Vulnerability Assessment Strategy Using OWASP ZAP to Support Digital Transformation in Education

Penulis

  • Muhammad Hafied Hermawan STKIP PGRI Situbondo
  • Firman Jaya STKIP PGRI Situbondo
  • Rahmat Shofan Razaqi STKIP PGRI Situbondo

DOI:

https://doi.org/10.33050/tmj.v11i1.2645

Kata Kunci:

OWASP ZAP, Digital Transformation, Security, Configuration, Data Protection

Abstrak

School websites function as public educational service platforms that must ensure the confidentiality, integrity, and availability of information. This study evaluates the security of the SMK Negeri 2 Situbondo website using OWASP ZAP as a Dynamic Application Security Testing tool within the public-access scope. The novelty of this research lies in the cross-comparison of three school websites within the same region, the mapping of findings to OWASP A05 Security Misconfiguration, and the integration of the results with educational digital transformation governance, data protection policies, and Sustainable Development Goals. The scanning results of the primary website identified 26 alert types, consisting of 0 High, 12 Medium, 7 Low, and 7 Informational findings. The dominant vulnerabilities were related to weaknesses in Content Security Policy, HTTP security header configuration, cookie controls, and third-party resource governance. The comparison websites exhibited similar vulnerability patterns, although with different quantities and severity levels. Priority recommendations include hardening Content Security Policy, HSTS, anti-clickjacking mechanisms, X-Content-Type-Options, cookie attributes, anti-CSRF tokens, and Subresource Integrity implementation. These findings provide an operational baseline for school administrators to strengthen the security of digital education services gradually and systematically.

Biografi Penulis

  • Muhammad Hafied Hermawan, STKIP PGRI Situbondo

    Department of Information Technology Education

  • Firman Jaya, STKIP PGRI Situbondo

    Department of Information Technology Education

  • Rahmat Shofan Razaqi, STKIP PGRI Situbondo

    Department of Information Technology Education

Referensi

1] S. A. Purnama, “Analisis vulnerability assessment sistem informasi pendidikan, pelatihan pt azure samudera karsa menggunakan zap,” BETRIK, vol. 16, no. 02, pp. 240–251, 2025.

[2] R. A. R. B. Firdaus and T. I. Widyawan, “Pengujian kerentanan website menggunakan metode penetration testing dengan owasp (studi kasus: Pemerintah kabupaten semarang),” Cyber Security dan Forensik Digital, vol. 8, no. 2, pp. 114–123, 2025.

[3] S. N. Pattikawa and G. Hasan, “Pengaruh kepercayaan dan minat repurchase terhadap perilaku konsumen dalam berbelanja di e-commerce kota batam,” Technomedia Journal, vol. 8, no. 1 Juni, pp. 52–66, 2023.

[4] D. E. Narhudin, B. Irawan, and A. Bahtiar, “Evaluasi keamanan website menggunakan metode owasp: Penilaian terhadap serangan injeksi sql dan cross-site scripting (xss),” JATI (Jurnal Mahasiswa Teknik Informatika), vol. 8, no. 1, pp. 675–680, 2024.

[5] J. I. N. S. Marbun, C. Trinata, and M. Rosmaya, “Kajian literatur analisis keamanan website,” JATI (Jurnal Mahasiswa Teknik Informatika), vol. 9, no. 3, pp. 4474–4480, 2025.

[6] T. Hidayat, D. Manongga, Y. Nataliani, S. Wijono, S. Y. Prasetyo, E. Maria, U. Raharja, I. Sembiring et al., “Performance prediction using cross validation (gridsearchcv) for stunting prevalence,” in 2024 IEEE International Conference on Artificial Intelligence and Mechatronics Systems (AIMS). IEEE, 2024, pp. 1–6.

[7] D. Irawan, A. D. Ruliyanti, M. F. Zulfikar, M. Z. Fu’adhi, M. F. Rozi, M. Kholifah, and I. Thoib, “Functional testing of nganjuk runners website using black box testing method,” Jurnal Ilmiah Sistem Informasi, vol. 4, no. 3, pp. 959–972, 2025.

[8] H. Hermanto and H. Haeruddin, “Peningkatan sistem keamanan website menggunakan metode owasp,” Jurnal Ilmu Komputer dan Bisnis, vol. 13, no. 1, pp. 94–104, 2022.

[9] U. Rahardja, I. D. Hapsari, P. H. Putra, and A. N. Hidayanto, “Technological readiness and its impact on mobile payment usage: A case study of go-pay,” Cogent Engineering, vol. 10, no. 1, p. 2171566, 2023.

[10] G. P. I. Fanani, M. A. Mu’min, and N. Tristanti, “Analisis dan pengujian kerentanan website menggunakan owasp zap,” Jurnal Riset Sistem dan Teknologi Informasi, vol. 3, no. 1, pp. 36–50, 2025.

[11] D. Y. Prapaskia and C. Umam, “Analisis keamanan website upt rsud raa soewondo pati berdasarkan hasil penetration testing menggunakan owasp,” Jurnal Algoritma, vol. 23, no. 1, pp. 1042–1050, 2026.

[12] N. N. Rafiana, “Technopreneurship strategy to grow entrepreneurship career options for students in higher education,” ADI Journal on Recent Innovation, vol. 5, no. 2, pp. 110–126, 2024.

[13] N. Herawati, V. Budiyanto et al., “Analisis keamanan sebuah domain menggunakan open web application security project (owasp) zap,” Jurnal Teknologi Technoscientia, pp. 27–36, 2023.

[14] M. Alzril, M. I. Yamin, H. Effendi, M. Febriansyah et al., “Analisis keamanan situs web rumah sakit menggunakan metode penetration testing owasp,” SAINSTECH: JURNAL PENELITIAN DAN PENGKAJIAN SAINS DAN TEKNOLOGI, vol. 35, no. 2, pp. 99–100, 2025.

[15] A. Iriani, Q. Aini, E. Maria, A. Khoirunisa, and N. Septiani, “Kekuatan pendorong utama di balik adopsi pemasaran digital oleh startup,” ADI Bisnis Digital Interdisiplin Jurnal, vol. 3, no. 2, pp. 150–156, 2022.

[16] A. S. Gupta and A. Chakraborty, “Impact of digital education on attainment of sdg 4,” J. Inform. Educ. Res, vol. 5, pp. 1–15, 2025.

[17] A. Dudhat and V. Agarwal, “Indonesia’s digital economy’s development,” IAIC Transactions on Sustainable Digital Innovation (ITSDI), vol. 4, no. 2, pp. 109–118, 2023.

[18] A. R. Saputra, B. I. Aditya, N. T. Sunggono, and M. B. Ryando, “Analisis keamanan website global academic information system menggunakan owasp zap dan model ai lokal,” Jurnal Teknologi Informasi dan Multimedia, vol. 7, no. 3, pp. 490–503, 2025.

[19] A. Pambudi, N. Lutfiani, M. Hardini, A. R. A. Zahra, and U. Rahardja, “The digital revolution of startup matchmaking: Ai and computer science synergies,” in 2023 Eighth International Conference on Informatics and Computing (ICIC). IEEE, 2023, pp. 1–6.

[20] H. Rodiansyah and H. F. Muttaqin, “Studi analisis celah keamanan website spin laboratorium kalibrasi menggunakan metode pemindaian owasp zap, burp suite, dan nessus.” Journal of Syntax Literate, vol. 10, no. 7, 2025.

[21] C. Sriliasta and D. S. S. Wuisan, “Stepping forward: Enhancing cognitive learning outcomes through hybrid rccr-based learning on circulatory system material,” International Transactions on Artificial Intelligence, vol. 2, no. 1, pp. 49–59, 2023.

[22] G. Dede, A. M. Petsa, S. Kavalaris, E. Serrelis, S. Evangelatos, I. Oikonomidis, and T. Kamalakis, “Cybersecurity as a contributor toward resilient internet of things (iot) infrastructure and sustainable economic growth,” Information, vol. 15, no. 12, p. 798, 2024.

[23] I. Alvarez-Icaza and O. Huerta, “Augmented intelligence for open education: Bridging the digital gap with inclusive design methods,” in Frontiers in Education, vol. 9. Frontiers Media SA, 2024, p. 1337932.

[24] J. B. Hendrawidjaja, B. W. Soetjipto, R. D. Kusumastuti, and O. Jayanagara, “Ecosystem exchange, strategic capabilities, and firm performance with agility and innovation mediators,” Aptisi Transactions on Technopreneurship (ATT), vol. 8, no. 1, pp. 226–238, 2026.

[25] M. A. Mu’min, A. Fadlil, and I. Riadi, “Analisis keamanan sistem informasi akademik menggunakan open web application security project framework,” J. Media Inform. Budidarma, vol. 6, no. 3, p. 1468, 2022.

[26] C. J. P. Abuda and C. E. Dumdumaya, “A multi-vector framework for injection attack detection using nlp lexical–semantic fusion with reinforcement learning dqn–based calibration.” International Journal of Advanced Computer Science & Applications, vol. 17, no. 3, p. 957, 2026.

[27] Y. H. Dulanlebit, H. Hernani, L. Liliasari, M. B. Amran, and G. A. Pangilinan, “Technopreneurship and market feasibility of modified carrageenan hydrogel for industrial heavy metal remediation,” Aptisi Transactions on Technopreneurship (ATT), vol. 8, no. 1, pp. 199–210, 2026.

[28] A. F. Hasibuan, D. Handoko et al., “Analisis keretanan website dengan aplikasi owasp zap,” Jurnal Ilmu Komputer dan Sistem Informasi, vol. 2, no. 2, pp. 141–154, 2023.

[29] F. A. Hassanaha, E. Ryansyaha, F. M. Setiawana, R. Alamsyaha, A. Susilo, and Y. Irawana, “Analisis kerentanan keamanan menggunakan owasp zap dan pengujian manual pada tampilan antarmuka laman pddikti,” Jurnal Elektronik Ilmu Komputer Udayana p-ISSN, vol. 2301, p. 5373, 2025.

[30] M. Pereira, I. Guvlor et al., “Implementation of artificial intelligence framework to enhance human resources competency in indonesia,” International Journal of Cyber and IT Service Management, vol. 4, no. 1, pp. 64–70, 2024.

[31] Kasmawi, N. Hidayasari, and Mansur, “Vulnerability analysis using owasp zap on higher education websites,” in AIP Conference Proceedings, vol. 2665, no. 1. AIP Publishing LLC, 2023, p. 030015.

[32] D. Monika, M. Magta, D. E. Rose et al., “Peran program kelas dalam membina literasi sains pada anak usia dini,” Jurnal MENTARI: Manajemen, Pendidikan dan Teknologi Informasi, vol. 2, no. 2, pp. 176-187, 2024.

[33] M. W. S. Utomo, “Vulnerability assessment web instansi a menggunakan owasp zap, nmap, dan analisis konfigurasi ssl/tls,” in Prosiding Seminar Nasional Informatika Bela Negara (SANTIKA), vol. 5, no. 2, 2025, pp. 80–85.

[34] E. Sana, A. Fitriani, D. Soetarno, M. Yusuf et al., “Analysis of user perceptions on interactive learning platforms based on artificial intelligence,” CORISINTA, vol. 1, no. 1, pp. 26–32, 2024.

[35] H. Pahlawansah, M. F. Basmar, and M. Yusuf, “Analisis kerentanan website smk muhammadiyah 2 bontoala makassar menggunakan metode owasp (open web application security project),” BIOS: Jurnal Teknologi Informasi dan Rekayasa Komputer, vol. 6, no. 2, pp. 92–100, 2025.

[36] S. Suryanto, A. A. A. Zawawi, and M. Morales, “Optimalisasi media sosial sebagai sarana peningkatan keterlibatan sosial umat islam: Optimizing social media as a means of increasing social involvement of muslims,” Alfabet Jurnal Wawasan Agama Risalah Islamiah, Teknologi dan Sosial, vol. 2, no. 1, pp. 97–106, 2025.

[37] D. Sigalov and D. Gamayunov, “Dead or alive: Discovering server http endpoints in both reachable and dead client-side code,” Journal of Information Security and Applications, vol. 82, p. 103746, 2024.

[38] A. P. N. Sihombing, A. Prabowo, I. D. Id, and T. Melia, “Analisis kerentanan keamanan pada sistem informasi akademik berbasis web menggunakan owasp-zap,” INFOTECH: Jurnal Informatika & Teknologi, vol. 7, no. 1, pp. 150–158, 2026.

[39] H. Tahalli, R. Albar, M. D. Payana, and M. B. Wibawa, “Pengujian keamanan website terhadap serangan deface dan redirect injection melalui simulasi dengan owasp zap (studi kasus: Website universitas ubudiyah indonesia),” JOURNAL OF INFORMATICS AND COMPUTER SCIENCE, vol. 11, no. 2, pp. 104–111, 2025.

[40] N. H. Farhansyah and H. Fabroyir, “Entrepreneurial applications of augmented reality in product placement on shelves,” Aptisi Transactions on Technopreneurship (ATT), vol. 8, no. 1, pp. 185–198, 2026.

[41] Bid TIK Polda Kepulauan Riau. (2026, Apr.) Teknik keamanan aplikasi web dengan owasp. Bidang Teknologi Informasi dan Komunikasi Polda Kepulauan Riau. [Online]. Available: https://bidtik.kepri.polri.go.id/teknik-keamanan-aplikasi-web-dengan-owasp/

[42] R. Indrawan, A. Ratih, H. Agustian, and R. Evans, “Governance models for blockchain integrated iot ecosystems,” Blockchain Frontier Technology, vol. 5, no. 2, pp. 219–229, 2026.

[43] A. W. Kuncoro, S. Fayruz Rahma, and M. ENG, “Analisis metode open web application security project (owasp) pada pengujian keamanan website: Literature review,” Automata, vol. 3, no. 1, 2022.

[44] G. Kydyrbayeva, D. Makhmetova, G. Kulzhanbekova, R. Anayatova, A. Otetileuova, and Z. Tashenova, “The initial state of educating future primary school teachers in a multilingual context,” Aptisi Transactions on Technopreneurship (ATT), vol. 8, no. 1, pp. 152–165, 2026.

[45] A. Hannousse, S. Yahiouche, and M. C. Nait-Hamoud, “Twenty-two years since revealing cross-site scripting attacks: A systematic mapping and a comprehensive survey,” Computer Science Review, vol. 52, p. 100634, 2024.

[46] I. Sembiring, B. K. Aji, and T. I. Bayu, “Consortium blockchain framework for secure digital medical record innovation,” Aptisi Transactions on Technopreneurship (ATT), vol. 8, no. 1, pp. 138–151, 2026.

[47] T. Ariyadi, H. Fadli, T. Akbar, and M. B. Prihandoko, “Implementasi owasp untuk analisis kerentanan dan keamanan pada sistem informasi akademik terintegrasi universitas bina darma,” STORAGE: Jurnal

Ilmiah Teknik dan Ilmu Komputer, vol. 4, no. 1, pp. 1–7, 2025.

[48] Y. Vidhiastutik, “Pengaruh pola diet dash terhadap tekanan darah pada penderita hipertensi: Literature review the effect of the dash diet on blood pressure in hypertension patients,” Well Being, vol. 8, no. 2, pp. 159–169, 2023.

[49] S. S. Mahmood, “Sql injection detection using machine learning and explainability,” Journal of Internet Services and Information Security, vol. 15, no. 2, pp. 309–324, 2025.

[50] D. Hariyani, P. Hariyani, and S. Mishra, “Digital technologies for the sustainable development goals,” Green Technologies and Sustainability, vol. 3, no. 3, p. 100202, 2025.

Unduhan

Diterbitkan

2026-06-24

Terbitan

Bagian

Artikel

Cara Mengutip

Vulnerability Assessment Strategy Using OWASP ZAP to Support Digital Transformation in Education. (2026). Technomedia Journal, 11(1), 12-22. https://doi.org/10.33050/tmj.v11i1.2645