Article Sidebar

Submitted
14 October 2024
Accepted
27 May 2025
Published
11 June 2025
Download
PDF (Bahasa Indonesia)
Statistic
Read Counter : 7 Download : 2

Downloads

Download data is not yet available.

Main Article Content

Abstract

Web-based platform security is an important aspect that developers must consider. However, numerous developer still exhibit insufficient attention to enhancing the security level of their websites, thereby increasing the likelihood of these platforms becoming targets of cyber attacks. To address this challenge, the utilization of tools such as Nuclei Vulnerability Scnner and Owasp Zap presents an effective solution for the rapid detection of potential vulnerabilities  in web-based platforms. This research involved testing a locally developed dummy web application , with scanning processes conducted using the Nuclei Vulnerability Scanner and Owasp Zap tools. The findings reveal that Nuclei Vulnerability Scanner proves effective in identifying vulnerabilities at the network layer, particularly in relation to SSL/TLS protocols and proxy configurations. In contrast, Owasp Zap is more focused on detecting vulnerabilities  within the web application layer, especially concerning security header configurations  that may be exploited through browser-based attacks such as XSS and clickjacking. Mitigation of the identified  vulnerabilities resulted in a substantial reduction in their severity, with a 90% decrease in Nuclei and an 80% reduction in Owasp Zap. Both tools demonstrated high accuracy and efficient scanning times, establishing them as effective solutions for enhancing security across both network and application layers. This study recommends the integration of these tools into a comprehensive cyber security strategy  to safeguard system integrity and availability while addressing the continuously  evolving threat landscape, in alignment with the layered security principle advocated in contemporary literature.

Keywords

Cybersecurity Nuclei Owasp Zap Vulnerability Scanner Website Security

Article Details

License

Copyright (c) 2025 Jurnal Komputer Terapan

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Author Biographies

Aulia Rahman, Universitas Sulawesi Barat

Fakultas Teknik - Prodi Informatika Universitas Sulawesi Barat

Indra, Universitas Sulawesi Barat

Fakultas Teknik Prodi Informatika Universitas Sulawesi Barat

Nuralamsah Zulkarnaim, Universitas Sulawesi Barat

Fakultas Teknik Prodi Informatika Universitas Sulawesi Barat

Muhammad Mukhram, Universitas Sulawesi Barat

Fakultas Teknik Prodi Informatika Universitas Sulawesi Barat

Agung Rizaldi, Universitas Sulawesi Barat

Fakultas Ekonomi Prodi Akuntansi Universitas Sulawesi Barat
How to Cite
Rahman, A., Indra, I., Zulkarnaim, N., Mukhram, M., & Rizaldi, A. (2025). ANALISIS IMPLEMENTASI NUCKLEI VULNERABILITY DAN OWASP-ZAP SCANNER UNTUK DETEKSI KERENTANAN KEAMANAN (SECURE SYSTEM) PADA PLATFORM WEB BASED . Jurnal Komputer Terapan, 11(1), 10–15. https://doi.org/10.35143/jkt.v11i1.6430
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX

References

  1. A. F. Hasibuan and D. Handoko, “Analisis Keretanan Website Dengan Aplikasi Owasp Zap,” J. Ilmu Komput. dan Sist. Inf., vol. 2, no. 2, pp. 257–270, 2023, [Online]. Available: https://jurnal.unity-academy.sch.id/index.php/jirsi/article/view/51
  2. T. Anugrah, “Penetration Testing Keamanan Website Stie Samarinda Menggunakan Teknik Sql Injection Dan Xss,” J. Inform. dan Tek. Elektro Terap., vol. 12, no. 1, pp. 618–624, 2024, doi: 10.23960/jitet.v12i1.3882.
  3. A. Zirwan, “Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner,” J. Inf. dan Teknol., vol. 4, no. 1, pp. 70–75, 2022, doi: 10.37034/jidt.v4i1.190.
  4. A. Kendek Allo and I. R. Widiasari, “Analisis Keamanan Website SIASAT Menggunakan Teknik Footprinting dan Vulnerability Scanning,” J. JTIK (Jurnal Teknol. Inf. dan Komunikasi), vol. 8, no. 2, pp. 316–323, 2024, doi: 10.35870/jtik.v8i2.1723.
  5. M. Munjal, “Ethical Hacking: an Impact on Society,” Cyber Times Int. J. Technol. Manag., vol. 7, no. 04, pp. 922–931, 2014.
  6. M. Tahir and M. Risky, “Analisis Keamanan Website Dinas Pemerintahan Yogyakarta Dengan Metode PTES ( Penetration Testing Execution Standard ),” vol. 09, pp. 118–125, 2024.
  7. E. Z. Darojat, E. Sediyono, and I. Sembiring, “Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner,” J. Sist. Inf. Bisnis, vol. 12, no. 1, pp. 36–44, 2022, doi: 10.21456/vol12iss1pp36-44.
  8. A. P. Armadhani, D. Nofriansyah, and K. Ibnutama, “Analisis Keamanan Untuk Mengetahui Vulnerability Pada DVWA Lab esting Menggunakan Penetration Testing Standart OWASP,” J. SAINTIKOM (Jurnal Sains Manaj. Inform. dan Komputer), vol. 21, no. 2, p. 80, 2022, doi: 10.53513/jis.v21i2.6119.
  9. J. I. Sains, “ANALISIS KEAMANAN APLIKASI WEB MENGGUNAKAN ZAP Yuswandi,” vol. 6, no. 4, pp. 39–42, 2022.
  10. M. Ozkan-okay, A. A. Yilmaz, E. Akin, A. Aslan, and S. S. Aktug, “A Comprehensive Review of Cyber Security Vulnerabilities ,” Electronics, vol. 12, no. 1333, 2023.
  11. A. Mehmood, A. Shafique, M. Alawida, and A. N. Khan, “Advances and Vulnerabilities in Modern Cryptographic Techniques: A Comprehensive Survey on Cybersecurity in the Domain of Machine/Deep Learning and Quantum Techniques,” IEEE Access, vol. 12, pp. 27530–27555, 2024, doi: 10.1109/ACCESS.2024.3367232.
  12. S. Abdelkader et al., “Securing modern power systems: Implementing comprehensive strategies to enhance resilience and reliability against cyber-attacks,” Results Eng., vol. 23, no. July, p. 102647, 2024, doi: 10.1016/j.rineng.2024.102647.
  13. J. Shahid, M. K. Hameed, I. T. Javed, K. N. Qureshi, M. Ali, and N. Crespi, “A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions,” Appl. Sci., vol. 12, no. 8, 2022, doi: 10.3390/app12084077.
  14. M. M. Mlyatu and C. Sanga, “Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques,” J. Inf. Secur., vol. 14, no. 01, pp. 1–15, 2023, doi: 10.4236/jis.2023.141001.
  15. O. Foundation, “No Title,” OWASP Secure Headers Project. [Online]. Available: https://owasp.org/www-project-secure-headers/

Similar Articles

1 2 3 > >> 

You may also start an advanced similarity search for this article.