Perbandingan Evaluasi Kerentanan Menggunakan Tenable Nessus Scanner dan Owasp Zed Attack Proxy untuk Meningkatkan Keamanan Sistem Informasi Kepegawaian di Universitas Merdeka Malang

Rizca Wenny, Fandi Yulian Pamuji

Abstract


This study aims to compare the vulnerability analysis between Tenable Nessus Scanner and OWASP Zed Attack Proxy (ZAP) for improving the security of the Human Resource Information System (HRIS) website at Universitas Merdeka Malang. The research methodology includes the use of both Nessus and OWASP ZAP tools to scan the HRIS website for potential vulnerabilities. The findings of this research indicate that OWASP ZAP identified several critical web application vulnerabilities such as the absence of Anti-CSRF tokens, lack of Content Security Policy (CSP) headers, and missing Anti-Clickjacking headers, which are essential for maintaining the security and integrity of user data. On the other hand, Nessus Scanner focused more on network and server infrastructure vulnerabilities. The results suggest that OWASP ZAP is more effective for web application security in this context. Recommendations are provided to address the identified vulnerabilities and enhance the overall security of the HRIS website.


Keywords


vulnerability analysis, web security, Tenable Nessus, OWASP ZAP, HRIS.

Full Text:

PDF

References


Agung, B., & Arifin, M. 2020. Sistem Informasi Manajemen Kepegawaian pada Administrasi dan Pelayanan Kepegawaian dalam Kerangka Merit System di Lingkungan Kementerian Hukum dan HAM: Teknis subtantif sistem informasi kepegawaian, Depok: BPSDM KUMHAM Press.

Amri, M., Waidah, D. F., & Adi, F. T. 2023. Analisis Sistem Informasi Manajemen Kepegawaian di Badan Kepegawaian dan Pengembangan Sumber Daya Manusia (BKPSDM) Kabupaten Karimun. JURNAL TIKAR, 4(1), 41-50.

Kamilah, I., & Hendri Hendrawan, A. 2019. Analisis Keamanan Vulnerability pada Server Absensi Kehadiran Laboratorium di Program Studi Teknik Informatika. Jurnal UMJ, 16, 1–9.

Prasetyo Taufan. 2022. Pengamanan Jaringan Komputer Dengan Intrusion PreventionSystem (IPS) Berbasis Sms Gateway. Teknologipintar.Org, 2(6), 1–13.

Susanti, D. 2024. Analisis Uji Kualitas Keamanan Website PPDB SMK X Menggunakan Metode Isaaf. Jurnal IndraTech, 5.

Wahidin, M., Rahayu, D. N., & Yulianto, R. M. 2024. Analisis Kerentanan Situs Web KopKar Syariah PT BSIN menggunakan OWASP Zed Attack Proxy. Jurnal Interkom: Jurnal Publikasi Ilmiah Bidang Teknologi Informasi dan Komunikasi, 18(4), 25–31.

Widyawan, D. C., & Idris, A. 2021. Implementasi Sistem Informasi Manajemen Kepegawaian (Simpeg) Di Badan Kepegawaian Pendidikan dan Pelatihan Daerah Kota Samarinda. Jurnal Administrative Reform, 8(2), 125.

Yudiana, Y., Elanda, A., & Buana, R. L. 2021. Analisis Kualitas Keamanan Sistem Informasi E-Office Berbasis Website Pada STMIK Rosma Dengan Menggunakan OWASP Top 10. CESS (Journal of Computer Engineering, System and Science), 6(2), 185.




DOI: http://dx.doi.org/10.33087/jiubj.v24i3.5488

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

ADRESS JOURNAL

JURNAL ILMIAH UNIVERSITAS BATANGHARI JAMBI (JIUBJ)
Published by Lembaga Penelitian dan Pengabdian kepada Masyarakat
Adress: Jl.Slamet Ryadi, Broni-Jambi, Kec.Telanaipura, Kodepos: 36122, email: jiubj.unbari@gmail.com, Phone: 0741-670700

Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.