Analisis Keamanan Website Global Academic Information System menggunakan OWASP ZAP dan Model AI Lokal

Authors

  • Asep Rio Saputra Program Studi Teknik Informatika, Institut Teknologi dan Bisnis Bina Sarana Global
  • Bayu Irfan Aditya Program Studi Teknik Informatika, Institut Teknologi dan Bisnis Bina Sarana Global
  • Nova Teguh Sunggono Program Studi Teknik Informatika, Institut Teknologi dan Bisnis Bina Sarana Global
  • M. Bucci Ryando Program Studi Teknik Informatika, Institut Teknologi dan Bisnis Bina Sarana Global

DOI:

https://doi.org/10.35746/jtim.v7i3.759

Keywords:

OWASP ZAP, Website Security, Local Artificial Intelegence, Mistral, Ollama

Abstract

Academic websites serve as central platforms for managing higher education services, including academic records, financial data, and institutional communication. However, such systems are increasingly vulnerable to cyberattacks due to their internet exposure and insufficient protection against security flaws. This study proposes an integrated solution that combines automated scanning with OWASP ZAP and a local artificial intelligence model (Mistral) executed via the Ollama platform. The entire process is automated using Python scripting, covering stages such as spidering, active scanning, JSON result extraction, and AI-based mitigation recommendation generation. The research was conducted on the Global Academic Information System website. The scan results revealed a total of 193 vulnerabilities, including 4 high, 8 medium, 111 low, and 70 informational risks. Each vulnerability was analyzed using the local AI model to produce specific technical recommendations, such as adding security headers, implementing CSRF tokens, and configuring secure cookies. All outputs were automatically compiled into a structured Excel report suitable for developers. This approach proves effective in streamlining the security audit process, reducing manual workload, and preserving data privacy, as all operations are conducted locally without reliance on cloud services. The study demonstrates that integrating OWASP methods with local AI provides a practical, adaptive, and standalone solution for web application security testing.

Downloads

Download data is not yet available.

References

E. Rohyadi and C. Atikah, “Peran Penting Teknologi Informasi dan Komunikasi (TIK) Dalam Pendidikan,” Pendas J. Ilm. Pendidik. Dasar, vol. 09, no. 04, pp. 752–764, 2024, https://journal.unpas.ac.id/index.php/pendas/article/view/18942.

N. S. Nasabiyah et al., “Peran Teknologi dan Komunikasi (TIK) dalam Proses Pembelajaran di MA Miftahul Ulum Kedungpanji,” J. Dewantara, vol. 3, no. 3, pp. 195–208, 2022, https://doi.org/10.30640/dewantara.v3i3.2720.

A. W. Kuncoro and F. Rahma, “Analisis Metode Open Web Application Security Project (OWASP) pada Pengujian Keamanan Website: Literature Review,” Automata, vol. 3, no. 1, pp. 1–5, 2021, https://journal.uii.ac.id/AUTOMATA/article/view/21893

N. Herawati, V. Budiyanto, and Uminingsih, “ANALISIS KEAMANAN SEBUAH DOMAIN MENGGUNAKAN OPEN WEB APPLICATION SECURITY PROJECT (OWASP) Zap,” J. Teknol. Technoscientia, vol. 15, no. 2, pp. 27–36, 2023, https://doi.org/10.34151/technoscientia.v15i2.4013.

A. F. Hasibuan and D. Handoko, “Analisis Keretanan Website Dengan Aplikasi Owasp Zap,” J. Ilmu Komput. dan Sist. Inf., vol. 2, no. 2, pp. 257–270, 2023, https://doi.org/10.70340/jirsi.v2i2.51.

R. Bak?r, “UniEmbed: A Novel Approach to Detect XSS and SQL Injection Attacks Leveraging Multiple Feature Fusion with Machine Learning Techniques,” Arab. J. Sci. Eng., 2025. https://doi.org/10.1007/s13369-024-09916-4.

I. Hidayatullah et al., “Analisis Performa Deteksi Penyakit Padi Dengan Model Klasifikasi Gambar Menggunakan Teachable Machine,” Acad. J. Comput. Sci. Res., vol. 7, no. 1, pp. 1–6, 2025. http://dx.doi.org/10.38101/ajcsr.v7i1.15669

M. B. Ryando, A. R. Mariana, and R. A. Hakim, “Sistem Pendukung Keputusan Pemilihan Sepeda Motor Second Terbaik di Kelas Matic 150cc Menggunakan Metode AHP dan TOPSIS,” Acad. J. Comput. Sci. Res., vol. 5, no. 1, p. 47, 2023. https://doi.org/10.38101/ajcsr.v5i1.611.

N. T. Sunggono, D. Sofia, and A. Latif, “Penjualan Sembako Berbasis Web pada Toko Metro Snack,” J. Tren Bisnis Glob., vol. 2, no. 2, p. 42, 2022. https://doi.org/10.38101/jtbg.v2i2.574.

A. Elanda and R. L. Buana, “Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review,” CESS (Journal Comput. Eng. Syst. Sci., vol. 5, no. 2, p. 185, 2020. https://doi.org/10.24114/cess.v5i2.17149.

A. Dharmawan, Y. Prihati, and H. Listijo, “Penetration testing menggunakan OWASP top 10 pada domain xyz.ac.id,” Jelc, vol. 8, no. 1, pp. 1–9, 2022. https://poltekstpaul.ac.id/jurnal/index.php/jelekn/article/view/455.

S. Sabariman, H. Haeruddin, and D. Lee, “Analisis Kerentanan Aplikasi Akademik Berbasis Website Xyz Menggunakan Owasp,” J. Khatulistiwa Inform., vol. 11, no. 2, pp. 92–102, 2024. https://doi.org/10.31294/jki.v11i2.20194.

D. Aryanti, Nurholis, and J. N. Utamajaya, “ANALISIS KERENTANAN KEAMANAN WEBSITE MENGGUNAKAN METODE OWASP (OPEN WEB APPLICATION SECURITY PROJECT) PADA DINAS TENAGA KERJA,” Syntax Fusion J. Nas. Indones., vol. 1, no. 3, pp. 238–248, 2021. https://doi.org/10.54543/fusion.v1i03.53.

F. Nisa, N. S. Nurfebruary, and M. Ikhwani, “Analisis Keamanan Sistem Informasi Website Portal Akademik Universitas Malikussaleh Menggunakan OWASP ZAP,” J. Nas. Komputasi dan Teknol. Inf., vol. 7, no. 6, pp. 2003–2013, 2024. https://doi.org/10.32672/jnkti.v7i6.8345.

I. O. Riandhanu, “Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi,” J. Inf. dan Teknol., vol. 4, no. 3, pp. 160–165, 2022. https://doi.org/10.37034/jidt.v4i3.236.

A. Zaini and R. Wijanarko, “Analisis Keamanan Website Menggunakan Standar Keamanan Open Web Application Se-curity Project (OWASP) Studi Kasus Website Penerimaan Mahasiswa Baru Universitas Wahid Hasyim Semarang,” vol. 5, no. 2, 2023.

Nurjannah and Abdul Muni, “Analisis Keamanan Website Sekolah Sman 1 Tempuling Dengan Menggunakan Open Web Application Security Project (Owasp),” J. Perangkat Lunak, vol. 6, no. 2, pp. 351–361, 2024. https://doi.org/10.32520/jupel.v6i2.3442.

S. Wibawa, “Analisis Chatbot Otomatisasi Tugas Administratif dan Manajemen Dalam Lingkungan Digital Dengan Menggunakan Python,” Insantek, vol. 4, no. 1, pp. 25–31, 2023. https://doi.org/10.31294/insantek.v4i1.2190.

G. D. Albert and A. Voutama, “PENGEMBANGAN CHATBOT BERBASIS PDF MENGGUNAKAN LOCAL RETRIEV-AL-AUGMENTED GENERATION (RAG) DAN OLLAMA,” J. Inform. dan Tek. Elektro Terap., vol. 13, no. 2, Apr. 2025. https://doi.org/10.23960/jitet.v13i2.6361.

OWASP Foundation, “OWASP Risk Rating Methodology.” Accessed: Jun. 22, 2025. [Online]. Available: https://owasp.org/www-community/OWASP_Risk_Rating_Methodology

S. A. Febriani, A. Muni, B. Rianto, M. Jalil, and Chrismondari, “Analisis Kerentanan Keamanan Sistem Informasi Akademik Menggunakan Owasp-Zap Di Universitas Islam Indragiri,” J. Sist. Inf., vol. 2, no. 6, pp. 409–420, 2024. https://jurnal.nawansa.com/index.php/teknofile/article/view/251

Downloads

Published

2025-07-05

Issue

Vol. 7 No. 3 (2025): August

Section

Articles

License

Copyright (c) 2025 Asep Rio Saputra, Bayu Irfan Aditya, Nova Teguh Sunggono, M. Bucci Ryando

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

How to Cite

[1]
A. R. Saputra, B. I. Aditya, N. T. Sunggono, and M. B. Ryando, “Analisis Keamanan Website Global Academic Information System menggunakan OWASP ZAP dan Model AI Lokal”, jtim, vol. 7, no. 3, pp. 490–503, Jul. 2025, doi: 10.35746/jtim.v7i3.759.