Security Vulnerability Analysis of the Sharia Crowdfunding Website Using OWASP-ZAP

Abstract

Indonesia is a country with fairly high market development in Financial Technology (FinTech) Services in the Asia Pacific region. The innovative benefit of FinTech is sharia crowdfunding. Data and information security are important for a company or organization. The problem faced by the use of websites in various fields, especially on the sharia crowdfunding website, is the security of information concerning data from an organization. This study aims to analyze the security vulnerabilities of the sharia crowdfunding website with the Open Web Application Security Project (OWASP) approach using the Zed Attack Proxy (ZAP) tool. OWASP is an open-source framework for improving the security of application software on websites. The results of this study determine the level of vulnerability in the Sharia Crowdfunding Website. This test is carried out to find vulnerabilities and risks on a crowdfunding website and provide recommendations for improving security on the website. The top 10 Security Vulnerabilities based on OWASP consist of 4 high levels, 5 medium levels, 14 low levels, and 9 information levels including Broken Access Control, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, and Software and Data Integrity Failures.