Web Application Penetration Testing Using SQL Injection Attack
A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applicat...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Politeknik Negeri Padang
2021-09-01
|
Series: | JOIV: International Journal on Informatics Visualization |
Subjects: | |
Online Access: | https://joiv.org/index.php/joiv/article/view/470 |
_version_ | 1811159788987351040 |
---|---|
author | Alde Alanda Deni Satria M.Isthofa Ardhana Andi Ahmad Dahlan Hanriyawan Adnan Mooduto |
author_facet | Alde Alanda Deni Satria M.Isthofa Ardhana Andi Ahmad Dahlan Hanriyawan Adnan Mooduto |
author_sort | Alde Alanda |
collection | DOAJ |
description | A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack. |
first_indexed | 2024-04-10T05:47:05Z |
format | Article |
id | doaj.art-05553336a06d4cfcba6d40ff7997f756 |
institution | Directory Open Access Journal |
issn | 2549-9610 2549-9904 |
language | English |
last_indexed | 2024-04-10T05:47:05Z |
publishDate | 2021-09-01 |
publisher | Politeknik Negeri Padang |
record_format | Article |
series | JOIV: International Journal on Informatics Visualization |
spelling | doaj.art-05553336a06d4cfcba6d40ff7997f7562023-03-05T10:30:14ZengPoliteknik Negeri PadangJOIV: International Journal on Informatics Visualization2549-96102549-99042021-09-015332032610.30630/joiv.5.3.470285Web Application Penetration Testing Using SQL Injection AttackAlde Alanda0Deni Satria1M.Isthofa Ardhana2Andi Ahmad Dahlan3Hanriyawan Adnan Mooduto4Department of Information Technology, Politeknik Negeri Padang, Padang, West Sumatera, IndonesiaDepartment of Information Technology, Politeknik Negeri Padang, Padang, West Sumatera, IndonesiaDepartment of Information Technology, Politeknik Negeri Padang, Padang, West Sumatera, IndonesiaDepartment of Electronics Engineering, Politeknik Negeri Padang, Padang, West Sumatera, IndonesiaDepartment of Information Technology, Politeknik Negeri Padang, Padang, West Sumatera, IndonesiaA web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.https://joiv.org/index.php/joiv/article/view/470penetration testingcybersecuritywebsiteinformation securitysql injection. |
spellingShingle | Alde Alanda Deni Satria M.Isthofa Ardhana Andi Ahmad Dahlan Hanriyawan Adnan Mooduto Web Application Penetration Testing Using SQL Injection Attack JOIV: International Journal on Informatics Visualization penetration testing cybersecurity website information security sql injection. |
title | Web Application Penetration Testing Using SQL Injection Attack |
title_full | Web Application Penetration Testing Using SQL Injection Attack |
title_fullStr | Web Application Penetration Testing Using SQL Injection Attack |
title_full_unstemmed | Web Application Penetration Testing Using SQL Injection Attack |
title_short | Web Application Penetration Testing Using SQL Injection Attack |
title_sort | web application penetration testing using sql injection attack |
topic | penetration testing cybersecurity website information security sql injection. |
url | https://joiv.org/index.php/joiv/article/view/470 |
work_keys_str_mv | AT aldealanda webapplicationpenetrationtestingusingsqlinjectionattack AT denisatria webapplicationpenetrationtestingusingsqlinjectionattack AT misthofaardhana webapplicationpenetrationtestingusingsqlinjectionattack AT andiahmaddahlan webapplicationpenetrationtestingusingsqlinjectionattack AT hanriyawanadnanmooduto webapplicationpenetrationtestingusingsqlinjectionattack |