Website Security System from Denial of Service attacks, SQL Injection, Cross Site Scripting using Web Application Firewall

  • Stefanus Eko Prasetyo Universitas Internasional batam
  • Haeruddin Haeruddin Universitas Internasional Batam
  • Kelvin Ariesryo Universitas Internasional Batam
Abstract views: 740 , PDF downloads: 637
Keywords: Cloudflare, Hacker, Internet, Website

Abstract

The Internet and web applications play an important role in our modern life today. Some of our day-to-day activities like browsing, booking flights or ships, paying bills are becoming easier and easier using a web application. Nowadays a lot of people are using web applications for the desired product or service. Users who provide names, personal data, payment data, can be a source of income for hackers targeting user sensitive information. Hackers can not only steal confidential user data, but can also insert malware into the attacked website. In another study, it was mentioned that a server is very vulnerable if it does not have a good firewall or security. The solution proposed by the author is to add a service between the user and the server as an intermediary so that the hacker cannot directly enter the server of a web application. In this study, researchers will use cloudflare-protected websites as targets for penetration testing using Kali Linux. By using cloudflare, we can set the rules and the level of security of the website so that we can easily prevent attacks by hackers.

Downloads

Download data is not yet available.

References

P. Sharma, R. Johari, and S.S Sharma, Combined Approach to prevent XSS Attacks and SQL injection. CPS IEEE, 2012.
B. Gogoi, T. Ahmed, and H. K. Saikia, “Detection of XSS Attacks in Web Applications: A Machine Learning Approach,” International Journal of Innovative Research in Computer Science & Technology, vol. 9, no. 1, pp. 1–10, Jan. 2021, doi: 10.21276/ijircst.2021.9.1.1.
A. Aljuhani, T. Alharbi, and B. Taylor, “Mitigation of Application Layer DDoS Flood Attack Against Web Servers,” Journal of Information Security and Cybercrimes Research, vol. 2, no. 1, 2019, doi: 10.26735/16587790.2019.002.
S. Rai and B. Nagpal, “Detection & Prevention of SQL Injection Attacks: Developments of the Decade,” 2019. [Online]. Available: https://www.researchgate.net/publication/332409784
A. A. Onyekachi, A. O. Agbakwuru, and D. O. Njoku, “SQL Injection Attack on Web Base Application: Vulnerability Assessments and Detection Technique An Enhanced Query Process Algorithm for Distributed Database system View project Review of Prospect and Challenges of IOT in Nigeria Business View project SQL Injection Attack on Web Base Application: Vulnerability Assessments and Detection Technique,” International Research Journal of Engineering and Technology, 2021, [Online]. Available: https://www.researchgate.net/publication/353257660
Lakhno V et al., “Experimental Studies Of The Features Of Using Waf To Protect Internal Services In The Zero Trust Structure,” J Theor Appl Inf Technol, vol. 15, no. 3, 2022, [Online]. Available: www.jatit.org
J. Harefa, G. Prajena, A. Alexander, A. Muhamad, E. V. S. Dewa, and S. Yuliandry, “SEA WAF: The Prevention of SQL Injection Attacks on Web Applications,” Advances in Science, Technology and Engineering Systems Journal, vol. 6, no. 2, pp. 405–411, Mar. 2021, doi: 10.25046/aj060247.
G. H. A. Kusuma, “Sistem Firewall untukPencegahan DDOS ATTACK di Masa Pandemi Covid-19,” Journal of Informatics and Advanced Computing (JIAC), vol. 3, no. 1, 2022.
A. Salim, G. Surono, E. B. Pabelan, and A. Raizaldi, “JBPI-Jurnal Bidang Penelitian Informatika Ciptaan disebarluaskan di bawah Lisensi Creative Commons Atribusi 4.0 Internasional Penerapan Load Balancing Metode Per Connection Classifier Berbasis Router Mikrotik di PT.Asuransi Jiwa Nasional,” 2023. [Online]. Available: https://ejournal.kreatifcemerlang.id/index.php/jbpi
T. S. Gunawan, M. K. Lim, M. Kartiwi, N. A. Malik, and N. Ismail, “Penetration testing using Kali linux: SQL injection, XSS, wordpres, and WPA2 attacks,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 12, no. 2, pp. 729–737, Nov. 2018, doi: 10.11591/ijeecs.v12.i2.pp729-737.
G. H. A. Kusuma, “Sistem Firewall untuk Pencegahan DDOS ATTACK di Masa Pandemi Covid-19,” Journal of Informatics and Advanced Computing (JIAC), vol. 3, no. 1, 2022.
Z. Salim Alwan, M. F. Younis, and Z. S. Alwan, “Detection and Prevention of SQL Injection Attack: A Survey International Journal of Computer Science and Mobile Computing Detection and Prevention of SQL Injection Attack: A Survey,” 2017. [Online]. Available: https://www.researchgate.net/publication/320108029

PlumX Metrics

Published
2024-05-10
How to Cite
[1]
S. E. Prasetyo, H. Haeruddin, and K. Ariesryo, “Website Security System from Denial of Service attacks, SQL Injection, Cross Site Scripting using Web Application Firewall”, antivirus, vol. 18, no. 1, pp. 27-36, May 2024.
Section
Articles