Vulnerability of injection attacks against the application security of framework based websites open web access security project (OWASP)
Keywords:
Website Applications, Injection, Security, OWASPAbstract
The development of website applications is currently growing rapidly, but it is not followed by a good security system that can cause the number of security holes that can be entered by the attacker. The number of website applications that are vulnerable to injection attacks to make managers must be aware of and often update and immediately close the security gap. Website applications that have good security will become more secure but the application is still vulnerable to injection attacks. Updating and changing passwords periodically will be better than in fix. Many security hints and risks are released by Open Web Application Security Project (OWASP) TOP 10-2017 as well as a reference in wary of security risks in the application.References
Farhood Norouzizadeh Dezfoli, Ali Dehghantanha, Ramlan Mahmoud, Nor Fazlida binti Mohd Sani, Farid Daryabar. Digital Forensic Trens and Future. IJCSDF. 2013, Vol 2: 48-76.
Imam Riadi, Eddy Irawan Aristianto. An Analysis of Vulnerability Web Against Attack Unrestricted Image File Upload. Computer Engineering and Applications. 2016, Vol 5, No 1: 19-28.
Desti Mualifah, Imam Riadi, Network Forensics For Detecting Flooding Attack on Web Server. IJCSIS.2017, Vol 15, No 2: 326-331.
Ade Kurniawan, Imam Riadi. Forensic Analysis and Prevent of Cross Site Scripting in Single Victim Attack Using Open Web Application Security Project (OWASP) Framework. JATIT. 2017, Vol 95, No 6: 1363-1371.
Albert Sagala, Elni Manurung, Binsar Siahaan dan Rusman Marpaung. Deteksi, Identifikasi dan Penanganan Web Menggunakan SQL Injection dan Cross Site Scripting. Seminar Nasional Ilmu Komputer 2014, 1-7.
Rahajeng Ellysa, Muchammad Husni, dan Baskoro Adi Pratomo. Jurusan Teknik Informatika, Fakultas Teknologi Informasi, Institut Teknologi Sepuluh Nopember (ITS) Pendeteksi Serangan SQL Injection Menggunakan Algoritma SQL Injection Free Secure pada Aplikasi Web. Jurnal Teknik POMITS. 2013, Vol. 2, No. 1: 1-6.
W. Halfond, A. Orso, AMNESIA: Analysis and Monitoring for Netralizing SQL-Injection Attacks, 2005.
OWASP. SQL Injection [Internet]. 2009 [diperbaharui pada 3 Februari 2009; disitat pada 28 Juni 2013]. Bisa diakses pada: https://www.owasp.org/index.php/SQL_Injection.
Rudi Samuel Pardosi Cyber Security Research Center. “ Kali Linux Top Hackingâ€, 2015
Open Web Application Security Project (OWASP) TOP 10 Application Security Risks 2017 akses Website: https://www.owasp.org/index.php/Top_10_2017-Top_10.
Downloads
Published
Issue
Section
License
Authors who publish with Jurnal Informatika (JIFO) agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
