Vol. 5 No. 2 (2025): Multidiciplinary Output Research For Actual and International Issue
Open Access
Peer Reviewed

SECURITY ANALYSIS OF A WEB-BASED ACADEMIC INFORMATION SYSTEM AT XYZ UNIVERSITY USING VULNERABILITY ASSESSMENT TECHNIQUES

Authors

Imun Faizal , Khairunnisak Nur Isnaini , Mohammad Imron

DOI:

10.54443/morfai.v5i2.3791

Published:

2025-08-09

Downloads

PDF

Abstract

This study aims to evaluate the security of a web-based academic information system at XYZ University using vulnerability assessment techniques. The system plays a vital role in supporting academic and administrative processes but stores sensitive data that makes it vulnerable to cyber threats. The research method consists of four main stages: defining the assessment scope, conducting vulnerability scanning using OWASP ZAP, analyzing the identified vulnerabilities based on type and severity using the OWASP Top Ten standard, and reporting the findings along with mitigation recommendations. The scanning results revealed 14 types of vulnerabilities, including the absence of anti-CSRF tokens, misconfigured security headers, and the use of outdated or vulnerable JavaScript libraries. Although no critical vulnerabilities were found, the identified issues still pose significant risks if left unaddressed. This study highlights the importance of regular security audits and the implementation of standardized web security practices. The proposed mitigation strategies are expected to enhance the overall cybersecurity posture of academic information systems and serve as a reference for developing more robust information security policies in higher education institutions.

Keywords:

cybersecurity vulnerability assessment academic information system OWASP ZAP web application security

References

Ariyadi, T., Widodo, T. L., Apriyanti, N., & Kirana, F. S. (2023). Analisis Kerentanan Keamanan Sistem Informasi Akademik Universitas Bina Darma Menggunakan OWASP. Techno.Com, 22(2), 418–429. https://doi.org/10.33633/tc.v22i2.7562

Budiyanto, D., & Mabruri, M. (2025). Pentingnya Keamanan Siber dalam Era Digital: Tinjauan Global dan Kondisi di Indonesia. Prosiding Seminar Nasional Sains Dan Teknologi Seri III Fakultas Sains Dan Teknologi, Universitas Terbuka, 2(1), 981–994.

Dellia, P., Hasan, M. A., Buana, D. S., Sari, D., & Savitri, C. (2025). Analisis Kepuasan Pengguna Siakad Menggunakan Metode Sus. Jurnal Ilmiah Teknik Dan Ilmu Komputer, 4(2), 92–101.

Ending Narhudin, D., Irawan, B., & Bahtiar, A. (2024). Evaluasi Keamanan Website Menggunakan Metode Owasp: Penilaian Terhadap Serangan Injeksi Sql Dan Cross-Site Scripting (Xss). JATI (Jurnal Mahasiswa Teknik Informatika), 8(1), 675–680. https://doi.org/10.36040/jati.v8i1.8700

Hamidy, F., & Yasin, I. (2024). Penerapan Metode Moving Average Dalam Penentuan Harga Pokok Penjualan Barang Berbasis Web. CHAIN: Journal of Computer Technology, Computer Engineering, and Informatics, 2(2), 67–76. https://doi.org/10.58602/chain.v2i2.115

Hasibuan, A. F., & Handoko, D. (2023). Analisis Keretanan Website Dengan Aplikasi Owasp Zap. Jurnal Ilmu Komputer Dan Sistem Informasi, 2(2), 257–270.

Marpaung, J. N. (2025). Cyber Security in Indonesian Higher Education Institutions: Lessons Learned from Recent Cyber Attacks. Jurasik (Jurnal Riset Sistem Informasi Dan Teknik Informatika), 10(1), 343. https://doi.org/10.30645/jurasik.v10i1.876

Melani, C. (2023). Pengembangan Sistem Informasi Akademik Berbasis Web untuk Manajemen Data Mahasiswa, Dosen, dan Jadwal Kuliah di Perguruan Tinggi. Teknologi Informasi, 3(4), 1–19. http://www.portaldata.org/index.php/cyberarea/article/view/396%0Ahttp://www.portaldata.org/index.php/cyberarea/article/download/396/384

Mustofa, P. Z., Sumaryana, Y., & Ruuhwan, R. (2025). Penetration Testing Pada Domain xyz.ac.id Menggunakan OWASP 10. E-Jurnal JUSITI (Jurnal Sistem Informasi Dan Teknologi Informasi), 13(2), 175–182. https://doi.org/10.36774/jusiti.v13i2.1637

Pramuja Inngam Fanani, G., Muhammad Amirul Mu’min, & Tristanti, N. (2025). Analisis dan Pengujian Kerentanan Website Menggunakan OWASP ZAP. Jurnal Riset Sistem Dan Teknologi Informasi, 3(1), 36–50. https://doi.org/10.30787/restia.v3i1.1886

Rahman, R., & Fatkhur Razak, D. (2024). Pengujian Penetrasi Jaringan Menggunakan Owasp Zap Dan Sqlmap Untuk Mengidentifikasi Kerentanan Keamanan Website. Jurnal Riset Sistem Informasi (JISSI), 1(4), 11.

Saadah, ana wasilatu, Azizah, wafiq azizah, Permadani, H. indah, & Saputri, L. (2022). Implementasi Sistem Informasi Akademik (Siakad) Di Universitas Tulungagung Dalam Meningkatkan Efisiensi Dan Kualitas Pelayanan Pendidikan Ana. Implementasi Sistem Informasi Akademik (Siakad) Di Universitas Tulungagung Dalam Meningkatkan Efisiensi Dan Kualitas Pelayanan Pendidikan Ana.

Supartini, R., & Parenreng, J. M. (2023). Deteksi Serangan SQL Injection pada Website dengan Menggunakan Metode Reguler Expression. Progressive Information, Security, Computer, and Embedded System, 1(2), 107–114. https://doi.org/10.61255/pisces.v1i2.101

Syaifudin, M. R., Murtadho, M. A., Wafa, M. S., & Masrur, M. (2025). KOMPUTA : Jurnal Ilmiah Komputer dan Informatika Analisis Keamanan Website Kampus UNIPDU Melalui Metode Vulnerability Assessment ( VA ) dengan Menggunakan Tools Acunetix UNIPDU Campus Website Security Analysis Through Vulnerability Assessment ( VA ) Metho. 14(1), 7–12. https://doi.org/10.34010/komputa.v14i1.

Zulfa, A. A., Ibrahim, T., & Arifudin, O. (2025). Peran Sistem Informasi Akademik Berbasis Web Dalam Upaya Meningkatkan Efektivitas Dan Efisiensi Pengelolaan Akademik Di Perguruan Tinggi. Jurnal Tahsinia, 6(1), 115–134.

Author Biographies

Imun Faizal, Amikom Purwokerto University

Author Origin : Indonesia

Khairunnisak Nur Isnaini, Amikom Purwokerto University

Author Origin : Indonesia

Mohammad Imron, Amikom Purwokerto University

Author Origin : Indonesia

License

Copyright (c) 2025 Imun Faizal, Khairunnisak Nur Isnaini, Mohammad Imron

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Downloads

Download data is not yet available.

How to Cite

Faizal, I., Nur Isnaini, K., & Imron, M. . (2025). SECURITY ANALYSIS OF A WEB-BASED ACADEMIC INFORMATION SYSTEM AT XYZ UNIVERSITY USING VULNERABILITY ASSESSMENT TECHNIQUES. Multidiciplinary Output Research For Actual and International Issue (MORFAI), 5(2), 3815–3821. https://doi.org/10.54443/morfai.v5i2.3791
Crossref
Scopus
Google Scholar
Europe PMC

Similar Articles

<< < 38 39 40 41 42 43 44 45 46 47 > >> 

You may also start an advanced similarity search for this article.