Analisa Keamanan Website Terhadap Serangan Cross-Site Request Forgery (CSRF)

Rusdiana Rusdiana, Banta Cut, Sanusi Sanusi

Abstract


Cross-Site Request Forgery (CSRF)  is an attack that asks end users to take unwanted actions on a web application during the authentication process. The security of a web becomes very important from CSRF attacks, opposing with various encryption methods that can be used as alternatives to overcome CSRF attacks. The purpose of this research is to find the gaps in the East Aceh Regency Government website, to analyze the East Aceh Regency Government website for the CSRF attack, to minimize the CSRF attack on the East Aceh Government institution from the CSRF attack technique. using the Acunetix tool. Based on the analysis of the East Aceh Government website, a conclusion can be made, namely the assessment of the website jdih.acehtimurkab.go.id and acehtimurkab.go.id cross scripting based DOM site., analysis of attacks on the East Aceh Government website with HTML attack type without CSRF protection found attack protection on Alert Media, and based on security analysis and attack analysis on the website, an anti CSRF library was created that can be used to find all forms of attack from the CSRF attack technique.


Keywords


Analysis, Security, Website, Cross-Site Request Forgery (CSRF), East Aceh timur.

Full Text:

PDF

References


Acunetix. (2019). DOM XSS: An Explanation of DOM-based Cross-site Scripting. https://www.acunetix.com/blog/articles/dom-xss-explained/. 12 April 2019 (16:56).

Ahmed, A.S. and Laud, P. (2011). May. Formal Security analysis of OpenID with GBA protocol. In International Conference on Security and Privacy in Mobile Information and Communication Systems (pp. 113-124). Springer, Berlin, Heidelberg.

Chen, C., Mitchell, C.J. and Tang, S. (2013). Ubiquitous one-time password service using the Generic Authentication Architecture. Mobile Networks and Applications, 18(5). pp.738-747.

Firdaus, T.R. (2017). Keamanan Aplikasi Web Melalui Penerapan Cross Site Request Forgery (CSRF). ITEj (Information Technology Engineering Journals). 1(2).

Fielding, R. and Reschke, J., 2014. Hypertext transfer protocol (HTTP/1.1): Message syntax and routing (No. RFC 7230).

Ian, M. (2019). What is Cross-site Request Forgery?. https://www.acunetix.com/blog/articles/cross-site-request-forgery/. 14 Februari 2019 (22:22).

Makalalag, R. and Najoan, X.B. (2017). Kajian Implementasi Cross Site Request Forgery (CSRF) Pada Celah Keamanan Website. Jurnal Teknik Informatika Universitas Sam Ratulangi, 12(1).

Nofia Delta, E. (2017). Performance Test Dan Stress Website Menggunakan Open Source Tools. Jurnal Manajemen Informatika, 6(1).

Petefish, P., Sheridan, E. and Wichers, D. (2011). Cross-site request forgery (csrf) prevention cheat sheet.

Patil, D.K. and Patil, K. (2016). Automated Clientside Sanitizer for Code Injection Attacks. International Journal of Information Technology and Computer Science, 8(4), pp.86-95.


Refbacks

  • There are currently no refbacks.


Copyright (c) 2019 Rusdiana rusdiana, Banta Cut, sanusi Sanusi



Kandidat : Jurnal Riset dan Inovasi Pendidikan


Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

© Kandidat : Jurnal Riset dan Inovasi Pendidikan

Published by Center for Research and Community Service (LPPM) University of Abulyatama, Aceh, Indonesia. 2019