WEB SECURITY ANALYSIS AND TESTING USING OWASP ZAP PENETRATION TESTING CASE STUDY OF WIDYA DHARMA UNIVERSITY WEBSITE PONTIANAK
Abstract
As web digital technology advances rapidly, threats to web applications such as hacking, data leaks, and exploitation of web application vulnerabilities are becoming increasingly complex and diverse. Unaddressed security vulnerabilities may result in critical information disclosure, unauthorized data manipulation, and disruption to system operations. This study employs penetration testing with the latest OWASP ZAP version 2.17.0 as the primary security testing tool to perform a systematic vulnerability assessment on the official website of Universitas Widya Dharma Pontianak, with the OWASP Top 10 2025 framework utilized as the benchmark for vulnerability classification and categorization. This study is aim to identify security vulnerabilities that’s undetected on the website, which can open up opportunities for attackers to attack the university's official website, as well to improve the security of the university website. The results show that there are 17 security vulnerabilities, comprising one high category vulnerability, six medium category vulnerabilities, six low category vulnerabilities, and four informational category vulnerabilities. The most frequently found vulnerability category identified was A02 Security Misconfiguration. This study concludes that the OWASP ZAP tool is effective in identifying previously undetected security vulnerabilities, while the OWASP Top 10 2025 framework makes it easier to categorize the security vulnerabilities found on the website.
References
Alfarizi1, M., K, M. N., H, M. A., & Ashari4, I. F. (2022). Vulnerability Analysis and Proven on the neonime.co Website Using OWASP ZAP 4 and XSpear. JTKSI (Jurnal Teknologi Komputer dan Sistem Informasi), 5(2), 75–81. https://doi.org/doi:10.56327/jtksi.v5i2.1130
Arief, M. I., Anwar, D. S., & Supriatman, A. (2025). Analisis Kerentanan Website Melalui Pendekatan Penetration Testing Berdasarkan Standar Owasp Top 10 Studi Kasus Simpelmas Universitas XYZ. JEIS: Jurnal Elektro dan Informatika Swadharma, 5(2), 93–104. https://doi.org/10.56486/jeis.vol5no2.798
Aryanti, D., Nurholis, & Nashar Utamajaya, J. (2021). Analisis Kerentanan Keamanan Website Menggunakan Metode Owasp (Open Web Application Security Project) Pada Dinas Tenaga Kerja. Jurnal Syntax Fusion, 1(03), 15–25. https://doi.org/10.54543/fusion.v1i03.53
Charly, P., Diatmika, K. E., Prayoga, I. M. P., & Listartha, I. M. E. (2022). Pendeteksian Keamanan Website SMA Greenschool Menggunakan Metode Owasp dengan Pengujian XSS. Format: Jurnal Ilmiah Teknik Informatika, 11(1), 77. https://doi.org/10.22441/10.22441/format.2022.v11.i1.008
Darwis, E., Junaedy, & Musdar, I. A. (2022). Analisis Kerentanan Website Renovaction Menggunakan Rangkaian Security Tools Project Berdasarkan Framework Owasp. KHARISMA Tech, 17(1), 1–15. https://doi.org/10.55645/kharismatech.v17i1.170
Dwi Cahyani, D., Windy Puspita Dewi, L. P., Rama Suryadi, K. D., & Edy Listartha, I. M. (2022). Analisis Kerentanan Website SMP Negeri 3 Semarapura Menggunakan Metode Pengujian Rate Limiting dan OWASP. INSERT: Information System and Emerging Technology Journal, 2(2), 106–112. https://doi.org/10.23887/insert.v2i2.42936
Edy Listartha, I. M., Premana Mitha, I. M. A., Aditya Arta, M. W., & Yuda Arimika, I. Km. W. (2022). Analisis Kerentanan Website SMA Negeri 2 Amlapura Menggunakan Metode OWASP (Open Web Application Security Project). SIMKOM, 7(1), 23–27. https://doi.org/10.51717/simkom.v7i1.63
Eko setiawan, & Fachri, F. (2025). Pengujian dan Mitigasi Kerentanan Website Sistem Informasi Akademik Universitas Ma’arif Nahdlatul Ulama Kebumen dengan OWASP ZAP. Cyber Security dan Forensik Digital, 8(1), 25–33. https://doi.org/10.14421/csecurity.2025.8.1.5190
Fandier Saragih, N., Reinhard Tamalawe, & Indra M Sarkis. (2023). Analisis dan Implementasi Secure Code Pada Pengembangan Sistem Keamanan Website Fikom-Methodist.Com Menggunakan Penetration Testing dan Owasp Zap. Jurnal TIMES, 12(1), 28–39. https://doi.org/10.51351/jtm.12.1.2023690
Hermanto, H., & Haeruddin, H. (2022). Peningkatan Sistem Keamanan Website Menggunakan Metode OWASP. Jurnal Ilmu Komputer dan Bisnis, 13(1), 94–104. https://doi.org/10.47927/jikb.v13i1.277
Hidayatulloh, S., & Saptadiaji, D. (2021). Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP). Jurnal Algoritma, 18(1), 77–86. https://doi.org/10.33364/algoritma/v.18-1.827
Imtias, M. B., Umam, K., Mustofa, H., & Subowo, M. H. (2025). Comparative Analysis of Penetration Testing Frameworks: OWASP, PTES, and NIST SP 800-115 for Detecting Web Application Vulnerabilities. Journal of Applied Informatics and Computing, 9(6), 3689–3696. https://doi.org/10.30871/jaic.v9i6.9846
Izumi, A. C., & Widiasari, I. R. (2022). “Siasat” UKSW (Universitas Kristen Satya Wacana) Website Security Analysis Using Owasp (Open Web Application Security Project). Jurnal Teknik Informatika (JUTIF), 3(3), 763–770. https://doi.org/https://doi.org/10.20884/1.jutif.2022.3.3.X
Li, J., & Li, H. (2025). Evolution of Application Security based on OWASP Top 10 and CWE/SANS Top 25 with Predictions for the 2025 OWASP Top 10. 2025 International Conference on Inventive Computation Technologies (ICICT), 1178–1183. https://doi.org/10.1109/ICICT64420.2025.11004742
Muhammad Amirul Mu’min, Yana Safitri, Galih Pramuja Inngam Fanani, Setiawan Ardi Wijaya, & Novi Tristanti. (2025). Security Analysis of XYZ Website Using OWASP Zap Tools. Journix: Journal of Informatics and Computing, 1(1), 10–20. https://doi.org/10.63866/journix.v1i1.1
Muttaqin, M. F., Ferdiansyah, D., Majapahit, S. A., & Rijayanti, R. (2025). Analisis Keamanan Fitur Login Aplikasi: Studi Kasus Sistem Manajemen Mutu Sekolah OWASP Top 10 dengan OWASP ZAP. Pasinformatik, 4(2).
Ni’am, M. F. K., & Tulodo, R. P. (2025). Analisis Kerentanan Website Menggunakan Metode Penetration Testing Dengan Standar Keamanan OWASP Top 10:2021 Studi Kasus Website Sistem Informasi Manajemen Laboratorium Dinas Kesehatan Kabupaten Tegal. Jurnal Rekayasa Teknik dan Ilmu Komputer (Jurektik), 6(2), 762–773.
Nurelasari, E., Gumilang, D., & Farabi, A. (2024). Analisis Keamanan Sistem Website Menggunakan Metode Open Web Application Security Project (Owasp) pada Simantep.Id. JATI (Jurnal Mahasiswa Teknik Informatika), 8(3), 3049–3054.
Pahlawansah, H., Basmar, Muh. F., & Yusuf, M. (2025). Analisis Kerentanan Website SMK Muhammadiyah 2 Bontoala Makassar Menggunakan Metode OWASP (Open Web Application Security Project). BIOS: Jurnal Teknologi Informasi dan Rekayasa Komputer, 6(2), 92–100. https://doi.org/10.37148/bios.v6i2.180
Putra, F. P. E., Ubaidi, U., Hamzah, A., Pramadi, W. A., & Nuraini, A. (2024). Systematic Literature Review: Security Gap Detection on Websites Using Owasp Zap. Brilliance: Research of Artificial Intelligence, 4(1), 348–355. https://doi.org/10.47709/brilliance.v4i1.4227
Putri, V. R., Sobandi, A., & Santoso, B. (2025). Analysis of Information System Security Using OWASP ZAP on a Web-Based Electronic Archiving System. Telematika, 22(3), 28–42. https://doi.org/10.31315/telematika.v22i3.14241
Ramadhan, M. F. A., & Ilmananda, A. S. (2024). Analisis Ancaman Keamanan Pada Sistem Informasi Akademik Kampus Menggunakan Metode Owasp Zap. JATI (Jurnal Mahasiswa Teknik Informatika), 8(4), 7985–7991.
Rofiq, F. A., Mahbubi, M., Kalokajaya, D. A., Yunus, A. F., Permana, R. S., Taufiq, A. M., Prismana, I. G. L. P. E., & Habibi, M. W. (2025). Pengujian Kerentanan dan Mitigasi Website SIAKAD Fakultas Kedokteran UNESA dengan OWASP ZAP. RIGGS: Journal of Artificial Intelligence and Digital Business, 4(4), 2671–2679. https://doi.org/10.31004/riggs.v4i4.3686
Umar, R., Riadi, I., & Elfatiha, M. I. A. (2024). Security analysis of web-based academic information system using owasp framework. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 4(3), 277-288. https://doi.org/10.22219/kinetik.v9i4.2015
Yudiana, Y., Elanda, A., & Buana, R. L. (2021). Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIK Rosma Dengan Menggunakan OWASP Top 10. CESS (Journal of Computer Engineering, System and Science), 6(2), 185. https://doi.org/10.24114/cess.v6i2.24777
Copyright (c) 2026 AKSELERASI: Jurnal Ilmiah Nasional

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.




1.png)



1.png)