Systematic Literature Review: Security Gap Detection On Websites Using Owasp Zap

Fauzan Prasetyo Eka  Putra; Ubaidi Ubaidi; Amir  Hamzah; Walid Agel  Pramadi; Alief  Nuraini

doi:10.47709/brilliance.v4i1.4227

Systematic Literature Review: Security Gap Detection On Websites Using Owasp Zap

Authors

Fauzan Prasetyo Eka Putra Universitas Madura, Indonesia
Ubaidi Ubaidi Universitas Madura, Indonesia
Amir Hamzah Universitas Madura, Indonesia
Walid Agel Pramadi Universitas Madura, Indonesia
Alief Nuraini Universitas Madura, Indonesia

DOI:

https://doi.org/10.47709/brilliance.v4i1.4227

Keywords:

OWASP\, Vulnerability Detection, Web Security, SQL Injection, Security Testing

Abstract

This research highlights the detection of security vulnerabilities on websites using OWASP ZAP, a highly regarded open-source web security testing tool. Through a comprehensive literature review approach and systematic research methodology, this research emphasizes the urgency of addressing the ever-evolving security threats in web systems. Web security is a crucial aspect of information technology as more and more sensitive data is transmitted through web applications. OWASP ZAP, recognized for its reliability in identifying various security holes, was used to evaluate its effectiveness and efficiency in detecting vulnerabilities in web applications. This tool assists developers and security researchers in finding and fixing weaknesses that could be exploited by attackers. The results of the study show that OWASP ZAP is not only effective in identifying vulnerabilities such as SQL Injection, XSS (Cross-Site Scripting), and misconfiguration but also provides practical solutions to strengthen overall web security. Additionally, this research identifies several challenges faced when using OWASP ZAP and offers recommendations to address these issues. This study makes a significant contribution towards a better understanding of web security and offers recommendations for the implementation of better security testing tools in web development environments. Consequently, this research encourages the adoption of more proactive and systematic security practices in web application development.

References

Abdulghaffar, K., Elmrabit, N., & Yousefi, M. (2023). Enhancing Web Application Security through Automated Penetration Testing with Multiple Vulnerability Scanners. Computers, 12(11), 1–17. https://doi.org/10.3390/computers12110235

Abdullayev, V., & Chauhan, A. S. (2023). SQL Injection Attack: Quick View. Mesopotamian Journal of CyberSecurity, 2023, 30–34. https://doi.org/10.58496/MJCS/2023/006

Al’am’yubi, M. R. S. ., & Wijayanto, D. . (2023). Analisis Sistem Keamanan Website XYZ Menggunakan Framework OWASP ZAP. Jurnal Ilmu Komputer (JUIK), 3(1), 1–5. Retrieved from https://journal.umgo.ac.id/index.php/juik/index

Alazmi, S., & De Leon, D. C. (2022). A Systematic Literature Review on the Characteristics and Effectiveness of Web Application Vulnerability Scanners. IEEE Access, 10, 33200–33219. https://doi.org/10.1109/ACCESS.2022.3161522

Aldisa, R. T., & Wahyuddin, M. I. (2022). Sistem Informasi Laboratorium Dengan Metode Joint Application Design (JAD) Berbasis Website (Kasus: Laboratorium Artificial Intelligence Universitas Nasional). Jurnal Sains Komputer & Informatika (J-SAKTI, 6(1), 553.

Alghawazi, M., Alghazzawi, D., & Alarifi, S. (2022). Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review. Journal of Cybersecurity and Privacy, 2(4), 764–777. https://doi.org/10.3390/jcp2040039

Arief, M. F., Santoso, N. A., & Kurniawan, R. D. (2022). Systematic Literatur Review: Keamanan Komputer Pada Jaringan Nirkabel. Indonesia Journal of Internasional Relations (IJIR), 3(2), 1–8.

Arief, S. F., & Sugiarti, Y. (2022). Literature Review: Analisis Metode Perancangan Sistem Informasi Akademik Berbasis Web. Jurnal Ilmiah Ilmu Komputer, 8(2), 87–93. https://doi.org/10.35329/jiik.v8i2.229

Ashari, I. F. A., Affandi, M., Putra, H. T., & Nur, M. T. (2023). Security Audit for Vulnerability Detection and Mitigation of UPT Integrated Laboratory (ILab) ITERA Website Based on OWASP Zed Attack Proxy (ZAP). Jurnal JTIK (Jurnal Teknologi Informasi Dan Komunikasi), 7(1), 24–34. https://doi.org/10.35870/jtik.v7i1.657

Ashari, I. F., Rizta Anugrah P, L., Andintya W, N., & Denira, S. T. (2023). Analisis Celah Keamanan Dan Mitigasi Website E-Learning Itera Menggunakan Owasp Zed Attack Proxy (Zap) Vulnerability and Mitigation Analysis of the Itera E-Learning Website Using Owasp Zed Attack Proxy (Zap). Dinamika Rekayasa, 19(1), 29–35.

Azahra, Z. (2023). Systematic Literature Review ( SLR )?: Sistem Informasi Donor Darah Berbasis Teknologi. 7, 31236–31242.

Baklizi, M., Atoum, I., Abdullah, N., Al-Wesabi, O. A., Otoom, A. A., & Hasan, M. A. S. (2022). A Technical Review of SQL Injection Tools and Methods: A Case Study of SQL Map. International Journal of Intelligent Systems and Applications in Engineering, 10(3), 75–85.

Burhani, L. F., & Priyawati, D. (2024). Analisis Pengujian Keamanan Website Pengelolaan Internet Desa Kragan Menggunakan Metode Penetration Testing Execution Standard (Ptes). JIPI (Jurnal Ilmiah Penelitian Dan Pembelajaran Informatika), 9(1), 307–319. Retrieved from https://jurnal.stkippgritulungagung.ac.id/index.php/jipi/article/view/4455

Darojat, E. Z., Sediyono, E., & Sembiring, I. (2022). Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner. Jurnal Sistem Informasi Bisnis, 12(1), 36–44. https://doi.org/10.21456/vol12iss1pp36-44

Dewi, B. T. K. & M. A. S. (2022). Kajian Literatur: Metode dan Tools Pengujian Celah Keamanan Aplikasi Berbasis Web. Automata, 3(1), 1–8. Retrieved from https://journal.uii.ac.id/AUTOMATA/article/view/21883/12030

Eka Putra, F. P., Amir Hamzah, Agel, W., & Firmansyah Kusuma, R. O. (2024). Impelementasi Sistem Keamanan Jaringan Mikrotik Menggunakan Firewall Filtering dan Port Knocking. Jurnal Sistim Informasi Dan Teknologi, 5(4), 82–87. https://doi.org/10.60083/jsisfotek.v5i4.329

Fadla Silvia, A., Saputra, W., Sunaryo, H., & Sinlae, F. (2024). Analisis Keamanan Data Pribadi pada Pengguna BPJS Kesehatan: Ancaman, Risiko, Strategi Kemanan (Literature Review). Nusantara Journal of Multidisciplinary Science, 2(1), 201–207. Retrieved from https://jurnal.intekom.id/index.php/njms

Fariadi, F., & Redo Islami, M. R. (2022). Deteksi Dini Serangan Pada Website Menggunakan Metode Anomali Based. JIKO (Jurnal Informatika Dan Komputer), 5(3), 224–229. https://doi.org/10.33387/jiko.v5i3.5352

Haidar Hari, N., Eka Putra, F. P., Hasanah, U., Sutarsih, S. R., & Riyan. (2023). Transformasi Jaringan Telekomunikasi dengan Teknologi 5G: Tantangan, Potensi, dan Implikasi. Jurnal Informasi Dan Teknologi, 5(2), 146–150. https://doi.org/10.37034/jidt.v5i2.357

Hasan, M., Al-Maliki, A., & Jasim, N. (2022). Review of SQL injection attacks: Detection, to enhance the security of the website from client-side attacks. Int. J. Nonlinear Anal. Appl, 13(October 2021), 2008–6822. Retrieved from http://dx.doi.org/10.22075/ijnaa.2022.6152

Hasibuan, A. F., & Handoko, D. (2023). Analisis Keretanan Website Dengan Aplikasi Owasp Zap. Jurnal Ilmu Komputer Dan Sistem Informasi, 2(2), 257–270. Retrieved from https://jurnal.unity-academy.sch.id/index.php/jirsi/article/view/51

Ilmi, A., Seta, H. B., & Pradnyana, I. W. W. (2022). Evaluasi Risiko Celah Keamanan Menggunakan Metodologi Open-Source Security Testing Methodology Manual (OSSTMM) Pada Aplikasi Web Terbaru Fakultas Ilmu Komputer UPN Veteran Jakarta. Informatik?: Jurnal Ilmu Komputer, 18(2), 190. https://doi.org/10.52958/iftk.v18i2.4672

Jakobsson, A., & Häggström, I. (2022). Study of the techniques used by OWASP ZAP for analysis of vulnerabilities in web applications. 61. Retrieved from https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1675227&dswid=-4307

Kalaani, C. (2023). OWASP ZAP vs snort for SQLi vulnerability scanning. Retrieved from https://digitalcommons.georgiasouthern.edu/etd

Kristara, F. S., & Adiguna, M. A. (2023). Pengujian Celah Keamanan Input Validation Pada Aplikasi Website Menggunakan Framework Owasp. Jurnal Penelitian Ilmu Komputer, 1(4), 50–55.

Kurniawan, A., & Ramli, K. (2023). Effectiveness of Security Through Obscurity Methods To Avoid Web Application Vulnerability Scanners. Jurnal Teknik Informatika (Jutif), 4(6), 1479–1486. https://doi.org/10.52436/1.jutif.2023.4.6.778

Mansur, N. H. (2023). Vulnerability analysis using OWASP ZAP on higher education websites. 2665(1). https://doi.org/10.1063/5.0153145

Mu’min, M. A., Fadlil, A., & Riadi, I. (2022). Analisis Keamanan Sistem Informasi Akademik Menggunakan Open Web Application Security Project Framework. Jurnal Media Informatika Budidarma, 6(3), 1468. https://doi.org/10.30865/mib.v6i3.4099

Mulyanto, Y., Zaen, M. T. A., Yuliadi, Y., & Sihab, S. (2022). Analisis Keamanan Website SMA Negeri 2 Sumbawa Besar Menggunakan Metode Penetration Testing (Pentest). Journal of Information System Research (JOSH), 4(1), 202–209. https://doi.org/10.47065/josh.v4i1.2335

Mutedi, A., & Tjahjono, B. (2022). Systematic Literature Review: Preventing SQL Injection Attacks Using Tools OWASP CSR Web Application Firewall. Maret, 7(1), 151–156. Retrieved from http://openjournal.unpam.ac.id/index.php/informatika

Nisa, K., Putra, M. A., Siregar, R. A., & Dedi Irawan, M. (2022). Analisis Website Tapanuli Tengah Menggunakan Metode Open Web Application Security Project Zap (Owasp Zap). Bulletin of Information Technology (BIT), 3(4), 308–216. https://doi.org/10.47065/bit.v3i4.389

Pendidikan, J., & Konseling, D. (2022). Analisis Keamanan Website Universitas Singaperbangsa Karawang Menggunakan Metode Vulnerability Assessment. Jurnal Pendidikan Dan Konseling, 4(4), 6298–6309.

Prasetyo Eka Putra, F. (2023). Sleep Mode: Strategi Efisiensi Wireless Sensor Network. Informatics for Educators And Professionals?: Journal of Informatics, 8(1), 52–56.

Pratama, T. I. M., Songida, M. D. F., & Gunawan, I. (2022). Analisis Serangan dan Keamanan pada SQL Injection: Sebuah Review Sistematik. JIIFKOM (Jurnal Ilmiah Informatika Dan Komputer), 1(2), 27–32. https://doi.org/10.51901/jiifkom.v1i2.230

Putra, F. P. E., Fauzan, F., Syirofi, S., Mursidi, M., Wahid, D., & Nuraini, A. (2024). Sistem Pengendali Lingkungan Pertanian Dengan Wireless Sensor Network Untuk Mengoptimalkan Budidaya Hidroponik. Digital Transformation Technology, 3(2), 931–937. https://doi.org/10.47709/digitech.v3i2.3461

Riandhanu, I. O. (2022). Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi. Jurnal Informasi Dan Teknologi, 4(3), 160–165. https://doi.org/10.37034/jidt.v4i3.236

Sembiring, B. P., Sidiq, M. F., & Prabowo, W. A. (2024). Analisis Keamanan Sistem Informasi Menggunakan Metode Open Web Application Security Project ( Owasp ). 8(3), 3049–3054.

Studi, P., Informatika, T., Teknik, F., & Nusantara, U. D. (2024). SYSTEMATIC LITERATURE REVIEW?: SERANGAN DEFACE. 14(2), 106–112.

Taryana, Y., & Heryana, N. (2023). Analisis Keamanan Website Bpjs Kesehatan Menggunakan Metode Vulnerability Asesement. Joutica, 8(1), 31–37. https://doi.org/10.30736/informatika.v8i1.951

Wibowo, D. S., Ardi Susanto, & Khibar Pusaka. (2022). Analisis dan Pengujian Celah Keamanan pada Website DIV Teknik Informatika Politeknik Harapan Bersama. JURNAL PILAR TEKNOLOGI Jurnal Ilmiah Ilmu Ilmu Teknik, 7(1), 1–10. https://doi.org/10.33319/piltek.v7i1.114

Willy Andrian, & Dedy Prasetya Kristiadi. (2022). Pengembangan Manajemen Keamanan Informasi Database Dan Aplikasi Dengan Optimasi Keamanan Website. Jurnal Sistem Informasi Dan Teknologi (SINTEK), 2(2), 63–68. https://doi.org/10.56995/sintek.v2i2.48

Zulfikri, A., Putra, F. P. E., Huda, M. A., Hasbullah, H., Mahendra, M., & Surur, M. (2023). Analisis Keamanan Jaringan Dari Serangan Malware Menggunakan Filtering Firewall Dengan Port Blocking. Digital Transformation Technology, 3(2), 857–863. https://doi.org/10.47709/digitech.v3i2.3379

Downloads

Published

2024-07-22

How to Cite

Putra, F. P. E. ., Ubaidi, U., Hamzah, A. ., Pramadi, W. A. ., & Nuraini, A. . (2024). Systematic Literature Review: Security Gap Detection On Websites Using Owasp Zap . Brilliance: Research of Artificial Intelligence, 4(1), 348–355. https://doi.org/10.47709/brilliance.v4i1.4227