Enhancing Website Security Using Vulnerability Assessment and Penetration Testing (VAPT) Based on OWASP Top Ten

Authors

  • Diana Rohmaniah Informatika, Universitas Amikom Yogyakarta
  • Wahid Miftahul Ashari Teknik Komputer, Universitas Amikom Yogyakarta
  • Lukman Lukman Manajemen Informatika, Universitas Amikom Yogyakarta
  • Andriyan Dwi Putra Sistem Informasi, Universitas Amikom Yogyakarta

DOI:

https://doi.org/10.30871/jaic.v9i2.9069

Keywords:

Website Security, Vulnerability Assessment, Penetration Testing, OWASP Top Ten

Abstract

Website security is one of the main concerns in the digital era, given the increasing potential for cyber threats. This research aims to improve website security by using the Vulnerability Assessment and Penetration Testing (VAPT) method that refers to the OWASP Top Ten standard. The applied method includes four main stages: information gathering, vulnerability scanning, exploitation, and reporting. The results showed that there were several successfully exploited vulnerabilities, such as Clickjacking, Improper HTTP to HTTPS Redirection, Directory Listing, and Sensitive Information Disclosure, which were classified based on the OWASP Top Ten. The severity of the vulnerabilities was analyzed using Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Vulnerability Scoring System (CVSS). The analysis results show that some vulnerabilities have high severity after considering the factual conditions of the system. This research provides specific remediation recommendations to address these vulnerabilities, such as the implementation of security headers, deletion of sensitive configuration files, and dependency updates. With this approach, the research is expected to contribute to improving website security and provide effective mitigation guidelines.

Downloads

References

[1] Nurjannah and Abdul Muni, “Analisis Keamanan Website Sekolah Sman 1 Tempuling Dengan Menggunakan Open Web Application Security Project (Owasp),” J. Perangkat Lunak, vol. 6, no. 2, pp. 351–361, 2024, doi: 10.32520/jupel.v6i2.3442.

[2] M. N. Fauzan, O. Nurdiawa, and Y. A. Wijaya, “Analisis Sistem Website Sekolah Adiwiyata Menggunakan Website Quality (WEBQUAL),” J. Janitra Inform. dan Sist. Inf., vol. 3, no. 1, pp. 40–48, 2023, doi: 10.25008/janitra.v3i1.167.

[3] Arfan Dwi Madya, Bagas Djoko Haryanto, and Devi Putri Ningsih, “Keefektifan Metode Proteksi Data dalam Mengatasi Ancaman Cybersecurity,” Indones. J. Educ. Comput. Sci., vol. 1, no. 3, pp. 127–135, 2023, doi: 10.60076/indotech.v1i3.236.

[4] M. Aljabri et al., “Testing and Exploiting Tools to Improve OWASP Top Ten Security Vulnerabilities Detection,” in Proceedings - 2022 14th IEEE International Conference on Computational Intelligence and Communication Networks, CICN 2022, Institute of Electrical and Electronics Engineers Inc., 2022, pp. 797–803. doi: 10.1109/CICN56167.2022.10008360.

[5] Badan Siber dan Sandi Negara, “Lanskap Keamanan Siber Indonesia 2023,” bssn.go.id. [Online]. Available: https://www.bssn.go.id/monitoring-keamanan-siber/

[6] J. Softić and Z. Vejzović, “Impact of Vulnerability Assesment and Penetration Testing (VAPT) on Operating System Security,” in 2023 22nd International Symposium INFOTEH- JAHORINA, INFOTEH 2023, Institute of Electrical and Electronics Engineers Inc., 2023. doi: 10.1109/INFOTEH57020.2023.10094095.

[7] B. A. Chandrakant and J. P. Prakash, “Vulnerability Assessment and Penetration Testing As Cyber Defence,” Int. J. Eng. Appl. Sci. Technol., vol. 4, no. 2, pp. 72–76, 2019, doi: 10.33564/ijeast.2019.v04i02.012.

[8] Victor Ilyas Sugara and I Wayan Sriyasa, “Analisis Keamanan Web Menggunakan Open Web Application Security Web (OWASP),” Indones. J. Comput. Sci., vol. 13, no. 2, pp. 3315– 3327, 2024, doi: 10.33022/ijcs.v13i2.3736.

[9] S. F. Wen and B. Katt, “A quantitative security evaluation and analysis model for web applications based on OWASP application security verification standard,” Comput. Secur., vol. 135, no. September, p. 103532, 2023, doi: 10.1016/j.cose.2023.103532.

[10] M. A. Mu’min, A. Fadlil, and I. Riadi, “Analisis Keamanan Sistem Informasi Akademik Menggunakan Open Web Application Security Project Framework,” J. Media Inform. Budidarma, vol. 6, no. 3, p. 1468, 2022, doi: 10.30865/mib.v6i3.4099.

[11] I. Riadi, A. Yudhana, and Y. W, “Analisis Keamanan Website Open Journal System Menggunakan Metode Vulnerability Assessment,” J. Teknol. Inf. dan Ilmu Komput., vol. 7, no. 4, pp. 853–860, 2020, doi: 10.25126/jtiik.2020701928.

[12] A. Almaarif and M. Lubis, “Vulnerability Assessment and Penetration Testing (VAPT) Framework: Case Study of Government’s Website,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 10, no. 5, pp. 1874–1880, 2020, doi: 10.18517/ijaseit.10.5.8862.

[13] E. Nurelasari and D. Gumilang Al Farabi, “Analisis Keamanan Sistem Website Menggunakan Metode Open Web Application Security Project (Owasp) Pada Simantep.Id,” JATI (Jurnal Mhs. Tek. Inform., vol. 8, no. 3, pp. 3049–3054, 2024, doi: 10.36040/jati.v8i3.9314.

[14] K. Nur, M. Hasyim, and S. Fathu, “Vulnerability Assessment and Penetration Testing on Student Service Center System,” vol. 16, no. 2, pp. 161–171, 2024.

[15] U. Ravindran and R. V. Potukuchi, “A Review on Web Application Vulnerability Assessment and Penetration Testing,” Rev. Comput. Eng. Stud., vol. 9, no. 1, pp. 1–22, 2022, doi: 10.18280/rces.090101.

[16] R. Amankwah, J. Chen, P. K. Kudjo, and D. Towey, “An empirical comparison of commercial and open-source web vulnerability scanners,” Softw. - Pract. Exp., vol. 50, no. 9, pp. 1842–1857, 2020, doi: 10.1002/spe.2870.

[17] A. Kadu, B. Chalakh, K. Gorle, and S. Malpe, “‘ Review : Developing a website analysis tool for vulnerability scanning and re porting ,’” vol. 13, no. 2, pp. 1190–1194, 2020.

[18] A. W. Kuncoro and F. Rahma, “Analisis Metode Open Web Application Security Project (OWASP) pada Pengujian Keamanan Website: Literature Review,” Automata, vol. 3, no. 1, pp. 1–5, 2021, [Online]. Available: https://www.sciencedirect.com

Downloads

Published

2025-03-25

How to Cite

[1]
D. Rohmaniah, W. M. Ashari, L. Lukman, and A. D. Putra, “Enhancing Website Security Using Vulnerability Assessment and Penetration Testing (VAPT) Based on OWASP Top Ten”, JAIC, vol. 9, no. 2, pp. 404–411, Mar. 2025.

Issue

Vol. 9 No. 2 (2025): In Progress

Section

Articles

License

Copyright (c) 2025 Diana Rohmaniah, Wahid Miftahul Ashari, Lukman Lukman, Andriyan Dwi Putra

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) ) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Similar Articles

1 2 3 4 5 > >> 

You may also start an advanced similarity search for this article.