DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS
QL Injection attacks are still one type of attack that often occurs in web-based applications. The causes and ways to prevent SQL Injection have been widely explained in various sources. Unfortunately, until now, SQL Injection vulnerabilities are still often found in multiple applications....
Main Authors: | , |
---|---|
Format: | Article |
Language: | Indonesian |
Published: |
Universitas Muhammadiyah Ponorogo
2023-07-01
|
Series: | Multitek Indonesia |
Subjects: | |
Online Access: | https://journal.umpo.ac.id/index.php/multitek/article/view/7267/2759 |
_version_ | 1797671382008463360 |
---|---|
author | Muhammad Fahmi Al Azhar Ruki Harwahyu |
author_facet | Muhammad Fahmi Al Azhar Ruki Harwahyu |
author_sort | Muhammad Fahmi Al Azhar |
collection | DOAJ |
description | QL Injection attacks are still one type of attack that often occurs in web-based applications. The causes and ways to prevent SQL Injection have been widely explained in various sources. Unfortunately, until now, SQL Injection vulnerabilities are still often found in multiple applications. Web-based application frameworks that already have functions to protect against attacks are often not used optimally. This is inseparable from the role of programmers, who often forget the rules for writing program code to prevent SQL Injection attacks. We conducted this research to detectSQL Injection vulnerabilities in source code using a case study of the PHP CodeIgniter framework. We compared this research with static analysis tools like RIPS, Synopsys Coverity, and Sonarqube. The tool we have developed can detect SQL Injection vulnerabilities that cannot be detected by the two tools with an accuracy of 88.8%. The results of our research can provide suggestions for programmers so that they can improve the code they write. |
first_indexed | 2024-03-11T21:14:42Z |
format | Article |
id | doaj.art-2cab02ad6ccb4214b083baf1f46d2956 |
institution | Directory Open Access Journal |
issn | 1907-6223 2579-3497 |
language | Indonesian |
last_indexed | 2024-03-11T21:14:42Z |
publishDate | 2023-07-01 |
publisher | Universitas Muhammadiyah Ponorogo |
record_format | Article |
series | Multitek Indonesia |
spelling | doaj.art-2cab02ad6ccb4214b083baf1f46d29562023-09-29T04:45:25ZindUniversitas Muhammadiyah PonorogoMultitek Indonesia1907-62232579-34972023-07-01171697810.24269/mtkind.v17i1.7267DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSISMuhammad Fahmi Al Azhar0 Ruki Harwahyu1Universitas Indonesia, IndonesiaUniversitas Indonesia, IndonesiaQL Injection attacks are still one type of attack that often occurs in web-based applications. The causes and ways to prevent SQL Injection have been widely explained in various sources. Unfortunately, until now, SQL Injection vulnerabilities are still often found in multiple applications. Web-based application frameworks that already have functions to protect against attacks are often not used optimally. This is inseparable from the role of programmers, who often forget the rules for writing program code to prevent SQL Injection attacks. We conducted this research to detectSQL Injection vulnerabilities in source code using a case study of the PHP CodeIgniter framework. We compared this research with static analysis tools like RIPS, Synopsys Coverity, and Sonarqube. The tool we have developed can detect SQL Injection vulnerabilities that cannot be detected by the two tools with an accuracy of 88.8%. The results of our research can provide suggestions for programmers so that they can improve the code they write.https://journal.umpo.ac.id/index.php/multitek/article/view/7267/2759static analysissql injectionphpcodeigniter |
spellingShingle | Muhammad Fahmi Al Azhar Ruki Harwahyu DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS Multitek Indonesia static analysis sql injection php codeigniter |
title | DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS |
title_full | DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS |
title_fullStr | DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS |
title_full_unstemmed | DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS |
title_short | DETECTION OF SQL INJECTION VULNERABILITY IN CODEIGNITER FRAMEWORK USING STATIC ANALYSIS |
title_sort | detection of sql injection vulnerability in codeigniter framework using static analysis |
topic | static analysis sql injection php codeigniter |
url | https://journal.umpo.ac.id/index.php/multitek/article/view/7267/2759 |
work_keys_str_mv | AT muhammadfahmialazhar detectionofsqlinjectionvulnerabilityincodeigniterframeworkusingstaticanalysis AT rukiharwahyu detectionofsqlinjectionvulnerabilityincodeigniterframeworkusingstaticanalysis |