Penerapan Sistem Keamanan Web Menggunakan Metode Web Aplication Firewall

The application of a security system on the web needs to be done considering that the web itself can be accessed through a public network. In this study, a Web Application Firewall (WAF)-based security system will be implemented using modsecurity, in which the purpose of implementing this web security system is to understand the concept of a security system on the web and pay attention to the results before the application of the firewall and after the application of the firewall on the web. This research uses experimental research methods, in this study the implementation of a web application firewall (WAF) using modsecurity as a web security system is carried out, then an analysis is carried out to get the right recommendations for a firewall as a web security system. The results of this study indicate that a firewall using the modSecurity module and rule based on the Web Application Firewall (WAF) on a web security system can block SQL Injection, Cross Site Scripting (XSS), and Command Execution by displaying an error message to the user who performs the command.

Download Full-text

Models and scenarios of implementation of threats for internet resources

Российский технологический журнал ◽

10.32362/2500-316x-2020-8-6-9-33 ◽

2020 ◽

Vol 8 (6) ◽

pp. 9-33

Author(s):

S. A. Lesko

Keyword(s):

Web Application ◽

Query Language ◽

Sql Injection ◽

Web Resource ◽

Injection Attacks ◽

Sql Injections ◽

Sql Injection Attacks ◽

Client Side ◽

Cross Site ◽

The Web

To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.

Download Full-text

Safety Measures and Auto Detection against SQL Injection Attacks

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijeat.b3316.129219 ◽

2019 ◽

Vol 8 (4) ◽

pp. 2827-2833

Keyword(s):

Web Application ◽

Application Programming Interface ◽

Database Management System ◽

Transport Layer ◽

Prototype System ◽

Large Network ◽

Security Measures ◽

Sql Injection ◽

Sql Injection Attack ◽

The Web

The SQL injection attack (SQLIA) occurred when the attacker integrating a code of a malicious SQL query into a valid query statement via a non-valid input. As a result the relational database management system will trigger these malicious query that cause to SQL injection attack. After successful execution, it may interrupts the CIA (confidentiality, integrity and availability) of web API. The vulnerability of Web Application Programming Interface (API) is the prior concern for any programming. The Web API is mainly based of Simple Object Access Protocol (SOAP) protocol which provide its own security and Representational State Transfer (REST) is provide the architectural style to security measures form transport layer. Most of the time developers or newly programmers does not follow the standards of safe programming and forget to validate their input fields in the form. This vulnerability in the web API opens the door for the threats and it’s become a cake walk for the attacker to exploit the database associated with the web API. The objective of paper is to automate the detection of SQL injection attack and secure the poorly coded web API access through large network traffic. The Snort and Moloch approaches are used to develop the hybrid model for auto detection as well as analyze the SQL injection attack for the prototype system

Download Full-text

SQL Injection Attacks Countermeasures

Threats, Countermeasures, and Advances in Applied Information Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-0978-5.ch010 ◽

2012 ◽

pp. 194-213

Author(s):

Kasra Amirtahmasebi ◽

Seyed Reza Jalalinia

Keyword(s):

Web Application ◽

Web Applications ◽

Confidential Information ◽

Sql Injection ◽

Unauthorized Access ◽

Injection Attacks ◽

Prevention Techniques ◽

Sql Injection Attack ◽

Sql Injection Attacks ◽

The Web

Due to the huge growth in the need for using Web applications worldwide, there have been huge efforts from programmers to develop and implement new Web applications to be used by companies. Since a number of these applications lack proper security considerations, malicious users will be able to gain unauthorized access to confidential information of organizations. A concept called SQL Injection Attack (SQLIA) is a prevalent method used by attackers to extract the confidential information from organizations’ databases. They work by injecting malicious SQL codes through the web application, and they cause unexpected behavior from the database. There are a number of SQL Injection detection/prevention techniques that must be used in order to prevent unauthorized access to databases.

Download Full-text

Cross Site Scripting (XSS) and SQL-Injection Attack Detection in Web Application

SSRN Electronic Journal ◽

10.2139/ssrn.3356292 ◽

2019 ◽

Author(s):

Prakhar Tripathi ◽

Rahul Thingla

Keyword(s):

Web Application ◽

Attack Detection ◽

Sql Injection ◽

Sql Injection Attack ◽

Cross Site

Download Full-text

Cross Site Scripting Attacks in Web-Based Applications

Journal of Advances in Science and Engineering ◽

10.37121/jase.v1i2.19 ◽

2018 ◽

Vol 1 (2) ◽

pp. 25-35

Author(s):

Aliga Paul Aliga ◽

Adetokunbo MacGregor John-Otumu ◽

Rebecca E Imhanhahimi ◽

Atuegbelo Confidence Akpe

Keyword(s):

Web Application ◽

Web Applications ◽

Learning Ability ◽

Security Risk ◽

Web Application Security ◽

Web Based ◽

Architectural Framework ◽

Self Learning ◽

Cross Site ◽

The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

Download Full-text

Prosedur efektif pengembangan aplikasi basis data

JSAI (Journal Scientific and Applied Informatics) ◽

10.36085/jsai.v2i1.104 ◽

2019 ◽

Vol 2 (1) ◽

Author(s):

Zulkarnaen Hatala

Keyword(s):

Web Application ◽

Specific Requirement ◽

Application System ◽

Web Based ◽

Database Application ◽

Server Side ◽

The Right ◽

Client Side ◽

The Web

Abstract—Efficient and quick procedure to build a web application is presented. The steps are intended to build a database application system with hundreds of tables. The procedure can minimize tasks needed to write code and doing manual programming line by line. The intention also to build rapidly web-based database application. In this method security concerning authentification and authorization already built in ensuring the right and eligible access of the user to the system. The end result is ready to use the web-based 3-tier application. Moreover, the application is still flexible to be customized and to be enhanced to suit more specific requirement in part of each module of the software both the server-side and client-side programming codes. Abstrak—Pada penelitian kali ini diusulkan prosedur cepat dan efisien pengembangan aplikasi basis data menggunakan generator aplikasi. Bertujuan untuk meminimalisir penulisan bahasa pemograman. Keuntungan dari prosedur ini adalah bisa digunakan untuk mengembangkan aplikasi basis data secara cepat terutama dengan sistem basis data yang terdiri dari banyak tabel. Hak akses dan prosedur keamanan standar telah disediakan sehingga setiap user terjamin haknya terhadap entitas tertentu di basis data. Hasil generasi adalah aplikasi basis data berbasis web yang siap pakai. Sistem aplikasi yang terbentuk masih sangat lentur untuk untuk dilakukan penyesuaian setiap komponen aplikasi baik di sisi server maupun di sisi client.

Download Full-text

A novel approach to initial hearing assessment

Saratov Medical Journal ◽

10.15275/sarmj.2021.0104 ◽

2021 ◽

Vol 2 (1) ◽

Author(s):

Tatyana Vladimirova ◽

Lyubov Aizenshtadt ◽

Mikhail Davydkin-Gogel

Keyword(s):

Web Application ◽

Age Groups ◽

Automated System ◽

Old Patients ◽

Hearing Research ◽

Group I ◽

Hearing Assessment ◽

Group Ii ◽

The Right ◽

The Web

Objective: justifying the possibility of using frequency-based hearing research via the web application ‘Automated System for Initial Hearing Assessment’. Materials and methods. The study was carried out at the Department of Otorhinolaryngology of the Samara State Medical University clinics in October 2019. It involved 91 patients 17 to 73 years old (average age 48±14.6 years). All study participants were divided into two age groups: Group I 17-59 years old), and Group II (over 60 years old). Patients were required to undergo two hearing assessment tests: using the Interacoustics AC-40 clinical audiometer and using our web application ‘Automated System for Initial Hearing Assessment’ (patent No. 2019664671). Results. The maximum difference in average hearing thresholds between pure-tone threshold audiometry and the web application in Group I was 3.3 dB at a frequency of 2 kHz on the right and 3.2 dB at frequencies of 2 and 4 kHz on the left; in Group II, it constituted 4.7 and 3.5 dB at 1 and 2 kHz, on the right, correspondingly, and 7.2 dB at 4 kHz on the left. The presented data were evaluated using the Cohen’s kappa coefficient, which confirmed high level of agreement between the results obtained using the clinical audiometer vs. our original web application. Conclusion. Based on the obtained results, a conclusion was made about the possibility of using the original web application for the initial hearing express assessment in general practice in conditions of limited availability of audiological care.

Download Full-text

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

International Journal of Advanced Computer Science and Applications ◽

10.14569/ijacsa.2017.080509 ◽

2017 ◽

Vol 8 (5) ◽

Cited By ~ 5

Author(s):

Abdalla Wasef ◽

Zarul Fitri ◽

Herman Khalid

Keyword(s):

Genetic Algorithm ◽

Web Application ◽

Web Security ◽

Cross Site

Download Full-text

A Study on Comparison of Network Location Efficiency of Web Application Firewall

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.33.21009 ◽

2018 ◽

Vol 7 (3.33) ◽

pp. 183

Author(s):

Sung-Ho Cho ◽

Sung-Uk Choi ◽

. .

Keyword(s):

Web Services ◽

Web Application ◽

Large Scale ◽

Service Providers ◽

Web Security ◽

Small Scale ◽

Internet Service ◽

Large Scale Networks ◽

The Web ◽

Line Type

This paper proposes a method to optimize the performance of web application firewalls according to their positions in large scale networks. Since ports for web services are always open and vulnerable in security, the introduction of web application firewalls is essential. Methods to configure web application firewalls in existing networks are largely divided into two types. There is an in-line type where a web application firewall is located between the network and the web server to be protected. This is mostly used in small scale single networks and is vulnerable to the physical obstruction of web application firewalls. The port redirection type configured with the help of peripheral network equipment such as routers or L4 switches can maintain web services even when physical obstruction of the web application firewall occurs and is suitable for large scale networks where several web services are mixed. In this study, port redirection type web application firewalls were configured in large-scale networks and there was a problem in that the performance of routers was degraded due to the IP-based VLAN when a policy was set for the ports on the routers for web security. In order to solve this problem, only those agencies and enterprises that provide web services of networks were separated and in-line type web application firewalls were configured for them. Internet service providers (ISPs) or central line-concentration agencies can apply the foregoing to configure systems for web security for unit small enterprises or small scale agencies at low costs.

Download Full-text

SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.2.4.107 ◽

2018 ◽

Vol 2 (4) ◽

pp. 286 ◽

Cited By ~ 1

Author(s):

Robinson ◽

Memen Akbar ◽

Muhammad Arif Fadhly Ridha

Keyword(s):

Web Application ◽

Web Applications ◽

Monitoring Network ◽

Sql Injection ◽

Web Application Security ◽

Ip Address ◽

Application Security ◽

Rule Set ◽

Security Rule ◽

Cross Site

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

Download Full-text