International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
|
Volume 187 - Issue 22 |
Published: July 2025 |
Authors: Muhammad Arif Putra Wibowo, Imam Riadi |
![]() |
Muhammad Arif Putra Wibowo, Imam Riadi . Analysis and Enhancement of Website Security using Anti-CSRF Token, CSP, and Anti-Clickjacking Approaches. International Journal of Computer Applications. 187, 22 (July 2025), 31-38. DOI=10.5120/ijca2025925362
@article{ 10.5120/ijca2025925362, author = { Muhammad Arif Putra Wibowo,Imam Riadi }, title = { Analysis and Enhancement of Website Security using Anti-CSRF Token, CSP, and Anti-Clickjacking Approaches }, journal = { International Journal of Computer Applications }, year = { 2025 }, volume = { 187 }, number = { 22 }, pages = { 31-38 }, doi = { 10.5120/ijca2025925362 }, publisher = { Foundation of Computer Science (FCS), NY, USA } }
%0 Journal Article %D 2025 %A Muhammad Arif Putra Wibowo %A Imam Riadi %T Analysis and Enhancement of Website Security using Anti-CSRF Token, CSP, and Anti-Clickjacking Approaches%T %J International Journal of Computer Applications %V 187 %N 22 %P 31-38 %R 10.5120/ijca2025925362 %I Foundation of Computer Science (FCS), NY, USA
Information security is a crucial aspect for any organization or company, whether private or governmental, as exemplified by the website lekamandiri.web.id. As part of a private company entity, PT Leka Mandiri utilizes a website application to manage financial data. This website handles sensitive client information. This research was conducted to identify and address security vulnerabilities on the lekamandiri.web.id website against CSRF attacks, Clickjacking, and Content Security Policy (CSP) violations. In light of these vulnerabilities, a security evaluation is required to provide proper mitigation and improvements for the lekamandiri.web.id website. This study employed the Penetration Testing method to identify and exploit existing security gaps on the PT Leka Mandiri Cikarang website. The testing phases included Information Gathering, Planning Analysis, Vulnerability Detection, Penetration Testing, Maintenance (Patching), and Reporting. Several tools were used during the testing process, such as OWASP ZAP for vulnerability scanning, Nmap and Whois for information gathering, Burp Suite for exploitation testing, and Visual Studio Code for maintenance (patching). The results of the study showed that the website had several vulnerabilities with varying risk levels. The initial testing indicated potential vulnerabilities to CSRF attacks, Clickjacking, and CSP violations. After remediation efforts, these three vulnerabilities were successfully mitigated through the implementation of Anti-CSRF tokens, the configuration of CSP headers, and the addition of Anti-Clickjacking headers. Overall, the implemented security measures proved to be effective in enhancing the website’s security level, as evidenced by the improved security score from the retesting process.