Pemindaian Kerentanan Website RPH Surabaya Berdasarkan OWASP Top 10

Abstract

This study aims to identify security vulnerabilities on the official website of Rumah Potong Hewan (RPH) Surabaya using the OWASP Top 10 2021 standard and to provide recommendations for improving website security. The research method applies a vulnerability assessment approach through three main stages: planning, information gathering, and vulnerability scanning. The information gathering process was carried out using Nslookup, Whois, Nmap, Dirsearch, and Wappalyzer to obtain data related to IP addresses, domain information, open ports, accessible directories, and web technologies used. Vulnerability scanning was conducted using OWASP ZAP with manual explore and automated scan methods. The results show that a total of 33 security alerts were identified, comprising 1 high-risk, 11 medium-risk, 11 low-risk, and 10 informational vulnerabilities. Of these findings, 22 alerts (67%) fall into the OWASP Top 10 2021 categories, with the most dominant category being A05:2021 – Security Misconfiguration at 45.5%. Other identified categories include A06:2021 – Vulnerable and Outdated Components, A01:2021 – Broken Access Control, A02:2021 – Cryptographic Failures, and A03:2021 – Injection. These findings indicate that the website still has significant weaknesses in security configuration, access control mechanisms, cryptographic implementation, and input validation. Therefore, it can be concluded that the RPH Surabaya website requires comprehensive security improvements, particularly in server configuration, component updates, access control enforcement, encryption mechanisms, and input validation, in order to minimize the risk of cyberattacks on public service websites.