RENOVACTION WEBSITE VULNERABILITY ANALYSIS USING A SERIES OF PROJECT SECURITY TOOLS BASED ON THE OWASP FRAMEWORK
Main Article Content
Abstract
The purpose of this research is to analyze website vulnerabilities to avoid cyber attacks, especially on cross site scripting &sql injection types by applying OWASP Top 10 2017 rules to find security gaps by performing automated scans using ajax spiders after which active scans and manual scans use fuzzer to perform more specific exposures to cross-site scripting (XSS) and SQL injection types. After testing the web RenovAction vulnerabilities found Cross-Domain Misconfiguration, Secure Pages Include Mixed Content,
X-Frame-Options Header Not Set, Absence of Anti-CSRF Tokens, Cookie No HttpOnly Flag,
Cross-Domain JavaScript Source File Inclusion, Incomplete or No Cache-control Header Set, X-Content-Type-Options Header Missing, Charset Mismatch, dan Information Disclosure - Suspicious Comments, Timestamp Disclosure – Unix., in addition to getting vulnerabilities in the RenovAction web, the author also provided a solution to overcome vulnerabilities in the RenovAction web based on the Zed Attack Proxy (ZAP) tool.