Analisis Kerentanan Web Menggunakan ZAP oleh Checkmarx pada Website FIKSI (Fakultas Ilmu Komputer dan Sistem Informasi) Universitas Kebangsaan Republik Indonesia

M. Abie Rafdi Fauzy; Restu Rahmat Fajri; Rian Hidayat; Salsabila Rosnie; Thomas Aldi Fikri; Subhanjaya Angga Atmaja

doi:10.70292/pctif.v3i1.68

Analisis Kerentanan Web Menggunakan ZAP oleh Checkmarx pada Website FIKSI (Fakultas Ilmu Komputer dan Sistem Informasi) Universitas Kebangsaan Republik Indonesia

Authors

M. Abie Rafdi Fauzy Universitas Kebangsaan Republik Indonesia
Restu Rahmat Fajri Universitas Kebangsaan Republik Indonesia
Rian Hidayat Universitas Kebangsaan Republik Indonesia
Salsabila Rosnie Universitas Kebangsaan Republik Indonesia
Thomas Aldi Fikri Universitas Kebangsaan Republik Indonesia
Subhanjaya Angga Atmaja Universitas Kebangsaan Republik Indonesia

DOI:

https://doi.org/10.70292/pctif.v3i1.68

Keywords:

Web Application Security, ZAP, OWASP, Vulnerabilities, Automated Scanning, Moment.Js, CORS

Abstract

This study aims to identify and analyze security vulnerabilities in faculty web applications using the Zed Attack Proxy (ZAP) automated tool developed by OWASP and now managed by Checkmarx. Using a descriptive quantitative approach, a scan was conducted on the public domain cdnjs.cloudflare.com which has a technical structure similar to the faculty web system. The scan results found four vulnerabilities, namely: use of a vulnerable JavaScript library (moment.js) (high risk), insecure Cross-Origin Resource Sharing (CORS) configuration (medium risk), suspicious comments in the code (informational risk), and inappropriate cache settings (informational risk). These findings are analyzed based on the OWASP Top 10 categories, and are complemented by mitigation recommendations for each risk. In addition, a visualization of the distribution of alerts is presented based on the level of risk and confidence. The results of this study emphasize the importance of routine scanning and manual validation in maintaining the security of higher education institution web applications.

Downloads

Published

10-07-2025

How to Cite

M. Abie Rafdi Fauzy, Restu Rahmat Fajri, Rian Hidayat, Salsabila Rosnie, Thomas Aldi Fikri, & Subhanjaya Angga Atmaja. (2025). Analisis Kerentanan Web Menggunakan ZAP oleh Checkmarx pada Website FIKSI (Fakultas Ilmu Komputer dan Sistem Informasi) Universitas Kebangsaan Republik Indonesia. Journal on Pustaka Cendekia Informatika, 3(1), 141–147. https://doi.org/10.70292/pctif.v3i1.68

Download Citation

Issue

Vol. 3 No. 1 (2025): Journal on Pustaka Cendekia Informatika: Volume 3 Nomor 1 February - May 2025

Section

Articles

Analisis Kerentanan Web Menggunakan ZAP oleh Checkmarx pada Website FIKSI (Fakultas Ilmu Komputer dan Sistem Informasi) Universitas Kebangsaan Republik Indonesia

Authors

DOI:

Keywords:

Abstract

Downloads

Published

How to Cite

Issue

Section

Most read articles by the same author(s)

Submition

Menu

wa

Template

information

Tools

Flag

Indexing

Make a Submission