ANALISIS IMPLEMENTASI NUCKLEI VULNERABILITY DAN OWASP-ZAP SCANNER UNTUK DETEKSI KERENTANAN KEAMANAN (SECURE SYSTEM) PADA PLATFORM WEB BASED
DOI:
https://doi.org/10.35143/jkt.v11i1.6430Keywords:
Cybersecurity, Nuclei, Owasp Zap, Vulnerability Scanner, Website SecurityAbstract
Web-based platform security is an important aspect that developers must consider. However, numerous developer still exhibit insufficient attention to enhancing the security level of their websites, thereby increasing the likelihood of these platforms becoming targets of cyber attacks. To address this challenge, the utilization of tools such as Nuclei Vulnerability Scnner and Owasp Zap presents an effective solution for the rapid detection of potential vulnerabilities in web-based platforms. This research involved testing a locally developed dummy web application , with scanning processes conducted using the Nuclei Vulnerability Scanner and Owasp Zap tools. The findings reveal that Nuclei Vulnerability Scanner proves effective in identifying vulnerabilities at the network layer, particularly in relation to SSL/TLS protocols and proxy configurations. In contrast, Owasp Zap is more focused on detecting vulnerabilities within the web application layer, especially concerning security header configurations that may be exploited through browser-based attacks such as XSS and clickjacking. Mitigation of the identified vulnerabilities resulted in a substantial reduction in their severity, with a 90% decrease in Nuclei and an 80% reduction in Owasp Zap. Both tools demonstrated high accuracy and efficient scanning times, establishing them as effective solutions for enhancing security across both network and application layers. This study recommends the integration of these tools into a comprehensive cyber security strategy to safeguard system integrity and availability while addressing the continuously evolving threat landscape, in alignment with the layered security principle advocated in contemporary literature.Downloads
References
A. F. Hasibuan and D. Handoko, “Analisis Keretanan Website Dengan Aplikasi Owasp Zap,” J. Ilmu Komput. dan Sist. Inf., vol. 2, no. 2, pp. 257–270, 2023, [Online]. Available: https://jurnal.unity-academy.sch.id/index.php/jirsi/article/view/51
T. Anugrah, “Penetration Testing Keamanan Website Stie Samarinda Menggunakan Teknik Sql Injection Dan Xss,” J. Inform. dan Tek. Elektro Terap., vol. 12, no. 1, pp. 618–624, 2024, doi: 10.23960/jitet.v12i1.3882.
A. Zirwan, “Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner,” J. Inf. dan Teknol., vol. 4, no. 1, pp. 70–75, 2022, doi: 10.37034/jidt.v4i1.190.
A. Kendek Allo and I. R. Widiasari, “Analisis Keamanan Website SIASAT Menggunakan Teknik Footprinting dan Vulnerability Scanning,” J. JTIK (Jurnal Teknol. Inf. dan Komunikasi), vol. 8, no. 2, pp. 316–323, 2024, doi: 10.35870/jtik.v8i2.1723.
M. Munjal, “Ethical Hacking: an Impact on Society,” Cyber Times Int. J. Technol. Manag., vol. 7, no. 04, pp. 922–931, 2014.
M. Tahir and M. Risky, “Analisis Keamanan Website Dinas Pemerintahan Yogyakarta Dengan Metode PTES ( Penetration Testing Execution Standard ),” vol. 09, pp. 118–125, 2024.
E. Z. Darojat, E. Sediyono, and I. Sembiring, “Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner,” J. Sist. Inf. Bisnis, vol. 12, no. 1, pp. 36–44, 2022, doi: 10.21456/vol12iss1pp36-44.
A. P. Armadhani, D. Nofriansyah, and K. Ibnutama, “Analisis Keamanan Untuk Mengetahui Vulnerability Pada DVWA Lab esting Menggunakan Penetration Testing Standart OWASP,” J. SAINTIKOM (Jurnal Sains Manaj. Inform. dan Komputer), vol. 21, no. 2, p. 80, 2022, doi: 10.53513/jis.v21i2.6119.
J. I. Sains, “ANALISIS KEAMANAN APLIKASI WEB MENGGUNAKAN ZAP Yuswandi,” vol. 6, no. 4, pp. 39–42, 2022.
M. Ozkan-okay, A. A. Yilmaz, E. Akin, A. Aslan, and S. S. Aktug, “A Comprehensive Review of Cyber Security Vulnerabilities ,” Electronics, vol. 12, no. 1333, 2023.
A. Mehmood, A. Shafique, M. Alawida, and A. N. Khan, “Advances and Vulnerabilities in Modern Cryptographic Techniques: A Comprehensive Survey on Cybersecurity in the Domain of Machine/Deep Learning and Quantum Techniques,” IEEE Access, vol. 12, pp. 27530–27555, 2024, doi: 10.1109/ACCESS.2024.3367232.
S. Abdelkader et al., “Securing modern power systems: Implementing comprehensive strategies to enhance resilience and reliability against cyber-attacks,” Results Eng., vol. 23, no. July, p. 102647, 2024, doi: 10.1016/j.rineng.2024.102647.
J. Shahid, M. K. Hameed, I. T. Javed, K. N. Qureshi, M. Ali, and N. Crespi, “A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions,” Appl. Sci., vol. 12, no. 8, 2022, doi: 10.3390/app12084077.
M. M. Mlyatu and C. Sanga, “Secure Web Application Technologies Implementation through Hardening Security Headers Using Automated Threat Modelling Techniques,” J. Inf. Secur., vol. 14, no. 01, pp. 1–15, 2023, doi: 10.4236/jis.2023.141001.
O. Foundation, “No Title,” OWASP Secure Headers Project. [Online]. Available: https://owasp.org/www-project-secure-headers/
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Jurnal Komputer Terapan

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright info for authors
1. Authors hold the copyright in any process, procedure, or article described in the work and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors retain publishing rights to re-use all or portion of the work in different work but can not granting third-party requests for reprinting and republishing the work.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) as it can lead to productive exchanges, as well as earlier and greater citation of published work.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License 











