Analisis Keamanan Website E-Pinter terhadap Serangan SQL Injection dan XSS
DOI:
https://doi.org/10.55606/jupti.v4i3.5234Keywords:
Cross-Site Scripting, Penetration Testing, Security, SQL Injection, WebsiteAbstract
Website security is a crucial aspect of ensuring data integrity, confidentiality, and availability, especially in the face of increasingly sophisticated cyber threats. E-Pinter, a digital licensing service platform, is highly vulnerable to cyberattacks such as SQL Injection and Cross-Site Scripting (XSS), both of which can potentially compromise its system and the sensitive information stored within. This study aims to evaluate the security level of the E-Pinter website against these two types of attacks through a combination of manual and automated penetration testing methods designed to identify existing vulnerabilities. The SQL Injection tests involved inserting various payloads into input parameters to assess whether the database could be manipulated, while the XSS tests were conducted by embedding malicious scripts into unvalidated inputs to determine the likelihood of user interface exploitation. The results revealed several weaknesses that attackers could exploit, potentially leading to data leaks, unauthorized access, and disruptions to system operations. These findings highlight that the E-Pinter platform, as a critical public service system, requires immediate strengthening of its security protocols. As a mitigation effort, the research recommends the implementation of prepared statements to protect against SQL Injection attacks and the use of functions such as htmlspecialchars() to prevent the execution of malicious XSS scripts. Furthermore, it emphasizes the importance of continuous security monitoring, regular penetration testing, and proper input validation as essential practices for sustainable website protection. By adopting these measures, the security of E-Pinter can be significantly enhanced, ensuring the safety of user data, improving public trust in digital government services, and reducing the risk of exploitation in the future, especially as digital transformation accelerates in public administration and service delivery.
References
Aliero, M. S., Ghani, I., Zainudden, S., Khan, M. M., & Bello, M. (2015). Review on SQL injection protection methods and tools. Jurnal Teknologi (Sciences & Engineering), 77(13). https://doi.org/10.11113/jt.v77.6359
Andriyani, S., Sidiq, M. F., & Zen, B. P. (2023). Analisis celah keamanan pada website dengan menggunakan metode penetration testing dan framework ISSAF pada Website SMK Al-Kautsar. LEDGER: Journal Informatic and Information Technology, 2(1), 1–13.
Anugrah, T. (2024). Penetration testing keamanan website STIE Samarinda menggunakan teknik SQL injection dan XSS. Jurnal Informatika dan Teknik Elektro Terapan, 12(1). https://doi.org/10.23960/jitet.v12i1.3882
Dahlan, M., Latubessy, A., Nurkamid, M., & Anggraini, L. (2014). Pengujian dan analisa keamanan website terhadap serangan SQL injection (Studi kasus: Website UMK). Jurnal Sains dan Teknologi, 7(1), 13–19.
Hasibuan, A. F., & Handoko, D. (2023). Analisis kerentanan website dengan aplikasi OWASP ZAP. Jurnal Ilmu Komputer dan Sistem Informasi, 2(2), 257–270. https://doi.org/10.70340/jirsi.v2i2.51
Herman, H., Riadi, I., Kurniawan, Y., & Rafiq, I. A. (2023). Analisis keamanan website menggunakan Information System Security Assessment Framework (ISSAF). Jurnal Teknologi Informatika dan Komputer, 9(1), 126–136. https://doi.org/10.37012/jtik.v9i1.1439
Muhammad, H. H., Hadiana, A. I., & Ashaury, H. (2023). Pengamanan aplikasi web dari serangan SQL injection dan cross-site scripting menggunakan web application firewall. JATI (Jurnal Mahasiswa Teknik Informatika), 7(5), 3265–3273. https://doi.org/10.36040/jati.v7i5.7320
Muhyidin, Y., Totohendarto, M. H., & Undamayanti, E. (2022). Perbandingan tingkat keamanan website menggunakan Nmap dan Nikto dengan metode ethical hacking. Jurnal Teknologika, 12(1), 80–89.
Mujiati, H. (2013). Analisis dan perancangan sistem informasi stok obat pada Apotek Arjowinangun. Indonesian Journal of Computer Science (Speed FTI UNSA), 9330(2), 1–6.
Prasetyo, S. E., & Hassanah, N. (2021). Analisis keamanan website Universitas Internasional Batam menggunakan metode ISSAF. Jurnal Ilmiah Informatika, 9(2), 82–86. https://doi.org/10.33884/jif.v9i02.3758
Risky, M. A. Z., & Yuhandri, Y. (2021). Optimalisasi dalam penetration testing keamanan website menggunakan teknik SQL injection dan XSS. Jurnal Sistim Informasi dan Teknologi, 215–220. https://doi.org/10.37034/jsisfotek.v3i4.68
Saputra, D. W., Pradini, R. S., & Anshori, M. (2025). Analisis dan rekomendasi keamanan website Kampus X menggunakan ISSAF. Jurnal Indonesia: Manajemen Informatika dan Komunikasi, 6(1), 830–843. https://doi.org/10.35870/jimik.v6i1.1306
Smith, A. B. (2019). Analisis keamanan jaringan menggunakan intrusion prevention system. Journal of Cybersecurity, 17(3), 105–120.
Umar, R., Riadi, I., & Elfatiha, M. I. A. (2023). Analisis keamanan sistem informasi akademik berbasis web menggunakan framework ISSAF. Jutisi: Jurnal Ilmiah Teknik Informatika dan Sistem Informasi, 12(1). https://doi.org/10.35889/jutisi.v12i1.1191
Utama, D. A., Khairil, K., & Supardi, R. (2024). Analisis keamanan website menggunakan PTES (Penetration Testing Execution and Standard). Jurnal Media Infotama, 20(1), 106–112.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Jurnal Publikasi Teknik Informatika
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
