Nurbojatmiko, Aris Lathifah, Faaza Bil Amri, A. Rosidah
{"title":"Security Vulnerability Analysis of the Sharia Crowdfunding Website Using OWASP-ZAP","authors":"Nurbojatmiko, Aris Lathifah, Faaza Bil Amri, A. Rosidah","doi":"10.1109/CITSM56380.2022.9935837","DOIUrl":null,"url":null,"abstract":"Indonesia is a country with fairly high market development in Financial Technology (FinTech) Services in the Asia Pacific region. The innovative benefit of FinTech is sharia crowdfunding. Data and information security are important for a company or organization. The problem faced by the use of websites in various fields, especially on the sharia crowdfunding website, is the security of information concerning data from an organization. This study aims to analyze the security vulnerabilities of the sharia crowdfunding website with the Open Web Application Security Project (OWASP) approach using the Zed Attack Proxy (ZAP) tool. OWASP is an open-source framework for improving the security of application software on websites. The results of this study determine the level of vulnerability in the Sharia Crowdfunding Website. This test is carried out to find vulnerabilities and risks on a crowdfunding website and provide recommendations for improving security on the website. The top 10 Security Vulnerabilities based on OWASP consist of 4 high levels, 5 medium levels, 14 low levels, and 9 information levels including Broken Access Control, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, and Software and Data Integrity Failures.","PeriodicalId":342813,"journal":{"name":"2022 10th International Conference on Cyber and IT Service Management (CITSM)","volume":"60 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 10th International Conference on Cyber and IT Service Management (CITSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CITSM56380.2022.9935837","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Indonesia is a country with fairly high market development in Financial Technology (FinTech) Services in the Asia Pacific region. The innovative benefit of FinTech is sharia crowdfunding. Data and information security are important for a company or organization. The problem faced by the use of websites in various fields, especially on the sharia crowdfunding website, is the security of information concerning data from an organization. This study aims to analyze the security vulnerabilities of the sharia crowdfunding website with the Open Web Application Security Project (OWASP) approach using the Zed Attack Proxy (ZAP) tool. OWASP is an open-source framework for improving the security of application software on websites. The results of this study determine the level of vulnerability in the Sharia Crowdfunding Website. This test is carried out to find vulnerabilities and risks on a crowdfunding website and provide recommendations for improving security on the website. The top 10 Security Vulnerabilities based on OWASP consist of 4 high levels, 5 medium levels, 14 low levels, and 9 information levels including Broken Access Control, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, and Software and Data Integrity Failures.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
