Preprint has been submitted for publication in journal
Preprint / Version 1

SQL Injection: Analysis of Penetration Testing Effectiveness in Web Applications


SQL Injection: Analisis Efektivitas Uji Penetrasi dalam Aplikasi Web

##article.authors##

DOI:

https://doi.org/10.21070/ups.4721

Keywords:

Cybersecurity, SQL Injection, Penetration Testing, Web Vulnerability

Abstract

In the continuously evolving digital era, information system security becomes crucial, particularly against SQL Injection attacks that threaten data integrity. This research aims to evaluate the vulnerability to SQL Injection in web applications and assess the effectiveness of penetration testing methods as a security measure. Utilizing a literature review and previous studies, this research identifies various attack techniques and defense strategies used to protect data. Through systematic penetration testing on ten websites, this study produces performance data reflecting the success rate of attacks and the time required for penetration. The results show variations in the effectiveness of penetration testing tools, with some sites exhibiting significant vulnerabilities. To enhance the security of web applications, this research suggests updating programming languages, implementing OOP and MVC paradigms, using Rest APIs, implementing WAFs, and utilizing CAPTCHAs. These findings provide insights for developing more robust and adaptive security strategies in the face of cyber threats.

Downloads

Download data is not yet available.

References

B. Baharuddin, H. Wakkang, dan B. Irianto, “IMPLEMENTASI WEB SERVICE DENGAN METODE REST API UNTUK INTEGRASI DATA COVID 19 DI SULAWESI SELATAN,” J. Sintaks Log., vol. 2, no. 1, Art. no. 1, Feb 2022, doi: 10.31850/jsilog.v2i1.1035.

M. A. Z. Risky dan Y. Yuhandri, “Optimalisasi dalam Penetrasi Testing Keamanan Website Menggunakan Teknik SQL Injection dan XSS,” J. Sistim Inf. Dan Teknol., hlm. 215–220, Sep 2021, doi: 10.37034/jsisfotek.v3i4.68.

A. D. Djayali, “Analisa Serangan SQL Injection pada Server pengisian Kartu Rencana Studi (KRS) Online,” JAMINFOKOM - J. Manaj. Inform. Dan Komput., vol. 1, no. 1, Art. no. 1, Sep 2020.

P. G. S. Adinata, I. P. W. P. Putra, N. P. A. I. Juliantari, dan K. D. A. Sutrisna, “Analisis Perbandingan Tools SQL Injection Menggunakan SQLmap, SQLsus dan The Mole,” Inform. J. Ilmu Komput., vol. 18, no. 3, hlm. 286, Des 2022, doi: 10.52958/iftk.v18i3.5373.

“The Invicti AppSec Indicator Spring 2021 Edition: Acunetix Web Vulnerability Report,” Acunetix. Diakses: 29 Desember 2023. [Daring]. Tersedia pada: https://www.acunetix.com/white-papers/acunetix-web-application-vulnerability-report-2021/

A. Faidlatul Habibah, F. Shabira, dan I. Irwansyah, “Pengaplikasian Teori Penetrasi Sosial pada Aplikasi Online Dating,” J. Teknol. Dan Sist. Inf. Bisnis, vol. 3, no. 1, hlm. 44–53, Jan 2021, doi: 10.47233/jteksis.v3i1.183.

S. U. Sunaringtyas, “Implementasi Penetration Testing Execution Standard Untuk Uji Penetrasi Pada Layanan Single Sign-On,” 2021.

A. Alanda, D. Satria, M. I. Ardhana, A. A. Dahlan, dan H. A. Mooduto, “Web Application Penetration Testing Using SQL Injection Attack,” JOIV Int. J. Inform. Vis., vol. 5, no. 3, Art. no. 3, Sep 2021, doi: 10.30630/joiv.5.3.470.

M. Alenezi, M. Nadeem, dan R. Asif, “SQL Injection Attacks Countermeasures Assessments,” Indones. J. Electr. Eng. Comput. Sci., vol. 21, Okt 2020, doi: 10.11591/ijeecs.v21.i2.pp1121-1131.

A. B. Setyawan, I. A. Kautsar, dan N. L. Azizah, “Query Response Time Comparison SQL and No SQL for Contact Tracing Application,” Procedia Eng. Life Sci., vol. 2, no. 2, Okt 2022, doi: 10.21070/pels.v2i2.1296.

M. Hasibuan dan A. M. Elhanafi, “Penetration Testing Sistem Jaringan Komputer Menggunakan Kali Linux untuk Mengetahui Kerentanan Keamanan Server dengan Metode Black Box: Studi Kasus Web Server Diva Karaoke.co.id,” Sudo J. Tek. Inform., vol. 1, no. 4, hlm. 171–177, Des 2022, doi: 10.56211/sudo.v1i4.160.

C. B. Setiawan, D. Hariyadi, A. Sholeh, dan A. Wisnuaji, “Pengembangan Aplikasi Information Gathering Berbasis HybridApps,” INTEK J. Inform. Dan Teknol. Inf., vol. 5, no. 1, Art. no. 1, Mei 2022, doi: 10.37729/intek.v5i1.1729.

A. Zirwan, “Pengujian dan Analisis Kemanan Website Menggunakan Acunetix Vulnerability Scanner,” J. Inf. Dan Teknol., hlm. 70–75, Mar 2022, doi: 10.37034/jidt.v4i1.190.

Y. A. Pohan, Y. Yuhandri, dan S. Sumijan, “Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar,” J. Sistim Inf. Dan Teknol., hlm. 1–6, Sep 2021, doi: 10.37034/jsisfotek.v3i1.36.

J. Panjaitan dan A. F. Pakpahan, “Perancangan Sistem E-Reporting Menggunakan ReactJS dan Firebase,” J. Tek. Inform. Dan Sist. Inf., vol. 7, no. 1, Art. no. 1, Apr 2021, doi: 10.28932/jutisi.v7i1.3098.

S. Syamsiah, “Perancangan Flowchart dan Pseudocode Pembelajaran Mengenal Angka dengan Animasi untuk Anak PAUD Rambutan,” STRING Satuan Tulisan Ris. Dan Inov. Teknol., vol. 4, no. 1, hlm. 86, Agu 2019, doi: 10.30998/string.v4i1.3623.

S. T. Argaw dkk., “Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks,” BMC Med. Inform. Decis. Mak., vol. 20, no. 1, hlm. 146, Jul 2020, doi: 10.1186/s12911-020-01161-7.

R. D. E. P. F. D. Hanggara, “Analisis Sistem Antrian Pelanggan SPBU Dengan Pendekatan Simulasi Arena | Jurnal INTECH Teknik Industri Universitas Serang Raya,” Des 2020, Diakses: 24 April 2024. [Daring]. Tersedia pada: https://e-jurnal.lppmunsera.org/index.php/INTECH/article/view/2543

“PHP: PHP 8.3.0 Release Announcement.” Diakses: 21 April 2024. [Daring]. Tersedia pada: https://www.php.net/releases/8.3/en.php

D. P. Y. Ardiana dan L. H. Loekito, “Gamification design to improve student motivation on learning object-oriented programming,” J. Phys. Conf. Ser., vol. 1516, no. 1, hlm. 012041, Apr 2020, doi: 10.1088/1742-6596/1516/1/012041.

M. Fajar, F. Ciuandi, dan A. Munir, “Desain Aplikasi Daily Remainder Menggunakan Model-View Controller Dan Data Access Object,” vol. 4, no. 2.

E. Bautista-Villegas, “Metodologías agiles XP y Scrum, empleadas para el desarrollo de páginas web, bajo MVC, con lenguaje PHP y framework Laravel,” Rev. Amaz. Digit., vol. 1, no. 1, Art. no. 1, Jan 2022, doi: 10.55873/rad.v1i1.168.

V. Punitha, C. Mala, dan N. Rajagopalan, “A novel deep learning model for detection of denial of service attacks in HTTP traffic over internet,” Int. J. Ad Hoc Ubiquitous Comput., vol. 33, no. 4, hlm. 240–256, Jan 2020, doi: 10.1504/IJAHUC.2020.106666.

C.-O. Truică, E.-S. Apostol, J. Darmont, dan T. B. Pedersen, “The Forgotten Document-Oriented Database Management Systems: An Overview and Benchmark of Native XML DODBMSes in Comparison with JSON DODBMSes,” Big Data Res., vol. 25, hlm. 100205, Jul 2021, doi: 10.1016/j.bdr.2021.100205.

Z. Qu, X. Ling, T. Wang, X. Chen, S. Ji, dan C. Wu, “AdvSQLi: Generating Adversarial SQL Injections Against Real-World WAF-as-a-Service,” IEEE Trans. Inf. Forensics Secur., vol. 19, hlm. 2623–2638, 2024, doi: 10.1109/TIFS.2024.3350911.

J. Hansen dan T. Sutabri, “Mendesain Cyber Security Untuk Mencegah Serangan DDoS Pada Website Menggunakan Metode Captcha,” vol. 3, no. 1, 2023.

Posted

2024-05-29