Impact Analysis of Web Application Firewall on Website-Based Application Security (Case Study PPDB Kak Seto School Website)
DOI:
https://doi.org/10.12928/mf.v5i1.8914Keywords:
Web Application Firewall, ModSecurity, Website Security, Web Attacks, WebsiteAbstract
The swift advancement of web-based applications has posed security challenges. Insufficient security awareness among web developers has resulted in a surge of cybercrime incidents due to website vulnerabilities. To counter this, implementing a Web Application Firewall (WAF) is proposed for the vulnerable PPDB Sekolah Kak Seto website, aiming to mitigate threats in the public network. The WAF acts as a defense against potential cyber breaches. Employing an experimental approach, this research encompasses identification, observation, literature review, analysis of WAF system requirements, implementation, testing, and pre/post-implementation analysis using ModSecurity as the security system. The study analyzes the impact of WAF adoption and provides recommendations for enhancing security. Findings demonstrate WAF's effectiveness in fortifying the Kak Seto School web application by efficiently identifying and blocking potential attacks, thereby reducing breach success rates. Post-WAF implementation, Pingdom tests show a slight drop in Performance Grade (70 to 69) and a minor increase in Load Time (2.76 to 3.23 seconds). GTmetrix tests reveal a Grade downgrade from B to C and an increase in Largest Contentful Paint time (2.2 to 2.7 seconds). In conclusion, despite minor performance effects, WAF significantly enhances security, as evident in improved loading times during tests.
References
F. O. Sonmez and B. G. Kilic, “Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results,” IEEE Access, vol. 9, pp. 25858–25884, 2021, doi: 10.1109/ACCESS.2021.3057044.
M. Fahlevi, M. Saparudin, S. Maemunah, D. Irma, and M. Ekhsan, “Cybercrime Business Digital in Indonesia,” E3S Web Conf., vol. 125, no. 201 9, pp. 1–5, 2019, doi: 10.1051/e3sconf/201912521001.
N. Sun et al., “Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives,” IEEE Commun. Surv. Tutorials, vol. PP, p. 1, 2023, doi: 10.1109/COMST.2023.3273282.
E. A. Altulaihan, A. Alismail, and M. Frikha, “A Survey on Web Application Penetration Testing,” Electron., vol. 12, no. 5, 2023, doi: 10.3390/electronics12051229.
D. Kalla, F. Samaah, S. Kuraku, and N. Smith, “Phishing Detection Implementation using Databricks and Artificial Intelligence,” Int. J. Comput. Appl., vol. 185, no. 11, pp. 1–11, 2023, doi: 10.5120/ijca2023922764.
R. Riska and H. Alamsyah, “Penerapan Sistem Keamanan Web Menggunakan Metode Web Aplication Firewall,” J. Amplif. J. Ilm. Bid. Tek. Elektro Dan Komput., vol. 11, no. 1, pp. 37–42, 2021, doi: 10.33369/jamplifier.v11i1.16683.
S. Alazmi and D. C. De Leon, “A Systematic Literature Review on the Characteristics and Effectiveness of Web Application Vulnerability Scanners,” IEEE Access, vol. 10, pp. 33200–33219, 2022, doi: 10.1109/ACCESS.2022.3161522.
“OWASP Top Ten | OWASP Foundation.” https://owasp.org/www-project-top-ten/ (accessed Aug. 01, 2022).
B. I. Dewangkara, K. S. Santi, V. A. Putri, and I. M. E. Listartha, “Penerapan Analisis Kerentanan XSS dan Rate Limiting pada Situs Web MTsN 3 Negara Menggunakan OWASP ZAP,” J. Inform. Upgris, vol. 8, no. 1, pp. 1–6, 2022, doi: 10.26877/jiu.v8i1.10266.
M. A. Mu’min, A. Fadlil, and I. Riadi, “Analisis Keamanan Sistem Informasi Akademik Menggunakan Open Web Application Security Project Framework,” J. Media Inform. Budidarma, vol. 6, no. 3, p. 1468, 2022, doi: 10.30865/mib.v6i3.4099.
A. W. Marashdih, Z. F. Zaaba, and K. Suwais, “An Enhanced Static Taint Analysis Approach to Detect Input Validation Vulnerability,” J. King Saud Univ. - Comput. Inf. Sci., vol. 35, no. 2, pp. 682–701, 2023, doi: 10.1016/j.jksuci.2023.01.009.
F. Nurelia, S. Putri, Y. B. Utomo, and U. I. Kadiri, “Analisa Celah Keamanan Pada Website Pemerintah Kabupaten Kediri Menggunakan Metode Penetration Testing Melalui Kali Linux,” vol. 7, pp. 52–59, 2023.
P. Panwar, H. Mishra, and R. Patidar, “An Analysis of the Prevention and Detection of Cross Site Scripting Attack,” Int. J. Emerg. Trends Eng. Res., vol. 11, no. 1, pp. 30–34, 2023, doi: 10.30534/ijeter/2023/051112023.
R. Rizal and Y. Sumaryana, “Peningkatan Keamanan Aplikasi Web Menggunakan Web Application Firewall (WAF) Pada Sistem Informasi Manajemen Kampus Terintegrasi,” J. ICT Inf. Commun. Technol., vol. 20, no. 2, pp. 323–330, 2021, doi: 10.36054/jict-ikmi.v20i2.416.
K. Dhiatama Ayunda et al., “Implementation and Analysis ModSecurity on Web-Based Application with OWASP Standards,” Jurnal.Mdp.Ac.Id, vol. 8, no. 3, pp. 1638–1650, 2021, [Online]. Available: https://jurnal.mdp.ac.id/index.php/jatisi/article/view/1223
M. L. N. Suryana, N. R. S. Muda, D. Minggu, R. Agustiady, and C. Herkariawan, “Implementation of firewall for web server access management based on application gateway for TNI AD website,” IOP Conf. Ser. Mater. Sci. Eng., vol. 1098, no. 2, p. 022105, 2021, doi: 10.1088/1757-899x/1098/2/022105.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 Krisna Dewa Pratama, Nuril Anwar
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Start from 2019 issues, authors who publish with JURNAL MOBILE AND FORENSICS agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.