Infotech: Journal of Technology Information
Vol 12, No 1 (2026): JUNI

ANALISIS KERENTANAN APLIKASI WEB MODERN MENGGUNAKAN BLACK-BOX PENETRATION TESTING BERBASIS OWASP TOP 10:2025

Asruddin Rudi (Universitas Bung Karno)
Mirza Sutrisno (Universitas Muhammadiyah Jakarta)
Ade Davy Wiranata (Universitas Muhammadiyah Prof. Dr. HAMKA, Jakarta)
Anton Maulana Ibrahim (Politeknik Mitra Karya Mandiri)



Article Info

Publish Date
20 Jun 2026

Abstract

Web application security has become a critical concern as cyber threats evolve in sophistication and frequency. This study analyzes vulnerabilities in modern web applications using the black-box penetration testing method based on the OWASP Top 10:2025 framework within an isolated environment. The research employs VulnApp, an intentionally vulnerable web application deployed as a controlled research target, tested using three open-source DAST tools: Nmap, Nikto, and manual exploitation techniques following stages of reconnaissance, scanning, exploitation, and reporting. Results indicate 24 verified vulnerabilities distributed across 8 of 10 OWASP Top 10:2025 categories, with the combination of tools achieving a Detection Rate (DR) of 83.3%, F1-Score of 0.889, and a Risk Score Composite (RSC) of 7.39, indicating a high-risk application profile. The highest severity findings were identified in Injection (A05, CVSS 9.8), Authentication Failures (A07, CVSS 8.8), and Broken Access Control (A01, CVSS 8.1). The isolated containerized environment proved effective as a reproducible and legally compliant research laboratory.

Copyrights © 2026






Journal Info

Abbrev

infoteh

Publisher

Subject

Computer Science & IT

Description

Jurnal Infotech adalah jurnal ilmiah yang berisi hasil penelitian yang ditulis oleh dosen, peneliti dan praktisi. Jurnal ini diharapkan untuk mengembangkan penelitian dan memberikan kontribusi yang berarti untuk meningkatkan sumber daya penelitian di bidang Teknologi Informasi dan Ilmu Komputer. ...