PENGUJIAN PENETRASI JARINGAN MENGGUNAKAN OWASP ZAP DAN SQLMAP UNTUK MENGIDENTIFIKASI KERENTANAN KEAMANAN WEBSITE
DOI:
https://doi.org/10.69714/e4rhmk70Keywords:
OWASP ZAP, SQLMAP, VulnerabilitiesAbstract
Web application security is becoming increasingly critical amidst increasing cyber threats that can result in data leakage and other losses. This research aims to identify and exploit security vulnerabilities in a web application using two popular tools, OWASP ZAP and SQLMAP. OWASP ZAP is used to find various vulnerabilities such as Cross-Site Scripting (XSS) and insecure configuration, while SQLMAP is focused on the detection and exploitation of SQL Injection vulnerabilities. Through a series of automated scans and in-depth analysis, this research successfully identified several vulnerabilities with medium and low risk levels. The test results show that both tools are effective in identifying vulnerabilities, providing important insights into mitigation steps that need to be taken to improve web application security. This research also emphasizes the importance of input validation and sanitization, the use of parameterized queries, and security configuration updates as key mitigation measures. The findings are expected to contribute to improved security practices in web application development and reduce the risk against cyberattacks.
References
Fajarino, Y. N. Kunang, H. M. Yudha, E. S. Negara, and N. R. Damayanti, “Evaluasi dan Peningkatan Keamanan Pada Sistem Informasi Akademik Universitas XYZ Palembang,” J-SAKTI (Jurnal Sains Komputer dan Informatika), vol. 7, no. 2, pp. 991–1005, Sep. 2023, doi: https://doi.org/10.30645/j-sakti.v7i2.702.
A. Fadlil, I. Riadi, and M. A. Mu’min, “Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework,” International Journal of Engineering, vol. 37, no. 4, pp. 635–645, Apr. 2024, doi: https://doi.org/10.5829/ije.2024.37.04a.06.
S. K. Rakshit, Ethical Hacker’s Penetration Testing Guide: Vulnerability Assessment and Attack Simulation on Web, Mobile, Network Services and Wireless Networks (English Edition). BPB Publications, 2022. Accessed: Jun. 18, 2024. [Online]. Available: https://books.google.co.id/books?hl=en&lr=&id=ZetwEAAAQBAJ&oi=fnd&pg=PP26&dq=OWASP+ZAP+%26+SQLMAP&ots=THf_TEK1o_&sig=3-32OQm4eY7lW6iUlXBjGJGtO0M&redir_esc=y#v=onepage&q=OWASP%20ZAP%20%26%20SQLMAP&f=false
Rezshal Hidayah. “Hardening Web Aplikasi Dengan Menggunakan OWASP Security Testing Guide (WSTG) Pada Website ABC.” 2021.
Rafeli, A. I., Seta, H. B., & Widi, I. W. “Pengujian Celah Keamanan Menggunakan Metode OWASP Web Security Testing Guide (WSTG) pada Website XYZ.” Informatik: Jurnal Ilmu Komputer, 18(2), 97-103. 2022.
M. Rizki, “POLITEIA : Jurnal Ilmu Politik Perkembangan Sistem Pertahanan / Keamanan Siber Indonesia dalam Menghadapi Tantangan Perkembangan Teknologi dan Informasi,” vol. 14, no. 1, pp. 54–62, 2022.
Kho, Y., & Hernawan, F. Y. (2019). Bug Hunting 101 - Web Application Security Testing. AlFursanID.
