Analisis Kerentanan Website SMK Muhammadiyah 2 Bontoala Makassar Menggunakan Metode OWASP (Open Web Application Security Project)
Abstract
The official website of SMK Muhammadiyah 2 Bontoala Makassar plays a crucial role as a medium for information and services. However, its significance is often not matched by a verified security posture. The primary problem addressed in this study is the potential for unidentified cybersecurity vulnerabilities on the website, which malicious actors could exploit. To address this problem, a systematic vulnerability analysis was conducted based on the Open Web Application Security Project (OWASP) Top 10 framework. The testing process combined automated scanning using the OWASP ZAP tool with manual validation via penetration testing to ensure the accuracy of the findings. The assessment successfully identified several critical security flaws, primarily in the categories of Cross-Site Scripting (XSS) (A03:2021), Security Misconfiguration (A05:2021), and Vulnerable and Outdated Components (A06:2021). These vulnerabilities directly expose the website to risks of data breaches, unauthorized content modification, and service disruption. This study concludes by providing concrete technical recommendations for administrators to mitigate the identified vulnerabilities and strengthen the website's overall security posture.
Downloads
References
OWASP Foundation, “OWASP Top 10:2021 The Ten Most Critical Web Application Security Risks,” 2021. [Online]. Available: https://owasp.org/Top10/
A. S. Y. Irawan, A. D. Yudistira, and F. A. Muqtadiroh, “Analisis Kerentanan Keamanan Website Menggunakan Metode Penetration Testing Execution Standard (PTES),” Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 8, no. 3, pp. 541-548, Jun. 2021.
R. K. Sari and A. Susanto, “Analisis Kerentanan Website Sekolah Menggunakan Metode OWASP (Studi Kasus: Website SMA/SMK di Kabupaten Sleman),” Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 6, no. 5, pp. 545-552, Okt. 2019.
I. Riadi, R. Umar, and D. A. Novitasari, “Analisis Kerentanan Keamanan Web E-Commerce Menggunakan Acunetix Web Vulnerability Scanner dengan Metode OWASP,” Jurnal Sistem Informasi dan Teknik Komputer, vol. 4, no. 1, pp. 35-42, 2020.
PortSwigger, “Burp Suite Community Edition,” 2024. [Online]. Available: https://portswigger.net/burp
OWASP Foundation, “OWASP Zed Attack Proxy (ZAP),” 2024. [Online]. Available: https://www.zaproxy.org/
G. Weidman, Penetration Testing: A Hands-On Introduction to Hacking. San Francisco, CA: No Starch Press, 2014.
F. A. Saputra and D. E. P. K. Putra, “Vulnerability Assessment on University Website Using OWASP ZAP and Nikto,” in Proc. 2022 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS), Jakarta, 2022, pp. 215-220.
D. Stuttard and M. Pinto, The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd ed. Indianapolis, IN: Wiley, 2011.
M. Y. H. S., A. H. Kridalaksana, and S. M. S. Nugroho, “Analisis Keamanan Website Terhadap Serangan Cross-site Scripting (XSS) Menggunakan Metode Black Box Testing,” Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI), vol. 8, no. 2, pp. 157-164, Mei 2019.
Copyright (c) 2025 Haniwijaya Pahlawansah, Muh. Fahmi Basmar, Muhammad Yusuf
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
