Website Security Analysis Using Vulnerability Assessment Method
In today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this resear...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Pusat Penelitian dan Pengabdian Masyarakat (P3M), Politeknik Negeri Cilacap
2024-12-01
|
| Series: | Journal of Innovation Information Technology and Application |
| Subjects: | |
| Online Access: | https://ejournal.pnc.ac.id/index.php/jinita/article/view/2476 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850094749400170496 |
|---|---|
| author | Haeruddin Gautama Wijaya Hendra Winata Sukma Aji Muhammad Nur Faiz |
| author_facet | Haeruddin Gautama Wijaya Hendra Winata Sukma Aji Muhammad Nur Faiz |
| author_sort | Haeruddin |
| collection | DOAJ |
| description | In today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this research was vulnerability assessment. It will involve gathering information with the tools such as, Nmap, whois and nslookup. OWASP ZAP detected 11 vulnerabilities, categorized into 6 medium level and 5 low level, including Content Security Policies (CSP) and anti-clickjacking headers. Otherwise, Nessus only detected one medium level vulnerability, the absence of HTTP Strict Transport Security (HSTS). The difference in detection results from the tools that OWASP ZAP is better at finding web application weakness that are consistent with the OWASP Top Ten 2021, while Nessus specifically targets server and network configuration. For educational institutions, these results emphasize the importance of conducting regular vulnerability assessment to protect sensitive data. Recommended action include implementing CSP to prevent Cross-site scripting (XSS) and other injection attacks, enforcing HSTS to secure communication, and its recommend to updating software to mitigate the unknown vulnerabilities. By adopting these measures, institutions can reduce their exposure to cyber attacks, its also can maintain user trust, and strengthen overall security. This research provides a pratical framework for stregthening the security of educational websites against evolving threats. These findings highlight that the importance of using multiple tools can provide a more comprehensive view of security gaps. |
| format | Article |
| id | doaj-art-18f851d4d25a4080a4731d982d2ad10c |
| institution | DOAJ |
| issn | 2716-0858 2715-9248 |
| language | English |
| publishDate | 2024-12-01 |
| publisher | Pusat Penelitian dan Pengabdian Masyarakat (P3M), Politeknik Negeri Cilacap |
| record_format | Article |
| series | Journal of Innovation Information Technology and Application |
| spelling | doaj-art-18f851d4d25a4080a4731d982d2ad10c2025-08-20T02:41:36ZengPusat Penelitian dan Pengabdian Masyarakat (P3M), Politeknik Negeri CilacapJournal of Innovation Information Technology and Application2716-08582715-92482024-12-016217318010.35970/jinita.v6i2.24762476Website Security Analysis Using Vulnerability Assessment MethodHaeruddin0Gautama Wijaya1Hendra Winata2Sukma Aji3Muhammad Nur Faiz4Universitas Internasional BatamUniversitas Internasional BatamUniversitas Internasional BatamUniversitas Muhammadiyah SidoarjoPoliteknik Negeri CilacapIn today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this research was vulnerability assessment. It will involve gathering information with the tools such as, Nmap, whois and nslookup. OWASP ZAP detected 11 vulnerabilities, categorized into 6 medium level and 5 low level, including Content Security Policies (CSP) and anti-clickjacking headers. Otherwise, Nessus only detected one medium level vulnerability, the absence of HTTP Strict Transport Security (HSTS). The difference in detection results from the tools that OWASP ZAP is better at finding web application weakness that are consistent with the OWASP Top Ten 2021, while Nessus specifically targets server and network configuration. For educational institutions, these results emphasize the importance of conducting regular vulnerability assessment to protect sensitive data. Recommended action include implementing CSP to prevent Cross-site scripting (XSS) and other injection attacks, enforcing HSTS to secure communication, and its recommend to updating software to mitigate the unknown vulnerabilities. By adopting these measures, institutions can reduce their exposure to cyber attacks, its also can maintain user trust, and strengthen overall security. This research provides a pratical framework for stregthening the security of educational websites against evolving threats. These findings highlight that the importance of using multiple tools can provide a more comprehensive view of security gaps.https://ejournal.pnc.ac.id/index.php/jinita/article/view/2476cybersecurity in educationvulnerability assessmentowasp zapnessusweb application security |
| spellingShingle | Haeruddin Gautama Wijaya Hendra Winata Sukma Aji Muhammad Nur Faiz Website Security Analysis Using Vulnerability Assessment Method Journal of Innovation Information Technology and Application cybersecurity in education vulnerability assessment owasp zap nessus web application security |
| title | Website Security Analysis Using Vulnerability Assessment Method |
| title_full | Website Security Analysis Using Vulnerability Assessment Method |
| title_fullStr | Website Security Analysis Using Vulnerability Assessment Method |
| title_full_unstemmed | Website Security Analysis Using Vulnerability Assessment Method |
| title_short | Website Security Analysis Using Vulnerability Assessment Method |
| title_sort | website security analysis using vulnerability assessment method |
| topic | cybersecurity in education vulnerability assessment owasp zap nessus web application security |
| url | https://ejournal.pnc.ac.id/index.php/jinita/article/view/2476 |
| work_keys_str_mv | AT haeruddin websitesecurityanalysisusingvulnerabilityassessmentmethod AT gautamawijaya websitesecurityanalysisusingvulnerabilityassessmentmethod AT hendrawinata websitesecurityanalysisusingvulnerabilityassessmentmethod AT sukmaaji websitesecurityanalysisusingvulnerabilityassessmentmethod AT muhammadnurfaiz websitesecurityanalysisusingvulnerabilityassessmentmethod |