Website Application Security Value Analysis Using Crawling Method Against SQL Injection Attacks

Authors

  • Ari Dimas Yudistiawan Universitas Ahmad Dahlan
  • Nuril Anwar Universitas Ahmad Dahlan

DOI:

https://doi.org/10.12928/mf.v6i1.8198

Keywords:

Security Gap Analysis, Crawling, Information Security, Website Security

Abstract

This study focuses on analyzing security vulnerabilities in the Codelatte website, specifically targeting SQL Injection attacks. While the implementation of HTTPS has enhanced user communication and server security, outdated pages lacking WordPress security features remain vulnerable to SQL Injection. The research employs a crawling method to assess security gaps, starting with URL processing, data crawling, and interaction with the web server, followed by output generation in the form of an HTML file. The collected data is used for vulnerability testing via the Acunetix web vulnerability scanner, as well as manual testing and Sqlmap penetration testing. Findings reveal security weaknesses categorized into informational, low, medium, and high risk levels. Through crawling, the study identifies vulnerabilities and reduces them to informational, low, and medium levels, highlighting the importance of regularly updating website security. The final report provides recommendations for enhancing the Codelatte website's security to prevent unauthorized database access.

References

A. K. Jain, S. R. Sahoo, and J. Kaubiyal, ‘Online social networks security and privacy: comprehensive review and analysis’, Complex Intell. Syst., vol. 7, no. 5, pp. 2157–2177, Oct. 2021, doi: 10.1007/s40747-021-00409-7.

S. Cherniavskyi, V. Babanina, I. Vartyletska, and O. Mykytchyk, ‘Peculiarities of The Economic Crimes Committed with the Use of Information Technologies’, Eur. J. Sustain. Dev., vol. 10, no. 1 SE-, p. 420, Feb. 2021, doi: 10.14207/ejsd.2021.v10n1p420.

R. Ande, B. Adebisi, M. Hammoudeh, and J. Saleem, ‘Internet of Things: Evolution and technologies from a security perspective’, Sustain. Cities Soc., vol. 54, p. 101728, Mar. 2020, doi: 10.1016/j.scs.2019.101728.

T. S. Hyslip, ‘Cybercrime-as-a-Service Operations BT - The Palgrave Handbook of International Cybercrime and Cyberdeviance’, T. J. Holt and A. M. Bossler, Eds. Cham: Springer International Publishing, 2020, pp. 815–846.

S. khadim, oday Ali Hassen, and H. Ibrahim, ‘A Review on the Mechanism Mitigating and Eliminating Internet Crimes using Modern Technologies: Mitigating Internet crimes using modern technologies’, Wasit J. Comput. Math. Sci., vol. 1, no. 3 SE-Computer, pp. 50–68, Sep. 2022, doi: 10.31185/wjcm.48.

M. d. Prayoga, ‘Pengertian Dan Komponen Sql Muhammad Denny Prayoga’, pp. 1–7, 2018, doi: https://doi.org/10.31219/osf.io/kj43y.

Bangkit Wiguna, W. Adi Prabowo, and R. Ananda, ‘Implementasi Web Application Firewall Dalam Mencegah Serangan SQL Injection Pada Website’, Digit. Zo. J. Teknol. Inf. dan Komun., vol. 11, no. 2 SE-Articles, pp. 245–256, Nov. 2020, doi: 10.31849/digitalzone.v11i2.4867.

et al. Aliero, Muhammad Saidu, ‘Review On Sql Injection Protection Methods and Tools’, J. Teknol. (Sciences Eng., vol. 77, no. 13 SE-Science and Engineering, Nov. 2015, doi: 10.11113/jt.v77.6359.

M. A. Z. Risky and Y. Yuhandri, ‘Optimalisasi dalam Penetrasi Testing Keamanan Website Menggunakan Teknik SQL Injection dan XSS’, J. Sistim Inf. dan Teknol., vol. 3, no. 4 SE-Articles, pp. 215–220, Sep. 2021, doi: 10.37034/jsisfotek.v3i4.68.

F. W. Marrs et al., ‘Chemical Descriptors for a Large-Scale Study on Drop-Weight Impact Sensitivity of High Explosives’, J. Chem. Inf. Model., vol. 63, no. 3, pp. 753–769, Feb. 2023, doi: 10.1021/acs.jcim.2c01154.

M. J. Cawkwell, A. C. Burch, S. R. Ferreira, N. Lease, and V. W. Manner, ‘Atom Equivalent Energies for the Rapid Estimation of the Heat of Formation of Explosive Molecules from Density Functional Tight Binding Theory’, J. Chem. Inf. Model., vol. 61, no. 7, pp. 3337–3347, Jul. 2021, doi: 10.1021/acs.jcim.1c00312.

M. Tomiša, M. Milković, and M. Čačić, ‘Performance Evaluation of Dynamic and Static WordPress-based Websites’, in 2019 23rd International Computer Science and Engineering Conference (ICSEC), 2019, pp. 321–324, doi: 10.1109/ICSEC47112.2019.8974709.

R. Azis and S. Yazid, ‘Pengujian Kerentanan Website Wordpress Dengan Menggunakan Penetration Testing Untuk Menghasilkan Website Yang Aman’, J. RESTIKOM Ris. Tek. Inform. dan Komput., vol. 3, no. 3 SE-Article, Jun. 2022, doi: 10.52005/restikom.v3i3.87.

J. Rodas-Silva, J. A. Galindo, J. García-Gutiérrez, and D. Benavides, ‘Selection of Software Product Line Implementation Components Using Recommender Systems: An Application to Wordpress’, IEEE Access, vol. 7, pp. 69226–69245, 2019, doi: 10.1109/ACCESS.2019.2918469.

I. Sanchez-Rola, D. Balzarotti, C. Kruegel, G. Vigna, and I. Santos, ‘Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web’, in Proceedings of The Web Conference 2020, Apr. 2020, pp. 395–406, doi: 10.1145/3366423.3380124.

M. Khder, ‘Web Scraping or Web Crawling: State of Art, Techniques, Approaches and Application’, Int. J. Adv. Soft Comput. its Appl., vol. 13, pp. 145–168, Dec. 2021, doi: 10.15849/IJASCA.211128.11.

erick irawadi alwi, H. Herdianti, and F. Umar, ‘Analisis Keamanan Website Menggunakan Teknik Footprinting dan Vulnerability Scanning’, INFORMAL Informatics Journal; Vol 5 No 2 INFORMAL - Informatics JournalDO - 10.19184/isj.v5i2.18941 , Aug. 2020, [Online]. Available: https://jurnal.unej.ac.id/index.php/INFORMAL/article/view/18941.

Z. Alizadehsani, ‘Proposing to Use Artificial Neural Networks for NoSQL Attack Detection BT - Distributed Computing and Artificial Intelligence, Special Sessions, 17th International Conference’, 2021, pp. 247–255.

A. Ramadhani, ‘Keamanan Informasi’, Nusant. - J. Inf. Libr. Stud., 2018, [Online]. Available: https://api.semanticscholar.org/CorpusID:243906104.

J. Wu, ‘Security Risks from Vulnerabilities and Backdoors BT - Cyberspace Mimic Defense: Generalized Robust Control and Endogenous Security’, J. Wu, Ed. Cham: Springer International Publishing, 2020, pp. 3–38.

Applying PDO to Source Code

Downloads

Published

2024-08-06

Issue

Vol. 6 No. 1 (2024)

Section

Articles

License

Copyright (c) 2024 Ari Dimas Yudistiawan, Nuril Anwar

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Start from 2019 issues, authors who publish with JURNAL MOBILE AND FORENSICS agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

 

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.