Analisis Keamanan Sistem Akademik Berbasis Web terhadap Serangan SQL Injection
DOI:
https://doi.org/10.62671/jikum.v2i1.161Abstract
Web-based academic systems have become an essential component in managing educational data, including student records, lecturer data, grades, class schedules, and other academic administration processes. The implementation of web technology enables educational institutions to improve efficiency, speed, and accuracy in processing academic information in an integrated manner, as well as providing easy access for users anytime and anywhere. However, this openness also introduces various security risks that may threaten data confidentiality and system reliability. One of the most common security threats in web applications is SQL Injection attacks, which exploit weaknesses in user input handling, particularly in applications connected to databases. Through this attack, malicious actors can insert harmful SQL commands to gain unauthorized access, modify data, or delete critical information. This study aims to analyze the vulnerability level of a web-based academic system to SQL Injection attacks and to identify appropriate prevention measures. The research method employs a case study approach and literature analysis with simulated attacks on login forms and data input features. The results indicate that systems lacking input validation, data sanitization, and prepared statements are highly vulnerable to SQL Injection attacks. Therefore, the implementation of proper security mechanisms is essential to protect academic data.
References
Alwan, Z. S., & Younis, M. F. (2016). Detection and prevention of SQL injection attack using pattern matching technique. International Journal of Computer Science and Network Security, 16(1), 27–34.
Antunes, N., & Vieira, M. (2010). Comparing the effectiveness of penetration testing and static code analysis on the detection of SQL injection vulnerabilities. Journal of Systems and Software, 83(10), 1941–1956.
Halfond, W. G., & Orso, A. (2005). AMNESIA: Analysis and monitoring for neutralizing SQL injection attacks. IEEE Transactions on Software Engineering, 31(10), 791–812.
Halfond, W. G., Viegas, J., & Orso, A. (2006). A classification of SQL-injection attacks and countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering, 13–15.
Kurniawan, Y., & Nugroho, A. (2019). Analisis keamanan aplikasi web terhadap serangan SQL injection. Jurnal Teknologi Informasi, 14(2), 85–92.
Mereani, L., & Howells, G. (2012). SQL injection prevention techniques: A review. International Journal of Computer Science Issues, 9(3), 1–9.
Rahman, A., & Hidayat, T. (2020). Penerapan prepared statement untuk mencegah SQL injection pada aplikasi web. Jurnal Sistem Informasi, 16(1), 45–52.
Sadeghian, A., Zamani, B., & Ghorbani, A. A. (2013). Detection of SQL injection attacks: A survey. International Journal of Computer Science and Network Security, 13(1), 1–11.
Shar, L. K., Tan, H. B. K., & Briand, L. C. (2013). Mining SQL injection and cross-site scripting vulnerabilities using hybrid program analysis. Proceedings of the International Conference on Software Engineering, 642–651.
Shin, Y., Meneely, A., Williams, L., & Osborne, J. (2011). Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Transactions on Software Engineering, 37(6), 772–787.
Supriyanto, E., & Pratama, R. (2018). Analisis keamanan sistem informasi akademik berbasis web. Jurnal Informatika, 12(3), 120–128.
Tandon, A., & Kumar, R. (2015). SQL injection attack detection and prevention techniques. International Journal of Computer Applications, 113(3), 1–6.
Vieira, M., Antunes, N., & Madeira, H. (2009). Using web security scanners to detect vulnerabilities in web services. Proceedings of the IEEE/IFIP International Conference on Dependable Systems & Networks, 566–571.
Wassermann, G., & Su, Z. (2008). Sound and precise analysis of web applications for injection vulnerabilities. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 32–41.
Zainal, A., & Setiawan, D. (2021). Pengujian keamanan sistem informasi berbasis web menggunakan metode penetration testing. Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), 5(2), 310–317.
