Security Vulnerability Analysis of the Sharia Crowdfunding Website Using OWASP-ZAP

Nurbojatmiko,; Lathifah, Ari; Amri, Faaza Bil; Rosidah, Ani

doi:10.1109/citsm56380.2022.9935837

Cited by 6 publications

(5 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Figure 1 presents the updated top 10 vulnerabilities from 2017 to 2021 [16]. Because OWASP's security standards are thorough and specific dependent on the configuration of the website page and server, the OWASP TOP 10 approach is effective as a security standard for carrying out penetration testing on a website [17]. The main reason behind broken access control vulnerability is failing to adhere to secure design principles like enforce appropriate input validation and take action to limit critical information disclosure, setting up secure sessions, and management, control of the readability of the directory [18].…”

Section: Owasp Top 10mentioning

confidence: 99%

Common Vulnerabilities and Exposures Assessment of Private Higher Educational Institutions Using Web Application Security

Ellen F. Mangaoang

2024

jes

View full text Add to dashboard Cite

The advancements in technology has led to advancements in threats and vulnerabilities as well. Academic websites are not spared from this. This study aims to evaluate the common vulnerabilities and exposures of private higher educational institution’s website using Open Web Application Security Project. Seven private higher education institutions were evaluated using Open Web Application Security Project Zed Attack Proxy and Open Web Application Security Project top 10. The top vulnerabilities the higher educational institutions were exposed to were broken access control, insecure design and software and data integrity failures. There were two higher educational institutions with high level of risks. Also, a total of thirty-two risks or vulnerabilities were identified in the study. The identification of vulnerabilities or exposures in websites will help the private schools to become aware of possible cyberattacks to their institution’s website. This will help the institution to identify and prevent further loss or damage.

show abstract

Section: Owasp Top 10mentioning

confidence: 99%

Common Vulnerabilities and Exposures Assessment of Private Higher Educational Institutions Using Web Application Security

Ellen F. Mangaoang

2024

jes

View full text Add to dashboard Cite

show abstract

“…2). Open Web Application Security Project Zed Attack Proxy (OWASP ZAP) is an open-source tool that is useful for finding vulnerabilities in a website application [25] [26]. The stages of its use consist of 5 steps, namely 1) Input -enter the hostname/host ID as input to attack; 2) Scan -application scan; 3) Discover -find application loopholes; 4) Analysisthe process of analyzing the findings by categorizing them into low, medium, high, and information; 5) Result -final result [27], [28].…”

Section: B Smart Contractmentioning

confidence: 99%

“…Further testing of dApps using the OWASP ZAP tool. The last is to analyze the resulting DApps.Open Web Application Security Project Zed Attack Proxy (OWASP ZAP) is an open-source tool that is useful for finding vulnerabilities in a website application[25][26]. The stages of its use consist of 5 steps, namely 1) Input -enter the hostname/host ID as input to attack; 2) Scan -application…”

mentioning

confidence: 99%

A Prototype of Decentralized Applications (DApps) Population Management System Based on Blockchain and Smart Contract

Saian,

Sembiring,

Manongga

2024

JOIV : Int. J. Inform. Visualization

View full text Add to dashboard Cite

The Indonesian population reached 270,20 million in 2020. Each resident is equipped with various secret identities. The COVID-19 pandemic has made all activities use technology as a basis, causing residents' identities to be stored digitally. Some applications that keep these identities experience data leaks. However, with the advent of Web3 and its emphasis on decentralization through blockchain, a new era of secure data management is possible. Blockchain, with its inherent security features, ensures that data stored is secure, difficult to damage or lose due to mutual consensus. Every transaction is recorded, making it easy to carry out the audit process. Therefore, this research will design and implement prototype dApps for secure population management, leveraging the superior security of blockchain technology. The initial stage of research is to conduct a literature study. Furthermore, it is to create designs such as system, infrastructure, and activity diagrams. Then do the development of the dApps prototype. The last is testing using OWASP ZAP and cost analysis. A dApps prototype was implemented on a blockchain. Every transaction is recorded and publicly viewable through the Etherscan platform. Other data stored on a blockchain have gone through an AES-256 encryption process with the data owner's account key so that the owner can only see the data. The results of the tests performed show that there is no high-level warning. The cost analysis results show that the most used costs are when deploying smart contracts and making new data. For further development, it is implementing permissionless blockchain and multi-accounts.

show abstract

“…Hasil pengujian menunjukkan variasi tingkat kerentanan, dengan solusi yang telah diusulkan untuk meningkatkan keamanan situs web. Penelitian ini menggunakan metode pengujian keamanan, alat-alat, dan fokus pada kerentanan khusus seperti SQL injection dan XSS, serta memanfaatkan kerangka kerja untuk mendeteksi dan mencegah kerentanan dalam perangkat lunak sistem [13].…”

Section: Pendahuluanunclassified

Penetration Testing Keamanan Website Stie Samarinda Menggunakan Teknik SQL Injection Dan XSS

Anugrah

2024

JITET

View full text Add to dashboard Cite

Website universitas memiliki banyak data dan informasi yang disimpan di dalamnya seperti data mahasiswa, data dosen, data staff, kurikulum, dan yang lainnya. Website sebagai alat untuk menyebarkan data dan informasi tersebut, oleh karena itu penting untuk menguji keamanan suatu website universitas. Terdapat banyak teknik ancaman penetrasi ke dalam suatu website yaitu SQL injection, XSS, dan yang lainnya. Untuk mengatasi masalah tersebut, peneliti melakukan analisis kerentanan keamanan website STIE Samarinda dengan Penetration Testing yang berfokus kepada teknik SQL Injection dan XSS. Terdapat 14 fitur form yang memiliki kerentanan terhadap teknik penetrasi SQL Injection dan XSS. Analisis kerentanan keamanan dengan teknik lainnya diperlukan untuk memahami lebih lanjut mengenai keamanan website STIE Samarinda.

show abstract

Security Vulnerability Analysis of the Sharia Crowdfunding Website Using OWASP-ZAP

Cited by 6 publications

References 23 publications

Common Vulnerabilities and Exposures Assessment of Private Higher Educational Institutions Using Web Application Security

Common Vulnerabilities and Exposures Assessment of Private Higher Educational Institutions Using Web Application Security

A Prototype of Decentralized Applications (DApps) Population Management System Based on Blockchain and Smart Contract

Penetration Testing Keamanan Website Stie Samarinda Menggunakan Teknik SQL Injection Dan XSS

Contact Info

Product

Resources

About