Security Assessment of E-Commerce Website Using NIST SP 800-115 Based on OWASP Top 10


Authors

  • Arif Setyo Wibowo Universitas Pembangunan Nasional "Veteran" Jawa Timur, Surabaya, Indonesia
  • Henni Endah Wahanani Universitas Pembangunan Nasional "Veteran" Jawa Timur, Surabaya, Indonesia
  • Andreas Nugroho Sihananto Universitas Pembangunan Nasional "Veteran" Jawa Timur, Surabaya, Indonesia

DOI:

https://doi.org/10.47065/bulletincsr.v6i4.1186

Keywords:

OWASP TOP 10 2021; E-Commerce; Penetration Testing; NIST SP 800-115; Security Testing

Abstract

The rapid growth of e-commerce platforms in Indonesia has increased the risk of cyber threats targeting sensitive user data, including personal information and payment details. PT. XYZ, a mattress company that recently launched its first e-commerce website, has attracted 42,222 visitors and generated revenue of Rp994,878,300 within its first six months, yet has never undergone any form of security testing. This raises serious concerns, as undetected vulnerabilities may expose the platform to identity theft, data breaches, and unauthorized access. This study aims to identify existing security vulnerabilities, determine the severity level of each finding, and provide concrete remediation recommendations before those vulnerabilities are exploited. The assessment was conducted using the NIST SP 800-115 framework across four phases: Planning, Discovery, Attack, and Reporting, with vulnerability classification based on OWASP Top 10 (2021). The Discovery phase utilized Google Dorking, WHOIS, wfuzz, Wappalyzer, Nmap, Burp Suite, and OWASP ZAP to gather intelligence and identify weaknesses. The Attack phase successfully exploited six confirmed vulnerabilities: Clickjacking, CSP Header Not Set, Vulnerable JS Library, Cross-Domain Misconfiguration, Source Code Disclosure, and Username Enumeration and Brute Force, mapped to OWASP categories A05, A06, and A07, with risk levels ranging from Medium to High. This research contributes by demonstrating that newly deployed platforms are not inherently secure and that integrating NIST SP 800-115 with OWASP Top 10 provides a structured approach to identifying real security vulnerabilities in e-commerce systems.

Downloads

Download data is not yet available.

References

Munir Azhari and Breda Kustanto, “Penerapan E-Commerce Dalam Meningkatkan Daya Saing Ekonomi Di Era Teknologi Informasi,” Aliansi?: Jurnal Manajemen dan Bisnis, vol. 19, no. 2, pp. 193–210, Dec. 2024, doi: https://doi.org/10.46975/ka212950.

D. I. Maharani, “Pages 201-210 Perekonomian di Era Transformasi Digital,” Jurnal Simki Economic, vol. 7, no. 1, pp. 201–210, Jan. 2024, doi: https://doi.org/10.29407/jse.v7i1.493.

Nouvan, “Jumlah Serangan Siber di Indonesia Naik, Tembus 610 Juta pada 2024,” Dataloka. Accessed: Jun. 29, 2026. [Online]. Available: https://dataloka.id/politik/4259/jumlah-serangan-siber-di-indonesia-naik-tembus-610-juta-pada-2024/

Nia Ramadhani and Muhammad Irwan Padli Nasution, “Tantangan Dan Solusi Keamanan Siber Dalam Transaksi E-Commerce,” JURNAL PENELITIAN SISTEM INFORMASI (JPSI), vol. 2, no. 2, pp. 134–144, May 2024, doi: https://doi.org/10.54066/jpsi.v2i2.1930.

OWASP (Open Worldwide Application Security Project), “A01 Broken Access Control - OWASP Top 10:2021,” OWASP.

R. Ernitasari, S. Ramdhani, and M. Gowon, “Keamanan E-Commerce: Cara Menjaga Data Pribadi Tetap Aman,” JURNAL SIBER MULTI DISIPLIN, no. 3, pp. 213–223, Dec. 2025, doi: https://doi.org/10.38035/jsmd.v3i3.

K. Scarfone, M. Souppaya, A. Cody, and A. Orebaugh, “Technical Guide to Information Security Testing and Assessment ,” NIST Special Publication (SP) 800-115, Sep. 2008, doi: https://doi.org/10.6028/NIST.SP.800-115.

H. Jati Setyadi and M. Rivani Ibrahim, “Penetration Testing Website E-Journals Metode NIST SP 800-115 dan OWASP,” METIK JURNAL, vol. 9, no. 1, pp. 72–81, Jun. 2025, doi: https://doi.org/10.47002/metik.v9i1.1030.

R. Al Ridwan Bintang Firdaus and T. Ismardiko Widyawan, “Pengujian Kerentanan Website Menggunakan Metode Penetration Testing Dengan OWASP (Studi Kasus?: Pemerintah Kabupaten Semarang),” CyberSecurity dan Forensik Digital, vol. 8, no. 2, pp. 106–115, Dec. 2025, doi: https://doi.org/10.14421/csecurity.2025.8.2.5372.

M. Yuwan, S. Nacikit, M. Rahman, and A. E. Wardoyo, “Analisis Keamanan Aplikasi Berbasis Web Menggunakan Metode Penetration Testing (Studi kasus: E-Commerce As-Sakinah Mart),” Informatics for Educators And Professionals?: Journal of Informatics, vol. 10, no. 1, pp. 25–33, Apr. 2025, doi: https://doi.org/10.51211/itbi.v10i1.3324.

M. Fierza and E. Erlangga, “Analisa Celah Keamanan Dalam Pengembangan Website E-Commerce (Studi Kasus: Mataharimu.Com),” Jurnal Ilmiah Computing Insight, vol. 3, no. 2, p. 20, Aug. 2022, doi: https://doi.org/10.30651/comp_insight.v3i2.14535.

A. R. Supriyatna, I. Asrowardi, S. D. Putra, and E. Subyantoro, “Analisis Kerentanan Aplikasi Web E-commerce Berdasarkan Standar OWASP Top 10: Studi Kasus pada Situs Kopi Lampung Nusantara,” EXPERT: Jurnal Manajemen Sistem Informasi dan Teknologi, vol. 14, no. 2, p. 95, Dec. 2024, doi: https://doi.org/10.36448/expert.v14i2.4034.

M. Fahrul Reza and I. Sutanto, “Penerapan Pentesting pada EasyCart untuk Menghadapi Ancaman Keamanan Siber,” IKRAITH-INFORMATIKA, vol. 10, no. 1, pp. 96–105, Nov. 2025, doi: https://doi.org/10.37817/ikraith-informatika.v9i3.

H. Herman, I. Riadi, Y. Kurniawan, and I. A. Rafiq, “Analisis Keamanan Website Menggunakan Information System Security Asessment Framework(ISSAF),” Jurnal Teknologi Informatika dan Komputer, vol. 9, no. 1, pp. 126–136, Mar. 2023, doi: https://doi.org/10.37012/jtik.v9i1.1439.

F. T. Vierino, H. E. Wahanani, and A. Junaidi, “Evaluating Web Application Security Using OWASP Top 10 and NIST SP 800-115,” bit-Tech, vol. 8, no. 3, pp. 3754–3764, Apr. 2026, doi: https://doi.org/10.32877/bt.v8i3.3702.

Ilham Akbar, Khairunnisak Nur Isnaini, and Banu Dwi Putranto, “Penetration Testing Through NIST SP 800-115 and OWASP TOP 10 With Risk Analysis Using CVSS on the XY Diskominfo Website,” Journal of Innovation Information Technology and Application (JINITA), vol. 7, no. 2, pp. 314–326, Dec. 2025, doi: https://doi.org/10.35970/jinita.v7i2.2907.

E. Z. Darojat, E. Sediyono, and I. Sembiring, “Vulnerability Assessment Website E-Government dengan NIST SP 800-115 dan OWASP Menggunakan Web Vulnerability Scanner,” JURNAL SISTEM INFORMASI BISNIS, vol. 12, no. 1, pp. 36–44, Sep. 2022, doi: https://doi.org/10.21456/vol12iss1pp36-44.

D. Rohmaniah, W. Miftahul Ashari, and A. Dwi Putra, “Enhancing Website Security Using Vulnerability Assessment and Penetration Testing (VAPT) Based on OWASP Top Ten,” Journal of Applied Informatics and Computing (JAIC), vol. 9, no. 2, pp. 404–411, Mar. 2025, doi: https://doi.org/10.30871/jaic.v9i2.9069.

A. Agustinus and I. Sembiring, “Website Vulnerability Testing Using The Penetration Testing Method Referring To Nist Sp 800 – 155 (Case Study (Astonprinter.com Domain)),” Jurnal Teknik Informatika (Jutif), vol. 5, no. 6, pp. 1651–1662, Dec. 2024, doi: https://doi.org/10.52436/1.jutif.2024.5.6.3859.

M. Bunan Imtias, K. Umam, H. Mustofa, and M. Hadi Subowo, “Comparative Analysis of Penetration Testing Frameworks: OWASP, PTES, and NIST SP 800-115 for Detecting Web Application Vulnerabilities,” Journal of Applied Informatics and Computing (JAIC), vol. 9, no. 6, p. 3689, Dec. 2025, doi: https://doi.org/10.30871/jaic.v9i6.9846.


Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Security Assessment of E-Commerce Website Using NIST SP 800-115 Based on OWASP Top 10

Dimensions Badge

ARTICLE HISTORY

Published: 2026-06-30

Abstract View: 25 times
PDF Download: 3 times

How to Cite

Wibowo, A. S., Wahanani, H. E., & Sihananto, A. N. (2026). Security Assessment of E-Commerce Website Using NIST SP 800-115 Based on OWASP Top 10. Bulletin of Computer Science Research, 6(4), 1593-1602. https://doi.org/10.47065/bulletincsr.v6i4.1186

Issue

Section

Articles

Most read articles by the same author(s)