ANALISIS KERENTANAN KEAMANAN APLIKASI KATALOG LAYANAN ELEKTRONIK MENGGUNAKAN FRAMEWORK OWASP 2021

Authors

  • Winda Mayasari Universitas Gunadarma
  • Edi Sukirman Universitas Gunadarma
  • Hustinawaty Hustinawaty Universitas Gunadarma

DOI:

https://doi.org/10.31539/td7rad70

Abstract

Serangan ransomware dan kebocoran data aplikasi berbasis web marak terjadi saat ini sebagaimana yang terjadi pada bank Syariah Indonesia dan Aplikasi e-commerce. Hal ini terjadi karena aplikasi berbasis web dibangun tanpa adanya sistem keamanan yang memadai. Aplikasi Katalog Layanan Elektronik merupakan aplikasi berbasis web untuk memberikan layanan secara elektronik kepada stakeholder. Penelitian analisis kerentanan keamanan aplikasi berbasis web bertujuan untuk menemukan kerentanan pada Aplikasi Katalog Layanan Elektronik menggunakan framework OWASP (Open Web Application Security Project) 2021 sebelum ditemukan oleh pihak yang tidak berwenang. Hasil analisis kerentanan, ditemukan tiga kerentanan pada Aplikasi Katalog Layanan Elektronik yaitu broken access control, insecure design dan secutiry misconfiguration. Peneliti memberikan rekomendasi teknis untuk mengantisipasi 3 kerentanan tersebut untuk memperkuat Aplikasi Katalog Layanan Elektronik. Penelitian ini diharapkan dapat memberi kontribusi yang nyata dalam memperkuat aplikasi berbasis web.

Kata Kunci: OWASP, Kerentanan, Aplikasi, Keamanan

Ransomware attacks and data leaks in web-based applications are currently rampant, as has been the case with Indonesian Islamic banks and e-commerce applications. This occurs because web-based applications are built without adequate security systems. The Electronic Service Catalog Application is a web-based application designed to provide electronic services to stakeholders. This web-based application security vulnerability analysis study aims to identify vulnerabilities in the Electronic Service Catalog Application using the OWASP (Open Web Application Security Project) 2021 framework before they are discovered by unauthorized parties. The vulnerability analysis revealed three vulnerabilities in the Electronic Service Catalog Application: broken access control, insecure design, and security misconfiguration. The researchers provide technical recommendations to address these three vulnerabilities and strengthen the Electronic Service Catalog Application. This research is expected to make a significant contribution to strengthening web-based applications.

Keywords: OWASP, Vulnerability, Application, Security

References

M. I. A. Elfatiha, I. R. Riadi, and R. U. Umar (2024), Security Analysis of Web-Based Academic Information System using OWASP Framework, Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 9 (4): 353-366.

D. F. Priambodo, A. D. Rifansyah, and M. Hasbi (2023), Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating, Teknika, 12 (1): 33-46.

C. P. Flores and R. N. Monreal (2024), Evaluation of Common Security Vulnerabilities of State Universities and Colleges Websites Based on OWASP, J. Electrical Systems, 20-5s: 1396-1404.

E. F. Mangaoang and R. N. Monreal (2024), Common Vulnerabilities and Exposures Assessment of Private Higher Educational Institutions Using Web Application Security, J. Electrical Systems, 20-5s: 668-676.

A. Gustiyono, E. I. Alwi, and S. M. Abdullah (2024), Analisa Kerentanan Website Terhadap Serangan Cross-Site Scripting (XSS) Metode Penetration Testing, CyberSecurity dan Forensik Digital, 7 (1): 25-33.

K. Isnaini, M. H. Asyari, S. F. Amrillah, and D. Suhartono (2024), Vulnerability Assessment and Penetration Testing on Student Service Center System, ILKOM Jurnal Ilmiah, 16 (2): 161-171.

Ika Meilina and G. R. Fernandes (2023), Anticipate Password Security with Burp Suite Using the Brute Force Attack Method, Jurnal E-Komtek, 7 (1): 118–127.

G. R. Fernandes and Ika Meilina (2024), Website Penetration Testing With SQL Injection Technique Using SQLMAP on Termux, Jurnal E-Komtek, 8 (2): 286-293.

Md. A. Masum, Md. R. Istiak Sachcha, and A. Nayem (2022), Security Analysis of Government & Financial Websites of Bangladesh, I.J. Education and Management Engineering, 12 (2): 21-29.

Ilham F. A., Leonard R. A., Nazla A. W., Siraz T. D. (2023), Analisis Celah Keamanan dan Mitigasi Website E-Learning ITERA Menggunakan OWASP Zed Attack Proxy (ZAP), Dinamika Rekayasa, 19 (1): 29-35.

Saerozi A. N. dan Tri Rochmadi (2024), Analisis Keamanan Sistem Informasi Pusaka Magelang Menggunakan Open Web Application Security Porject (OEASP) dan Information Systems Security Assessment Framework (ISSAF), VyberSecurity dan Forensik Digital, 7 (1): 56-61.

Ferzha P. U., dan R. M. Hilmi N. (2024), Uncovering the Risk of Academic Information System Vulnerability through PTES and OWASP Method, CommIT Journal 18 (1): 39-51.

Sabariman, Haeruddin, dan Deven Lee (2023), Analisis Kerentanan Aplikasi Akademik Berbasis Website XYZ Menggunakan OWASP, Jurnal Khatullistiwa Informatika, 11 (2): 92-102.

Agiska R. S., Imam A., Septafiansyah D. P., dan Eko S. (2024), Analisis Kerentanan Aplikasi Web E-commerce Berdasarkan Standar OWASP Top 10: Studi Kasus pada Situs Kopi Lampung Nusantara, EXPERT, 14 (2): 95-102.

Tamsir A., Hidayatul F., Taufik A., dan M. Bimo Prihandoko (2025), Implementasi OWASP untuk Analisis Kerentanan dan Keamanan pada Sistem Informasi Akademik Terintegrasi Universitas Bina Darma, STOARGE, 4 (1): 1-7.

Website

“Home - OWASP Top 10:2021” diakses pada 24 Agustus 2025, pukul 10.00 dari https://owasp.org/Top10/id/

Downloads

Published

2026-05-26

Issue

Vol. 9 No. 2 (2026): INTECOMS: Journal of Information Technology and Computer Science

Section

Articles

License

Copyright (c) 2026 Winda Mayasari, Edi Sukirman, Hustinawaty Hustinawaty

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.