Analisis Keamanan Website Berbasis Black-box Fuzzing: Studi Kasus Kerentanan XSS Dan SQL Injection Dalam Website X

Bagus Ariwibowo

Abstract


Keamanan website menjadi perhatian utama dalam dunia digital, terutama terhadap ancaman Cross-Site Scripting (XSS) dan SQL Injection. Penelitian ini bertujuan untuk menganalisis keamanan website X dengan pendekatan Black-box Fuzzing menggunakan alat OWASP ZAP, Acunetix, dan Arachni. Pengujian dilakukan melalui identifikasi endpoint, uji fuzzing terhadap parameter input, serta analisis respons server terhadap payload berbahaya. Dan setalah itu memberikan mitigasi terhadapat kerentanan yang paling tinggi. Hasil penelitian ini diharapkan memberikan wawasan mendalam tentang tingkat keamanan website X dan saran tentang cara memperkuat pertahanan situs web tersebut terhadap serangan siber.

Keywords


Keamanan website; Black-box fuzzing; XSS cross-site scripting; SQL injection

Full Text:

PDF

References


V. R. S. Nastiti and D. R. Akbi, “Pengembangan sistem informasi dan majalah digital di pimpinan cabang Muhammadiyah Lawang,” Community Dev. J. J. Pengabdi. Masy., vol. 5, no. 1, pp. 1369–1373, 2024.

M. Bin jafar Al Hamid, I. Nuryasin, and Z. Sari, “Penerapan progressive web application pada website Online Public Access Catalog (OPAC) UMM,” J. Repos., vol. 4, no. 2, 2022.

A. Frik and L. Mittone, “Factors influencing the perception of website privacy trustworthiness and users’ purchasing intentions: the behavioral economics perspective,” J. Theor. Appl. Electron. Commer. Res., vol. 14, no. 3, pp. 89–125, 2019.

M. Q. Syahputra, D. R. Akbi, and D. Risqiwati, “Deteksi dan mitigasi serangan DDoS pada software defined network menggunakan algoritma decision tree,” J. Repos., vol. 2, no. 11, 2020.

M. Zaidan, F. Noeraini, Z. Sari, and D. R. Akbi, “Website vulnerability analysis of AB and XY office in East Java,” JITEKI J. Ilm. Tek. Elektro Komput. dan Inform., vol. 9, no. 2, pp. 455–492, 2023.

X. Song, R. Zhang, Q. Dong, and B. Cui, “Grey-box fuzzing based on reinforcement learning for xss vulnerabilities,” Appl. Sci., vol. 13, no. 4, p. 2482, 2023.

M. S. Rizal and others, “Perbandingan perlindungan data pribadi Indonesia dan Malaysia,” J. Cakrawala Huk., vol. 10, no. 2, pp. 218–227, 2019.

Y. Azhar, Z. Sari, and A. S. Kholimi, “Optimasi pengelolaan data anggota melalui sistem informasi di pimpinan daerah Muhammadiyah kota Batu,” J. Abdimas BSI J. Pengabdi. Kpd. Masy., vol. 8, no. 1, pp. 74–83, 2025.

Y. Ardiansah, “Analisis vulnerability Sistem Manajemen Tugas Akhir (Simanta) Universitas Muhammadiyah Malang,” Universitas Muhammadiyah Malang, 2024.

A. Alkatiri, “Analisis celah keamanan dan monitoring website menggunakan Owasp Zed Attack Proxy (ZAP) & Wazuh (Studi kasus: Website DUKCAPIL Kab. Nganjuk),” Universitas Muhammadiyah Malang, 2024.

D. A. Arifah, “Kasus cybercrime di indonesia,” J. Bisnis dan Ekon., vol. 18, no. 2, 2011.

A. Hidayat, “Analisis trafik abnormal menggunakan Wireshark (Studi kasus: Sister. ummetro. ac. id),” Bull. Netw. Eng. Informatics, vol. 1, no. 1, pp. 7–11.

B. Zukran and M. M. Siraj, “Performance comparison on sql injection and xss detection using open source vulnerability scanners,” in 2021 International Conference on Data Science and Its Applications (ICoDSA), 2021, pp. 61–65.

A. Rajan and E. Erturk, “Web vulnerability scanners: A case study.” [Online]. Available: http://testasp.vulnweb.com/

K. Abdulghaffar, N. Elmrabit, and M. Yousefi, “Enhancing web application security through automated penetration testing with multiple vulnerability scanners,” Computers, vol. 12, no. 11, p. 235, 2023.

D. A. P. Sasongko, “Analisis metode vulnerability scanning dan perbandingan penetration testing dengan intrusion detection system terhadap vulnerable website,” Universitas Muhammadiyah Malang, 2024.

A. I. Fandy, “Pengujian celah keamanan website menggunakan teknik penetration testing dengan metode Owasp (Studi kasus: website rapor online SMP Muhammadiyah 1 Malang),” Universitas Muhammadiyah Malang, 2024.

M. Zaidan, “Eksplorasi keamanan website Dinas XY di Jawa Timur dalam pendekatan pengujian brute force untuk mendeteksi kerentanan,” Universitas Muhammadiyah Malang, 2024.

A. Alsaedi, A. Alhuzali, and O. Bamasag, “Black-box fuzzing approaches to secure web applications: Survey”, [Online]. Available: www.ijacsa.thesai.org

O. Zaazaa and H. El Bakkali, “Dynamic vulnerability detection approaches and tools: State of the Art,” in 2020 Fourth International Conference On Intelligent Computing in Data Sciences (ICDS), 2020, pp. 1–6.

A. Alsaedi, A. Alhuzali, and O. Bamasag, “Effective and scalable black-box fuzzing approach for modern web applications,” J. King Saud Univ. Inf. Sci., vol. 34, no. 10, pp. 10068–10078, 2022.

D. Zhao, “Fuzzing technique in web applications and beyond,” in Journal of Physics: Conference Series, 2020, p. 12109.

M. Althunayyan, N. Saxena, S. Li, and P. Gope, “Evaluation of black-box web application security scanners in detecting injection vulnerabilities,” Electronics, vol. 11, no. 13, p. 2049, 2022.

R. Farismana and D. Pramadhana, “Perbandingan vulnerability assesment menggunakan owasp zap dan acunetix pada sistem informasi repositori politeknik negeri indramayu,” J. Tek, 2023.




DOI: https://doi.org/10.17509/jatikom.v7i2.80971

Refbacks

  • There are currently no refbacks.


Copyright (c) 2025 Universitas Pendidikan Indonesia (UPI)

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

JATIKOM is published by Universitas Pendidikan Indonesia
Jl. Dr. Setiabudhi 229 Bandung 40154, West Java, Indonesia
Website: http://www.upi.edu