Analysis of Website Security of SMKN 1 Pangandaran Against SQL Injection Attack Using OWASP Method

 Agung Tri Laksono (Universitas AMIKOM Yogyakarta, Yogyakarta, Indonesia)
 (*)Joko Dwi Santoso Mail (Universitas AMIKOM Yogyakarta, Yogyakarta, Indonesia)

(*) Corresponding Author

Submitted: July 20, 2021; Published: July 31, 2021

Abstract

Every technological development is usually accompanied by an increase in security on a digital platform that is widely used by a large audience. However, with the rapid development of information technology, some of the security gaps found can be used as loopholes to commit crimes where these actions can harm others. These actions are often carried out by irresponsible people to benefit from the actions taken. Some of the gaps that are often found on digital platforms, especially on websites are SQL Injection where from BSSN data from January to April 2019, 73% of the vulnerability reports received are SQL Injection vulnerabilities. In addition, SQL Injection is also the number one threat to the security of a website application, where this SQL Injection attack is a code injection attack technique that is carried out by exploiting the security gaps that exist in the database layer of a website. In this study, taking the theme of SQL Injection which aims to conduct security analysis from the website of the school agency SMKN 1 Pangandaran, using OWASP which is used to carry out the analysis process. The result of testing the system on the website is where the attacker can perform injection using SQL payload to enter the database. Where the results of system analysis and testing will be recommended to close gaps on existing websites.

Keywords


SQL Injection; XSS; OWASP; CSRF

Full Text:

PDF


Article Metrics

Abstract view : 656 times
PDF - 275 times

References

Bangkit Wiguna, W. Adi Prabowo, and R. Ananda, “Implementasi Web Application Firewall Dalam Mencegah Serangan SQL Injection Pada Website,” Digit. Zo. J. Teknol. Inf. dan Komun., vol. 11, no. 2, pp. 245–256, 2020, doi: 10.31849/digitalzone.v11i2.4867.

D. Hariyadi, D. P. I. Kusuma, N. H. Maulida, and M. Ma’rifat, “Evaluasi Potensi Celah Keamanan SQL Injection Menggunakan Nearest Neighbor pada Security-Software Development Life Cycle,” J. Repos., vol. 2, no. 9, pp. 1273–1280, 2020, doi: 10.22219/repositor.v2i9.999.

F. widya Putra, “Analisis Keamanan Website Dari Serangan Sql Injection Menggunakan Web Application Firewall,” Skripsi Tek. Inform. S1 Univ. Pas. bandung, 2018, [Online]. Available: http://repository.unpas.ac.id/41047/.

A. S. Irawan, E. S. Pramukantoro, and A. Kusyanti, “Pengembangan Intrusion Detection System Terhadap SQL Injection Menggunakan Metode Learning Vector Quantization,” J. Pengemb. Teknol. Inf. dan Ilmu Komput. Univ. Brawijaya, vol. 2, no. 6, pp. 2295–2301, 2018.

S. S. H. Putra, “Penanggulangan Serangan XSS , CSRF , SQL Injection Menggunakan Metode Blackbox Pada Marketplace IVENMU,” J. Pendidik. dan Teknol. Inf., vol. 4, no. 2, pp. 289–300, 2017.

- Robinson, M. Akbar, M. A. Fadhly Ridha, M. Arif, F. Ridha, and A. C. S. Scripting, “INTERNATIONAL JOURNAL ON INFORMATICS VISUALIZATION SQL Injection and Cross Site Scripting Prevention Using OWASP Web Application Firewall,” J. Informatics Vis. Sql, vol. 2, no. 4, pp. 286–292, 2018.

A. Amiruddin, A. N. Ramadhan, and D. Herdianto, “Securing Web-Based E-Voting System Using Captcha and SQL Injection Filter,” IJCCS (Indonesian J. Comput. Cybern. Syst., vol. 14, no. 3, p. 277, 2020, doi: 10.22146/ijccs.57416.

2017 Dwika Aulia, Studi keamanan sistem informasi berbasis. 2017.

E. Pirker, “How To Become A Hacker Why This Document ? What Is A Hacker ? The Hacker Attitude,” pp. 1–9, 2018.

B. Bin Halib, E. Budiman, and H. J. Setyadi, “Teknik Hacking Web Server Dengan Sqlmap Di Kali Linux,” Jurnal Rekayasa Teknologi Informasi, vol. 1, no. 1. pp. 67–72, 2017, [Online]. Available: http://e-journals.unmul.ac.id/index.php/INF/article/view/642/pdf.

R. A. Ramadhan, R. M. Aresta, and D. Hariyadi, “Sudomy: Information Gathering Tools for Subdomain Enumeration and Analysis,” IOP Conf. Ser. Mater. Sci. Eng., vol. 771, no. 1, 2020, doi: 10.1088/1757-899X/771/1/012019.

David Kurniawan, “Pengertian XAMPP Lengkap dengan Cara Menggunakannya (Terbaru),” 2020. .

B. Ghozali, K. Kusrini, and S. Sudarmawan, “Mendeteksi Kerentanan Keamanan Aplikasi Website Menggunakan Metode Owasp (Open Web Application Security Project) Untuk Penilaian Risk Rating,” Creat. Inf. Technol. J., vol. 4, no. 4, p. 264, 2019, doi: 10.24076/citec.2017v4i4.119.

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Analysis of Website Security of SMKN 1 Pangandaran Against SQL Injection Attack Using OWASP Method

Refbacks

  • There are currently no refbacks.


Copyright (c) 2021 Agung Tri Laksono, Joko Dwi Santoso

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.


The IJICS (International Journal of Informatics and Computer Science)
Published by STMIK Budi Darma.
Jl. Sisingamangaraja No.338 Simpang Limun, Medan, North Sumatera
Email: ijics.stmikbudidarma@gmail.com

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.