Paper - Akbar Rosyidi - 20220130008
Paper - Akbar Rosyidi - 20220130008
Paper - Akbar Rosyidi - 20220130008
1ˢͭ Akbar Rosyidi, IT Application Support Officer, PT Valista Indonesia , Jakarta Indonesia ahmad.saybu@valista.co.id
Abstract— With the rapid development of technology in detrimental attacks are attacks that aim to steal data or data
recent years, making all activities and work easier, as well as theft.
accessing news and information. One of the media that is often
used to find various kinds of information at this time is the Of the many data theft methods used by attackers to
website. many websites today are often the target of various penetrate security systems on websites, one of the most
cyber-attacks. so, we need a system that is able to provide popular is SQL Injection attacks. Even according to Akamai
protection and solutions in website security. This paper on www.cbronline.com in 2017 SQL injection attacks are
explains how the Web Application Firewall method can the most common cyber-attacks, reaching almost 44% of
become a security system to secure a website from cyber- cases [4]. According to references from the book written by
attacks. The Web Application Firewall method is carried out
J. Clarke on in 2012 with the title "SQL Injection Attacks
by Rules Configuration using ModSecurity when SQL
Injection attack accessing websites that have Web Application
and Defense" [5], SQL injection attacks is a type of injection
Firewall installed. attack into a web application, which the attacker can execute
dangerous sql statement. Meanwhile, according to open web
Keywords— Web Application Firewall, Security, Website, application security (OWASP) SQL injection is a technique
Cyber-Attack, SQL Injection that is often used by attackers to break into an illegal
website. SQL injection is used by attackers to send
I. INTRODUCTION
commands SQL commands via URL which will be executed
With the increasing development of information by the web server. From this information injection is
technology in recent years which has been quite rapid, it has included in the 10 most critical web security risks [6]. As for
made activities and work easier, such as accessing news and real examples of cases SQL injection attacks that occurred
information. one of the media that is often used to find recently, as reported by the site www.liputan6.com that
various information at this time is to search through the there has been a case of hacking by a number of hackers
website. A website or site can be interpreted as a collection from Surabaya managed to break into hundreds of overseas
of pages that display information on text data, still image web sites in 44 countries by using techniques SQL injection
data or moving image data, animation data, sound, video and [7]. Additionally, according to a report from Imperva in
a combination of all of them, both static and dynamic, which 2018, the vulnerability the highest attack on the website is
form a series of interrelated buildings where each connected dominated by SQL injection attacks, namely 19% or as
to the network pages [1]. Website is an application that is many as 3,294 cases of the total number of attacks that
stored on a Web Server, and executed by a web server. The occurred SQL injection attacks have increased quite rapidly
Web Server function receives requests in the form of web compared to the previous year only 896 cases were recorded
pages via HTTP or HTTPS from users known as web [8]. From the various information above, it is known that
browsers and sends back (response) the results in the form SQL injection attacks are still a problem that cannot be
of web pages which are generally in the form of HTML resolved optimally, so, it still requires special handling of
documents [2]. this problem. SQL injection too known to have several
Along with the development of website technology, it different types of attacks [9], including Tauntology-Based,
also develops and becomes popular among the general Incorrect Queries, Stored Procedure Injection, Piggy
public, the many websites that exist today make it often the Backed, Union-Based, Error Based, and finally, Blind SQL
target of various types of web attacks by users who have Injection.
malicious intent [3]. because the website stores important In this paper the author wants to try to analyze the Web
website user data, such as personal data which can be fatal if Application firewall method. Web Application Firewall [10]
misused. can be used as a system that can prevent and detect online
There are many types of attacks aimed at websites or attacks on websites, with detection rules to block access
commonly known as Cyber Attacks, some of which are data (blacklist) for attackers who carry out attacks on websites
theft, defacing, malware attacks, cyber terrorism, illegal that have a web application firewall installed.
content, etc. of the many attacks mentioned earlier, the most
II. STUDI LITERATURE B. ModSecurity
A. Web Application Firewall ModSecurity is an open-source web application
firewall (WAF). Originally designed as a module for the
Web Application Firewall (WAF) works to filter,
Apache HTTP server, it has evolved to provide a
monitor, and block HTTP traffic to and from web
variety of Hypertext Transfer Protocol request and
applications. WAF is distinguished from ordinary firewalls
response filtering capabilities along with other security
because WAF is able to filter the content of certain web
features across a number of different platforms
applications while ordinary firewalls function as a security
including the Apache HTTP server, Microsoft IIS and
gate between servers. By inspecting HTTP traffic, it can
Nginx.
prevent attacks originating from web application security
vulnerabilities, such as SQL Injection, cross-site scripting This is free software released under the Apache 2.0
(XSS), file inclusion, and security misconfigurations [11]. license. The platform provides configuration rules
known as 'SecRules' for real-time monitoring, logging
The main benefit of WAF is complete and productive
and filtering of Hypertext Transfer Protocol
protection of web applications at the application level
communications based on user-defined rules.
without having to change the application itself. WAF also
ModSecurity is most commonly used to provide
provides proactive security mechanisms such as URL
protection against a common class of vulnerabilities
encryption or site usage enforcement, to minimize the attack
using the OWASP ModSecurity Core Rule Set (CRS).
area with the least effort possible. In addition, the use of
WAF increases the security of web applications against This is an open-source set of rules written in
external attacks [12]. WAF has an advantage over traditional ModSecurity's SecRules language. To detect threats,
firewalls in that it offers greater visibility into sensitive ModSecurity needs to be installed on a web server or as
application data that is communicated using the HTTP a proxy server in front of a web application. This allows
application layer. And can prevent attacks in the application the engine to scan incoming and outgoing HTTP
layer that usually bypass network firewalls, including: communications to the endpoint. Depending on the rule
configuration, the engine will decide how the
Cross-site scripting (XSS) attacks, allowing
communication should be handled which includes the
attackers to inject and execute malicious scripts in
ability to forward, drop, redirect, return a given status
other users' browsers.
code, run user scripts and more.
Structured Query Language (SQL) Injection
Attacks, Attackers access and modify sensitive data III. RESEARCH METODHOLOGY
in applications that use SQL databases. The data collection technique is by conducting a direct
Web Session Hacking, allows attackers to hijack review of the case study where the research will be carried
IDs and impersonate authorized users. The session out.
ID is usually stored in a cookie or Uniform
Resource Locator (URL). IV. DISCUSSION
Distributed Denial of Service (DDoS) attacks, In the need for observation and research on the ability of
flooding network traffic so that servers are Web Application Firewalls to deal with cyber-attacks, it
paralyzed and unable to serve. requires a device which is software and hardware to test the
Layer 7 DoS attack, flooding the web server with system to be designed.
recursive application activity.
Tools
Buffer Overflow, user input overwriting code in
First, we must prepare all the tools that we needed to support
memory.
the observation are as follows:
Cookie Poisoning, modifying parameter values
stored in cookies to destroy data sent between web
pages.
Figure 2. Hardware
VI. REFERENCES
[1] D. Puspita and S. Aminah, “Sistem Informasi Manajemen
Kewirausahaan Pedesaan Berbasis WebMultimedia,” JUSIM
Figure 3. Tools (Jurnal Sist. Inf. Musirawas), vol. 03, no. 02, pp. 80–87, 2018.
[2] B. Raharjo, I. Heryanto, and K. ER, Modul Pemrograman Web
System Configuration (HTML; PHP; MySql) Revisi Kedua. Bandung: Modula, 2014.
1. Apache2 Configuration [3] S. Latha and S. J. Prakash, “A survey on network attacks and
2. MySQL Configuration Intrusion detection systems,” 2017 4th Int. Conf. Adv. Comput.
3. PHPMyadmin Configuration Commun. Syst. ICACCS 2017, 2017, doi:
10.1109/ICACCS.2017.8014614
4. PHP Configuration
5. WAF Modsecurity Configuration [4] D. Aulia, “Studi keamanan sistem informasi berbasis,” pp. 26–37,
2017.
6. Modsecurity Rules Configuration
[5] J. Clarke, SQL Injection Attacks and Defense, 2nd Editio. United
Testing Kingdom: Syngress, 2012.
Testing is carried out in two stages, first stage when the [6] V. Dehalwar, A. Kalam, M. L. Kolhe, and A. Zayegh, “OWASP
website before being accessed implement a Web Top 10 - 2017, The Ten Most Critical Web Application Security
Application Firewall in it, and the second stage is when the Risks,” 2018. doi: 10.1109/ICPES.2017.8387407.
website after implementing a Web Application Firewall in [7] A. M. Damar, “Polisi Ringkus Hacker Surabaya yang Bobol 44
it. Negara,” 2018.
[8] N. Avital, “The State of Web Application Vulnerabilities in
V. ACKNOWLEDGMENT 2018,” 2018.
The results of testing and analysis of the use of the Web [9] J. J. Singh, H. Samuel, and P. Zavarsky, “Impact of paranoia
levels on the effectiveness of the modsecurity web application
Application firewall on the website, several findings were
firewall,” Proc. - 2018 1st Int. Conf. Data Intell. Secur. ICDIS
obtained, namely using Web Application Firewall on 2018, pp. 141–144, 2018, doi: 10.1109/ICDIS.2018.00030
ModSecurity will increase the loading time of website pages [10] V. Clincy and H. Shahriar, “Web Application Firewall: Network
that use Web Application Firewall, this is because Web Security Models and Configuration,” Proc. - Int. Comput. Softw.
Application Firewall as a security system will check every Appl. Conf., vol. 1, pp. 835–836, 2018, doi:
10.1109/COMPSAC.2018.00144.
incoming access, before being forwarded into website. for
[11] Margaret Rouse. Definition : Web Application Firewall (WAF),
this reason, the loading time of website pages that are 2019
requested by users to the server will take longer than usual. [12] Maximilian Dermann, Mirko Dziadzka, Boris Hemkemeier,
However, the average HTTP load time does not significantly Achim Hoffmann, Alexander Meisel, Matthias Rohr, and Thomas
affect the performance of websites that have embedded Web Schreiber. Best Practices: “Use of web Application Firewalls.”
OWASP German Chapter, 2008.
Application firewalls.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: