Vol. 5 No. 7 (2026): JUNE
Open Access
Peer Reviewed

SECURITY ANALYSIS OF SUPERAPPS HERITAGE USING OWASP AND ISSAF

Authors

Abdul Rozak Nurdiansyah , Setiadi Yazid

Published:

2026-05-26

Downloads

PDF

Abstract

Pusaka Super Apps is an integrated digital platform owned by the Ministry of Religious Affairs of the Republic of Indonesia (Kemenag) that provides various religious services for millions of users. Along with the increasing reliance on government digital services, threats to information system security are becoming more complex. This study conducts a security assessment of the Pusaka Super Apps web application ( https://pusaka-v3.kemenag.go.id ) using two complementary frameworks, namely OWASP Top 10 2025 and the Information Systems Security Assessment Framework (ISSAF). The research method is qualitative descriptive with black-box testing and gray-box testing approaches that include the stages of reconnaissance, scanning, enumeration, vulnerability assessment, and impact analysis. The results of the study identified several medium vulnerabilities, including Content Security Policy Header Not Set, Missing Anti-clickjacking Header, and Missing Sub Resource Integrity Attribute. This study provides structured remediation recommendations and serves as a contribution to efforts in strengthening cyber security for government applications in Indonesia.

Keywords:

Cybersecurity OWASP Top 10 ISSAF Pusaka Super Apps Ministry of Religion Penetration Testing Vulnerability Assessment

References

[1] Desai, A., & Manoharan, A. P. (2024). Digital Transformation and Public Administration: The Impacts of India’s Digital Public Infrastructure. In International Journal of Public Administration (Vol. 47, Issue 9, pp. 575–578). Routledge. https://doi.org/10.1080/01900692.2024.2350762

[2] Sisilianingsih, S., Purwandari, B., Eitiveni, I., Purwaningsih, M., & Korespondensi, P. (2023). ANALISIS FAKTOR TRANSFORMASI DIGITAL PELAYANAN PUBLIK PEMERINTAH DI ERA PANDEMI. https://doi.org/10.25126/jtiik2023107059

[3] Deny Budiyanto and Muhammad Mabruri, “PENTINGNYA KEAMANAN SIBER DALAM ERA DIGITAL:: TINJAUAN GLOBAL DAN KONDISI DI INDONESIA,” Prosiding Seminar Nasional Sains Dan Teknologi “SainTek” 2, no. 1 (February 2025): 981–94, https://conference.ut.ac.id/index.php/saintek/article/view/5134

[4] Badan Siber dan Sandi Negara (BSSN), Lanskap Keamanan Siber Indonesia 2024 (2024).

[5] Muhammad Alfi, Ni Yundari, and Ahnaf Tsaqif, “Analisis Risiko Keamanan Siber Dalam Transformasi Digital Pelayanan Publik Di Indonesia,” Jurnal Kajian Stratejik Ketahanan Nasional 6, no. 2 (December 2023): 1–11, https://doi.org/10.7454/jkskn.v6i2.10082.

[6] Cybersecurity Ventures, Cybersecurity Ventures Report on Cybercrime, November 25, 2025, https://www.esentire.com/cybersecurity-fundamentals-defined/glossary/cybersecurity-ventures-report-on-cybercrime.

[7] Ria Wulandari, Priyanto Priyanto, and Afrizal Hendra, “The Indonesia’s Cyber Security Strategy in the Face of Evolving Modern Warfare Threats,” Formosa Journal of Applied Sciences 4, no. 2 (February 2025): 615–26, https://doi.org/10.55927/fjas.v4i2.5.

[8] Arinaldo Adma, Yusuf Surbakti, and Puspita Sari, “Transformasi Sistem Pertahanan Siber Indonesia Dengan BSSN Sebagai Poros & Motor Penggerak Menuju Angkatan Siber Mandiri Di Masa Depan,” Jurnal Kajian Stratejik Ketahanan Nasional 6, no. 1 (June 2023): 1–14, https://doi.org/10.7454/jkskn.v6i1.10077.

[9] Keputusan Menteri Agama Republik Indonesia Nomor 412 Tahun 2023 Tentang Sistem Manajemen Keamanan Informasi.

[10] OWASP Foundation. (2026). About the OWASP Foundation. https://owasp.org/about/

[11]Nurelasari, E., & Al Farabi, D. G. (2024). Analisis keamanan sistem website menggunakan metode Open Web Application Security Project (OWASP) pada SIMANTEP.ID. JATI (Jurnal Mahasiswa Teknik Informatika), 8(3), 3049–3054

[12] OWASP Foundation. (2025). OWASP Top 10: 2025: The Ten Most Critical Web Application Security Risks. https://owasp.org/Top10/2025/0x00_2025-Introduction/

[13] R. T. Dirgahayu, Y. Prayudi, and A. Fajaryanto, “Penerapan Metode ISSAF dan OWASP versi 4 Untuk Uji Kerentanan Web Server,” J. Ilm. NERO, vol. 1, no. 3, pp. 190–197, 2015, [Online]. Available: http://nero.trunojoyo.ac.id/index.php/nero/article/download/29/27

[14] I. O. Riandhanu, “Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi,” J. Inf. dan Teknol., vol. 4, no. 3, pp. 160–165, 2022, doi: 10.37034/jidt.v4i3.236.

[15] Aryanti, D., Dan, N., & Utamajaya, J. N. (2021). ANALISIS KERENTANAN KEAMANAN WEBSITE MENGGUNAKAN METODE OWASP (OPEN WEB APPLICATION SECURITY PROJECT) PADA DINAS TENAGA KERJA. Jurnal Nasional Indonesia, 1(3), 15–25

Author Biographies

Abdul Rozak Nurdiansyah, Universitas Indonesia

Author Origin : Indonesia

Setiadi Yazid, Universitas Indonesia

Author Origin : Indonesia

License

Copyright (c) 2026 Abdul Rozak Nurdiansyah, Setiadi Yazid

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Nurdiansyah, A. R., & Yazid, S. (2026). SECURITY ANALYSIS OF SUPERAPPS HERITAGE USING OWASP AND ISSAF. International Journal of Social Science, Educational, Economics, Agriculture Research and Technology (IJSET), 5(7), 3637–3634. Retrieved from https://ijset.org/index.php/ijset/article/view/1957

Similar Articles

<< < 8 9 10 11 12 13 14 15 16 17 > >> 

You may also start an advanced similarity search for this article.