MENINGKATKAN KEAMANAN TERHADAP SQL INJECTION STUDI KASUS SISTEM KEPEGAWAIAN BNN

Authors

  • Rachmawati Yulia Andarini Universitas Muhammadiyah Magelang
  • Purwono Hendradi Universitas Muhammadiyah Magelang http://orcid.org/0000-0003-2458-2124
  • Setiya Nugroho Universitas Muhammadiyah Magelang

DOI:

https://doi.org/10.21927/ijubi.v6i1.3161

Keywords:

SQL Injection, Penetration Testing, SiMPaN

Abstract

Abstrak

Di era perkembangan digitalisasi yang sangat pesat ini, SQL injection merupakan sebuah bahasa pemrograman seperti PHP atau Perl mengakses database melalui SQL query atau xampp. Penetration Testing merupakan salah satu metode untuk menguji kelengkapan, keterpaduan, operasional dan dasar dunia komputer yang terdiri dari perangkat keras, perangkat lunak dan manusia. Badan Narkotika Nasional Kabupaten Magelang telah mengembangkan website untuk absensi non pegawai negeri/polri secara lokal. Manfaat website bagi pegawai non pns/polri adalah dapat mengurangi human error dan meningkatkan efektivitas kerja. Aplikasi Sistem Informasi Manajemen Kepegawaian ASN(SiMPaN) dapat diakses oleh semua pegawai sehingga tidak menutup kemungkinan terjadi berbagai serangan yang dilakukan oleh cracker, sedangkan data dan informasi di dalamnya bersifat sensitif karena berhubungan dengan data pribadi dan berkas pelaporan bulanan pegawai. Penelitian ini dibuat untuk membuat keamanan pada Sistem Informasi Manajemen Kepegawaian BNNK Magelang(SiMPaN). Hasil perbandingan penambahan SSL dan menambahkan kode captcha. Keduanya dapat digunakan untuk meminimalisir terjadinya penembusan pada bagian login dengan fungsi masing-masing.

 

References

J. Harefa, G. Prajena, A. Muhamad, E. Valin, S. Dewa, and S. Yuliandry, “SEA WAF : The Prevention of SQL Injection Attacks on Web Applications SEA WAF : The Prevention of SQL Injection Attacks on Web Applications,†no. April, 2021, doi: 10.25046/aj060247.

M. Metode, F. Multiple, C. Decision, M. Fmcdm, and D. Yogyakarta, “Indonesian Journal of Business Intelligence,†vol. 3, no. 2, pp. 54–60, 2020.

Y. A. Pohan, “Meningkatkan Keamanan Webserver Aplikasi Pelaporan Pajak Daerah Menggunakan Metode Penetration Testing Execution Standar,†J. Sistim Inf. dan Teknol., vol. 3, pp. 1–6, 2021, doi: 10.37034/jsisfotek.v3i1.36.

N. Annggela, R. Andryani, U. Bina, and D. Palembang, “Analisis Kualitas Sistem Dapodik Untuk Pendataan Satuan Pendidikan di Kota Palembang Dengan Metode Webqual,†2019.

P. Hendradi, “Analisis Keamanan E-learning Menggunakan Open Web Application Security Project (OWASP) studi kasus MOCA UNIMMA,†J. Inform., vol. 22, no. 02, pp. 132–138, 2022, [Online]. Available: https://jurnal.darmajaya.ac.id/index.php/JurnalInformatika/article/view/3327.

S. Hidayatulloh and D. Saptadiaji, “Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP),†J. Algoritm., vol. 18, no. 1, pp. 77–86, 2021, doi: 10.33364/algoritma/v.18-1.827.

A. Bastian, H. Sujadi, and L. Abror, “Analisis Keamanan Aplikasi Data Pokok Pendidikan (DAPODIK) Menggunakan Penetration Testing Dan SQL Injection,†INFOTECH J., vol. 6, no. 2, pp. 65–70, 2020.

R. Pangalila, “Penetration Testing Server Sistem Informasi Manajemen Dan Website Universitas Kristen Petra,†J. Teknol. Inf., vol. 3, no. 2, p. pp.271-p.276, 2015, [Online]. Available: http://publication.petra.ac.id/index.php/teknik-informatika/article/view/3145.

S. P. Sitorus and R. A. Habibi, “Teknik Pencegahan Penetrasi SQL Injeksi Dengan Pengaturan Input Type Number dan Batasan Input Pada Form Login Website,†U-NET J. Tek. Inform., vol. 4, no. 2, pp. 26–33, 2020, doi: 10.52332/u-net.v4i2.303.

A. D. Djayali, “Analisa Serangan SQL Injection pada Server pengisian Kartu Rencana Studi (KRS) Online,†J. Manaj. Inform. dan Komput., vol. 1, no. 1, pp. 16–24, 2020, [Online]. Available: https://jurnal.aikomternate.ac.id/index.php/jaminfokom.

R. P. Adi, “Analisis Paket Data Pada Jalur Komunikasi SSL dengan Menggunakan Tools Wireshark untuk Keamanan Jalur Komunikasi ( Studi Kasus Server Sistem Akademik Terpadu SMK Negeri 2 Salatiga ).â€

M. Alenezi, M. Nadeem, and R. Asif, “SQL injection attacks countermeasures assessments,†Indones. J. Electr. Eng. Comput. Sci., vol. 21, no. 2, pp. 1121–1131, 2020, doi: 10.11591/ijeecs.v21.i2.pp1121-1131.

F. Rohimudin et al., “Rancang Bangun Infrastruktur Cloud Full,†vol. 28, no. 2, 2022, doi: 10.36309/goi.v28i2.171.

D. Rusmana, “Rancang Bangun Pengaman Sistem Login Menggunakan Metode Captcha,†Incomtech, vol. 10, no. 1, pp. 46–52, 2021, [Online]. Available: https://ejournal.istn.ac.id/index.php/incomtech/article/view/1061%0Ahttps://ejournal.istn.ac.id/index.php/incomtech/article/download/1061/729.

N. Nuryati et al., “Two Factor Authentication Sistem Inventarisasi Barang dan Manajemen Dana Bantuan Operasional Sekolah Dinas Pendidikan Nasional,†vol. 4, no. 2, pp. 1129–1136, 2022, doi: 10.47065/bits.v4i2.2297.

Downloads

Published

2023-06-30

Issue

Vol. 6 No. 1 (2023): Indonesian Journal of Business Intelligence (IJUBI)

Section

Articles

License

COPYRIGHT TRANSFER FORM

The copyright to this article is transferred to Alma Ata University Press if and when the article is accepted for publication. The undersigned hereby transfers any and all rights in and to the paper including without limitation all copyrights to AAU Press. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment.

We declare that:

1. This paper has not been published in the same form elsewhere.

2. It will not be submitted anywhere else for publication prior to acceptance/rejection by this Journal.

3. A copyright permission is obtained for materials published elsewhere and which require this permission for reproduction.

Furthermore, I/We hereby transfer the unlimited rights of publication of the above mentioned paper in whole to AAU Press. The copyright transfer covers the exclusive right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online) or any other reproductions of similar nature.

The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.

Retained Rights/Terms and Conditions

 

1. Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.

2. Authors may reproduce or authorize others to reproduce the Work or derivative works for the authors personal use or for company use, provided that the source and the AAU Press copyright notice are indicated, the copies are not used in any way that implies AAU Press endorsement of a product or service of any employer, and the copies themselves are not offered for sale.

3. Although authors are permitted to re-use all or portions of the Work in other works, this does not include granting third-party requests for reprinting, republishing, or other types of re-use.