Article Per Year (5 Year)
p-Index From 2019 - 2024
0.23
P-Index
This Author published in this journals
All Journal Journal of Computer Networks, Architecture and High Performance Computing
Anaoval, Abdul Aziz
Unknown Affiliation
Computer Science & IT Education

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Analysis of Manual and Automated Methods Effectiveness in Website Penetration Testing for Identifying SQL Injection Vulnerabilities Anaoval, Abdul Aziz; Zy, Ahmad Turmudi; S, Suherman
Journal of Computer Networks, Architecture and High Performance Computing Vol. 6 No. 3 (2024): Articles Research Volume 6 Issue 3, July 2024
Publisher : Information Technology and Science (ITScience)

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.47709/cnahpc.v6i3.4249

Abstract

This research aims to identify vulnerabilities to SQL Injection attacks on websites through penetration testing using quantitative and descriptive methods. In the current digital era, data and information security has become a crucial aspect. One of the frequent threats is SQL Injection attacks, where attackers insert malicious SQL commands into queries executed by web applications. This study utilizes tools such as Burp Suite to identify and exploit vulnerabilities in a login form created by the researchers. The research process begins with the Pre-Engagement Interactions phase, which includes information gathering and setting the testing scope. Subsequently, Vulnerability Testing is conducted to evaluate existing weaknesses. The exploitation of vulnerabilities is performed using the 'OR'1'='1 technique, which successfully demonstrates that the website is vulnerable to SQL Injection attacks. The results of this study indicate that the login form on the website is susceptible to SQL Injection due to insufficient input validation and the use of dynamic SQL queries without prepared statements. Implementing stricter input validation techniques and using prepared statements has proven effective in enhancing website security. This research makes a significant contribution to the field of information system security, particularly in the prevention of SQL Injection attacks. The results of this study can serve as a practical guide for web developers in improving the security of their applications and provide a deeper understanding of the threats and mitigation techniques for SQL Injection.
Co-Authors s, suherman Zy, Ahmad Turmudi