Analisis Kerentanan pada Website Sistem Pelayanan Dinas XYZ Kabupaten Bengkalis Menggunakan Vulnerability Assessment dan Penetration Testing

With the increasing use of web-based information systems in public services, system security has become a crucial aspect that requires attention. This study aims to analyze vulnerabilities in the service system website of the XYZ Department in Bengkalis Regency using the Vulnerability Assessment and Penetration Testing (VAPT) method, which includes identification, testing, and mitigation of detected vulnerabilities. Scanning was conducted using OWASP ZAP and Nikto, followed by penetration testing with the Black Box Testing method. The initial scanning results identified several vulnerabilities, such as SQL Injection, Content Security Policy (CSP) Header Not Set, and the use of vulnerable JavaScript libraries. After mitigation measures were applied, a follow-up scan showed that some vulnerabilities had been successfully addressed, while others required further improvement. This study provides recommendations to enhance website security, minimize data breach risks, and protect public information.