A Security Development Life Cycle (SDLC)-Based Approach for Designing Intrusion Detection and Prevention Systems to Counter SQL Injection Attacks at MAN 2 Magetan

Abstract

Information security is a critical aspect of ensuring the validity, integrity, and availability of data while protecting users’ access to services. Inadequate security measures can expose systems to various threats, potentially compromising their functionality. One such threat is SQL Injection, a common attack vector targeting web applications. MAN 2 Magetan, an Islamic high school located in Purwosari, Magetan Regency, East Java, Indonesia, operates an online admission system on its website. However, this website contains input fields that are not properly validated, creating a vulnerability to SQL Injection attacks. This study aims to design and implement an Intrusion Detection and Prevention System (IDPS) to mitigate SQL Injection attacks using the Security Development Life Cycle (SDLC) methodology. The SDLC process for the system development consists of five stages: Analysis, Design, Implementation, Enforcement, and Enhancement. A hybrid system combining Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) was utilized to create an effective solution. The results of the research demonstrate that the developed IDPS successfully detects and prevents SQL Injection attacks, ensuring the security and integrity of the online admission system. The integration of IDS and IPS within the SDLC framework has proven to be an effective approach to enhancing web application security at MAN 2 Magetan.