Implementasi Web Application Firewall Dalam Mencegah Serangan SQL Injection Pada Website

Bangkit Wiguna; Wahyu  Adi Prabowo; Ridho  Ananda

doi:10.31849/digitalzone.v11i2.4867

Bangkit Wiguna IT Telkom Purwokerto
Wahyu Adi Prabowo Insitut Tekbologi Telkom Purwokerto
Ridho Ananda Insitut Tekbologi Telkom Purwokerto

DOI: https://doi.org/10.31849/digitalzone.v11i2.4867

Keywords: Keamanan, Serangan Web, SQL Injection, Website, Web Application Firewall

Abstract

Dalam beberapa tahun terakhir perkembangan teknologi informasi menjadi semakin pesat, perkembangan ini membuat segala aktifitas dan pekerjaan menjadi lebih mudah, seperti halnya untuk mengakses berita maupun informasi. Salah satu media yang sering digunakan untuk menemukan berbagai macam informasi pada saat ini yaitu website. Banyaknya website yang ada pada saat ini membuat ia sering dijadikan sasaran berbagai jenis serangan web yang beragam seperti SQL injection. Sehingga diperlukan suatu sistem yang mampu memberikan solusi dalam pengamanan website. Pada penelitian ini menggunakan metode web application firewall karena metode ini mampu untuk menjadi security system dalam mengamankan suatu website dari serangan. Metode web application firewall dilakukan dengan memblokir serangan sql injection yang masuk berdasarkan konfigurasi rules yang telah ditetapkan. Dan dari hasil penelitian ini serangan SQL injection yang telah diujicobakan pada website berhasil diblokir sehingga membuat website menjadi aman dari serangan tersebut..

Kata kunci: Keamanan, Serangan Web, SQL injection, Website, Web Application Firewall.

Abstract

In the last few years the development of information technology has become increasingly rapid, this has made all activities and jobs easier, such as accessing news and information. One of the media that is often used to find various kinds of information at this time is the website. The large number of websites that exist today makes it a frequent target of various types of web attacks such as SQL injection. So we need a system that is able to provide solutions in securing a website. This research uses a web firewall application method because this method is able to become a security system on a website from attacks. The firewall web application method is carried out by the sql injection attack method which is entered based on predefined rules. And from the results of this study, the SQL injection attack that was tested on the website was successful so that it made the website safe from these attacks.

Keywords: Security, Web Attack, SQL injection, Website, Web Application Firewall

Downloads

Download data is not yet available.

References

B. Raharjo, I. Heryanto, and K. ER, Modul Pemrograman Web (HTML; PHP; MySql) Revisi Kedua. Bandung: Modula, 2014.

S. Latha and S. J. Prakash, “A survey on network attacks and Intrusion detection systems,” 2017 4th Int. Conf. Adv. Comput. Commun. Syst. ICACCS 2017, 2017, doi: 10.1109/ICACCS.2017.8014614.

M. Thiyab, M. Ali, and F. Basil, “The Impact of SQL Injection Attacks on the Security of Databases,” Proc. 6th Int. Conf. Comput. Informatics, no. 080, pp. 323–331, 2017.

J. Clarke, SQL Injection Attacks and Defense, 2nd Editio. United Kingdom: Syngress, 2012.

V. Dehalwar, A. Kalam, M. L. Kolhe, and A. Zayegh, “OWASP Top 10 - 2017, The Ten Most Critical Web Application Security Risks,” 2018. doi: 10.1109/ICPES.2017.8387407.

A. M. Damar, “Polisi Ringkus Hacker Surabaya yang Bobol 44 Negara,” 2018. .

N. Avital, “The State of Web Application Vulnerabilities in 2018,” 2018. .

J. J. Singh, H. Samuel, and P. Zavarsky, “Impact of paranoia levels on the effectiveness of the modsecurity web application firewall,” Proc. - 2018 1st Int. Conf. Data Intell. Secur. ICDIS 2018, pp. 141–144, 2018, doi: 10.1109/ICDIS.2018.00030.

J. P. Singh, “Analysis of SQL Injection Detection Techniques,” pp. 1–10, 2016.

A. K. Dalai and S. K. Jena, “Neutralizing SQL injection attack using server side code modification in web applications,” Secur. Commun. Networks, vol. 2017, 2017, doi: 10.1155/2017/3825373.

U. Upadhyay and G. Khilari, “SQL injection avoidance for protected database with ASCII using SNORT and HONEYPOT,” Int. Conf. Adv. Commun. Control Comput. Technol., no. 978, pp. 596–599, 2016, doi: 10.1109/ICACCCT.2016.7831710.

A. Maraj and E. Rogova, “Testing Techniques and Analysis of SQL Injection Attacks,” Int. Conf. Knowl. Eng. Appl., vol. 12, no. 1, p. 145, 2017.

V. Clincy and H. Shahriar, “Web Application Firewall: Network Security Models and Configuration,” Proc. - Int. Comput. Softw. Appl. Conf., vol. 1, pp. 835–836, 2018, doi: 10.1109/COMPSAC.2018.00144.

Robinson, M. Akbar, and Muhammad Arif Fadhly Ridha, “SQL Injection and Cross Site Scripting Prevention Using OWASP Web Application Firewall,” Int. J. Informatics Vis., vol. 2, pp. 286–292, 2018.

H. M. Z. Al Shebli and B. D. Beheshti, “A study on penetration testing process and tools,” 2018 IEEE Long Isl. Syst. Appl. Technol. Conf. LISAT 2018, pp. 1–7, 2018, doi: 10.1109/LISAT.2018.8378035.

I. Ristic and C. Folini, Modsecurity Handbook - The Complete Guide to the Popular Open Source Web Application Firewall. 2017.

G. R. K. Rao and D. R. S. Prasad, “Combating Cross-Site Scripting Assaults without Proprietary Software,” Int. J. Appl. Eng., vol. 12, no. 17, pp. 6788–6796, 2017.

A. Alamsyah and T. A. Cahyanto, “ANALISA KEAMANAN INFORMASI PADA APLIKASI BERBASIS WEB MENGGUNAKAN TEKNIK WEB APPLICATION FIREWALL MODSECURITY,” 2016.

R. Yanti Jamain, Periyadi, and S. Juli Irza Ismail, “Implementasi Keamanan Aplikasi Web Dengan Web Application Firewall,” e-Proceeding Appl. Sci., vol. 1, no. 3, pp. 2191–2195, 2015.