Website Security System from Denial of Service attacks, SQL Injection, Cross Site Scripting using Web Application Firewall
Abstract
The Internet and web applications play an important role in our modern life today. Some of our day-to-day activities like browsing, booking flights or ships, paying bills are becoming easier and easier using a web application. Nowadays a lot of people are using web applications for the desired product or service. Users who provide names, personal data, payment data, can be a source of income for hackers targeting user sensitive information. Hackers can not only steal confidential user data, but can also insert malware into the attacked website. In another study, it was mentioned that a server is very vulnerable if it does not have a good firewall or security. The solution proposed by the author is to add a service between the user and the server as an intermediary so that the hacker cannot directly enter the server of a web application. In this study, researchers will use cloudflare-protected websites as targets for penetration testing using Kali Linux. By using cloudflare, we can set the rules and the level of security of the website so that we can easily prevent attacks by hackers.
Downloads
References
B. Gogoi, T. Ahmed, and H. K. Saikia, “Detection of XSS Attacks in Web Applications: A Machine Learning Approach,” International Journal of Innovative Research in Computer Science & Technology, vol. 9, no. 1, pp. 1–10, Jan. 2021, doi: 10.21276/ijircst.2021.9.1.1.
A. Aljuhani, T. Alharbi, and B. Taylor, “Mitigation of Application Layer DDoS Flood Attack Against Web Servers,” Journal of Information Security and Cybercrimes Research, vol. 2, no. 1, 2019, doi: 10.26735/16587790.2019.002.
S. Rai and B. Nagpal, “Detection & Prevention of SQL Injection Attacks: Developments of the Decade,” 2019. [Online]. Available: https://www.researchgate.net/publication/332409784
A. A. Onyekachi, A. O. Agbakwuru, and D. O. Njoku, “SQL Injection Attack on Web Base Application: Vulnerability Assessments and Detection Technique An Enhanced Query Process Algorithm for Distributed Database system View project Review of Prospect and Challenges of IOT in Nigeria Business View project SQL Injection Attack on Web Base Application: Vulnerability Assessments and Detection Technique,” International Research Journal of Engineering and Technology, 2021, [Online]. Available: https://www.researchgate.net/publication/353257660
Lakhno V et al., “Experimental Studies Of The Features Of Using Waf To Protect Internal Services In The Zero Trust Structure,” J Theor Appl Inf Technol, vol. 15, no. 3, 2022, [Online]. Available: www.jatit.org
J. Harefa, G. Prajena, A. Alexander, A. Muhamad, E. V. S. Dewa, and S. Yuliandry, “SEA WAF: The Prevention of SQL Injection Attacks on Web Applications,” Advances in Science, Technology and Engineering Systems Journal, vol. 6, no. 2, pp. 405–411, Mar. 2021, doi: 10.25046/aj060247.
G. H. A. Kusuma, “Sistem Firewall untukPencegahan DDOS ATTACK di Masa Pandemi Covid-19,” Journal of Informatics and Advanced Computing (JIAC), vol. 3, no. 1, 2022.
A. Salim, G. Surono, E. B. Pabelan, and A. Raizaldi, “JBPI-Jurnal Bidang Penelitian Informatika Ciptaan disebarluaskan di bawah Lisensi Creative Commons Atribusi 4.0 Internasional Penerapan Load Balancing Metode Per Connection Classifier Berbasis Router Mikrotik di PT.Asuransi Jiwa Nasional,” 2023. [Online]. Available: https://ejournal.kreatifcemerlang.id/index.php/jbpi
T. S. Gunawan, M. K. Lim, M. Kartiwi, N. A. Malik, and N. Ismail, “Penetration testing using Kali linux: SQL injection, XSS, wordpres, and WPA2 attacks,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 12, no. 2, pp. 729–737, Nov. 2018, doi: 10.11591/ijeecs.v12.i2.pp729-737.
G. H. A. Kusuma, “Sistem Firewall untuk Pencegahan DDOS ATTACK di Masa Pandemi Covid-19,” Journal of Informatics and Advanced Computing (JIAC), vol. 3, no. 1, 2022.
Z. Salim Alwan, M. F. Younis, and Z. S. Alwan, “Detection and Prevention of SQL Injection Attack: A Survey International Journal of Computer Science and Mobile Computing Detection and Prevention of SQL Injection Attack: A Survey,” 2017. [Online]. Available: https://www.researchgate.net/publication/320108029
Copyright (c) 2024 Antivirus : Jurnal Ilmiah Teknik Informatika
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Copyright on any article is retained by the author(s).
- Author grant the journal, right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work’s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
- The article and any associated published material is distributed under the Creative Commons Attribution-ShareAlike 4.0 International License
