Meningkatkan Keamanan Web Menggunakan Algoritma Advanced Encryption Standard (AES) terhadap Seragan Cross Site Scripting
DOI:
https://doi.org/10.37034/jsisfotek.v3i2.44Keywords:
AES Algorithm, XSS, Token, Security, E-learningAbstract
In the millennial era, the internet has become a very basic need to support community activities in various fields, one of which is education. SMK Maritim Nusantara in supporting the learning process uses a web-based application called e-learning which is used by teachers and students. The school website has several documents in digital form that must be kept confidential, such as student data, teacher data, student grades. After scanning using the Acunetix WVS 10.5 application, information was obtained about the security holes found on the website https://www.e-learning.smkmn.sch.id, with the results of which there were 8 (eight) attacks with details, 2 (two). ) a hight category with the name Cross site scripting (XSS) attack, 4 (four) medium categories with the name HTML form attack without CSRF protection and 2 (two) low categories with the name Password type input attack with auto-complete enabled. The most dangerous attack category / hight is XSS. XSS attack is an attack that inserts malicious code in the form of javascript through an input form that aims to steal cookies and then uses the cookie to enter the web legally so that data can be manipulated and even deleted. For this reason, a strong system is needed to maintain security, confidentiality of school data, one way that can be used is by implementing the Standard Advance Encryption Algorithm (AES), this algorithm has a high level of security and uses little memory in its operation so that it does not burdensome to process and easy to implement. The results of research conducted by applying the AES Algorithm explain that previously there were 2 (two) high category vulnerabilities called XSS attacks, after the implementation of the AES Algorithm, the XSS attack vulnerability was no longer found. Based on the results obtained in the study, it can be concluded that the implementation of the AES Algorithm in tokens can improve the security of the https://www.e-learning.smkmn.sch.id website from XSS attacks
References
Putra, S. S. H. (2017). Penanggulangan Serangan XSS , CSRF , SQL Injection Menggunakan Metode Blackbox Pada Marketplace IVENMU. Jurnal Pendidikan dan Teknologi Informasi, 4(2), 289–300.
Marashdih, A. W., & Zaaba, Z. F. (2017). Cross Site Scripting: Removing Approaches in Web Application. Procedia Computer Science, 124, 647–655. DOI: http://doi.org/10.1016/j.procs.2017.12.201 .
Marashdih, A. W., Zaaba, Z. F., & Omer, H. K. (2017). Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm. International Journal of Advanced Computer Science and Applications (IJACSA), 8(5). DOI: http://doi.org/10.14569/ijacsa.2017.080509 .
Mohammadi, M., Chu, B-T., & Lipford, H. R. (2018). Automated Detecting and Repair of Cross-Site Scripting Vulnerabilities. Cornell Unversity.
G, K. N., S. Sahana, S., & Santhosh, K. B. J. (2019). Detection and Avoidance of Web Vulnerability Using XSS. International Journal of Recent Technology and Engineering (IJRTE), 8(2), 1737–1740. DOI: http://doi.org/10.35940/ijrte.B1039.078219 .
Fang, Y., Huang, C., Xu, Y., & Li, Y. (2019). RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning. Future Internet, 11(8). DOI: http://doi.org/10.3390/fi11080177 .
Yulianingsih, Y. (2017). Melindungi Aplikasi dari Serangan Cross Site Scripting (XSS) dengan Metode Metacharacter. Journal Nasional Teknologi & Sistem Informasi, 3(1), 83–88. DOI: http://doi.org/10.25077/teknosi.v3i1.2017.83-88 .
Rahmatulloh, A., Sulastri, H., & Nugroho, R. (2018). Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512. Jurnal Nasional Teknologi Elektro dan Teknologi Informasi, 7(2). DOI: http://dx.doi.org/10.22146/jnteti.v7i2.417 .
Aris., Sahara, S., Aini, N., Ajija, M. T., & Mauna, R. N. (2017). Implementasi Kriptografi Algoritma AES Serta Algoritma Kompresi Huffman dengan Menggunakan Pemograman PHP. Koferensi Nasional Sistem & Informatika, 2(1), 225–230.
Prameshwari, A., & Sastra, N. P. (2018). Implementasi Algoritma Advanced Encryption Standard (AES) 128 Untuk Enkripsi dan Dekripsi File Dokumen. Jurnal Eksplora Informatika, 8(1). DOI: http://doi.org/10.30864/eksplora.v8i1.139 .
Anwar, S. (2017). Implementasi Pengamanan Data dan Informasi dengan Metode Steganografi LSB dan Algoritma Kriptografi AES. Jurnal Format, 6(1).
Santoso, K. I., & Priyoatmoko, W. (2016). Pengamanan Data Mysql pada E-Commerce dengan Algoritma AES 256. Seminar Nasional Sistem Informasi Indonesia, 1(1).
Wiguna, B. S., Kusyanti, A., & Yahya, W. (2018). Implementasi Algoritme Blake2s pada JSON Web Token (JWT) sebagai Algoritme Hashing untuk Mekanisme Autentikasi Layanan REST-API. JPTIIK Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, 2(12), 6269–6276.
Gunawan, R., & Rahmatulloh, A. (2019). JSON Web Token (JWT) untuk Authentication pada Interoperabilitas Arsitektur berbasis RESTful Web Service. Jurnal Edukasi dan Penelitian Informatika (JEPIN), 5(1). DOI: http://dx.doi.org/10.26418/jp.v5i1.27232 .
Budianto, W., Amini, S., & Ariyani, P. F. (2017). Aplikasi Pengamanan Dokumen Digital Menggunakan Algoritma Kriptografi Advanced Encryption Standard (AES-128), Kompresi Huffman Dan Steganografi End of File (EoF) Berbasis Desktop Pada Cv. Karya Perdana. Seminar Nasional Teknologi dan Informatika (Prosiding SNATIF).
Mustika, L. (2020). Implementasi Algoritma AES Untuk Pengamanan Login dan Data Customer Pada E-Commerce Berbasis Web. JURIKOM (Jurnal Riset Komputer), 7(1). DOI: http://dx.doi.org/10.30865/jurikom.v7i1.1943
