Website Security Analysis Using Vulnerability Assessment Method

Website Security Analysis Using Vulnerability Assessment Method

In today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This  research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this resear...

Full description

Saved in:
Bibliographic Details
Main Authors: Haeruddin, Gautama Wijaya, Hendra Winata, Sukma Aji, Muhammad Nur Faiz
Format: Article
Language:English
Published: Pusat Penelitian dan Pengabdian Masyarakat (P3M), Politeknik Negeri Cilacap 2024-12-01
Series:Journal of Innovation Information Technology and Application
Subjects:
cybersecurity in education
vulnerability assessment
owasp zap
nessus
web application security
Online Access:https://ejournal.pnc.ac.id/index.php/jinita/article/view/2476
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This  research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this research was vulnerability assessment. It will involve gathering information with the tools such as, Nmap, whois and nslookup. OWASP ZAP detected 11 vulnerabilities, categorized into 6 medium level and 5 low level, including Content Security Policies (CSP) and anti-clickjacking headers. Otherwise, Nessus only detected one medium level vulnerability, the absence of HTTP Strict Transport Security (HSTS). The difference in detection results from the tools that OWASP ZAP is better at finding web application weakness that are consistent with the OWASP Top Ten 2021, while Nessus specifically targets server and network configuration. For educational institutions, these results emphasize the importance of conducting regular vulnerability assessment to protect sensitive data. Recommended action include implementing CSP to prevent Cross-site scripting (XSS) and other injection attacks, enforcing HSTS to secure communication, and its recommend to updating software to mitigate the unknown vulnerabilities. By adopting these measures, institutions can reduce their exposure to cyber attacks, its also can maintain user trust, and strengthen overall security. This research provides a pratical framework for stregthening the security of educational websites against evolving threats. These findings highlight that the importance of using multiple tools can provide a more comprehensive view of security gaps.
ISSN:2716-0858
2715-9248

Similar Items