assessment of government web application security.]]>
Copyrights © 2026
