ANALISIS CELAH KEAMANAN DAN MONITORING WEBSITE MENGGUNAKAN OWASP ZED ATTACK PROXY (ZAP) & WAZUH (STUDI KASUS: WEBSITE DUKCAPIL KAB.NGANJUK)

Dukcapil Nganjuk Regency manages sensitive population data, so it is important to maintain the security of its website from ever-evolving cyber threats. This study aims to analyze security gaps and monitor suspicious activities on the Dukcapil Nganjuk Regency website that
are potentially vulnerable to attacks such as SQL Injection, Cross-Site Scripting (XSS), etc. In this study, OWASP Zed Attack Proxy (ZAP) was used for penetration testing to detect security gaps, while Wazuh functions to monitor website activity in real-time. Testing using OWASP (ZAP) found 29 security vulnerabilities, including 4 high-risk, 5 medium-risk, 10 low-risk, and 10 informational. Of the 29 vulnerabilities found, 4 attack attempts were carried out, namely XSS, SQL Injection, Clickjacking and Distributed Denial of Service (DDoS). And 3 successful attacks were obtained, namely XSS, Clickjacking and Distributed Denial of Service (DDoS), with a medium vulnerability
level that has been calculated based on the Common Vulnerability Scoring System (CVSS). Wazuh monitoring results detected repeated attacks with a large number of POST requests that could degrade website performance. This study recommends mitigation such as stricter input validation and security header settings to improve protection. The use of OWASP ZAP and Wazuh shows an increase in the ability to detect and monitor security threats on websites that manage sensitive data, such as the Dukcapil website of Nganjuk Regency.