Teknik Uji Penetrasi Web Server Menggunakan SQL Injection dengan SQLmap di Kalilinux
(1) Universitas Indraprasta PGRI
(*) Corresponding Author
Abstract
In recent years cases of cyber attacks that lead to website security have increased. The most widely used website hacking threat is sql injection. By using the sqlmap tool that runs on the Kalilinux operating system, attackers can easily take over very important user authentication data with their passwords. Attackers only use a special SQL query script using the python programming language will force the web server to output database information, tables, columns and data contents. This sql injection technique is not difficult, knowing how sql injection works is expected to be useful for web admins and web application developers to be able to secure user access from attackers. This attack simulation uses a virtual machine, by creating two virtual computers that are scripted as the attacker and the target server. By testing through this simulation, we can find out how the attack process and the consequences of attacks carried out by attackers.
Keywords
Full Text:
PDFReferences
M. Ula, “Evaluasi Kinerja Software Web Penetration Testing,” TECHSI - J. Tek. Inform., vol. 11, no. 3, p. 336, Oct. 2019, doi: 10.29103/TECHSI.V11I3.1996.
A. RICO AGARTA, “ANALISA KEAMANAN WEBSITE PADA UNIVERSITAS GUNADARMA TERHADAP SERANGAN SQL INJECTION,” Apr. 2021, Accessed: Oct. 06, 2021. [Online]. Available: https://www.binadarma.ac.id/.
B. Bin Halib, E. Budiman, and H. J. Setyadi, “Teknik Hacking Web Server Dengan Sqlmap Di Kali Linux,” J. Rekayasa Teknol. Inf., vol. 1, no. 1, pp. 67–72, Jun. 2017, doi: 10.30872/JURTI.V1I1.642.
R. U. Putri and J. E. Istiyanto, “Analisis Forensik Jaringan Studi Kasus Serangan Sql injection pada Server Universitas Gadjah Mada,” IJCCS (Indonesian J. Comput. Cybern. Syst., vol. 6, no. 2, pp. 101–112, Jul. 2013, doi: 10.22146/IJCCS.2157.
“Kalilinux Penetration Testing Bible - Google Books.” https://www.google.co.id/books/edition/Kali_Linux_Penetration_Testing_Bible/0EkrEAAAQBAJ?hl=en&gbpv=1&dq=kali+linux&printsec=frontcover (accessed Oct. 12, 2021).
S. S. Ardiansyah, S. Raharjo, and J. Triyono, “ANALISIS KEAMANAN SERANGAN SQL INJECTION BERDASARKAN METODE KONEKSI DATABASE,” J. Scr., vol. 4, no. 2, pp. 72–80, Dec. 2016, Accessed: Oct. 06, 2021. [Online]. Available: https://journal.akprind.ac.id/index.php/script/article/view/742.
S. Utoro et al., “Analisis Keamanan Website E-Learning SMKN 1 Cibatu Menggunakan Metode Penetration Testing Execution Standard.”
D. Kurnia, “Analisis Forensik Serangan Sql injection dan DoS Menggunakan Instrution Detection System Pada Server Berbasis Lokal,” InfoTekJar J. Nas. Inform. dan Teknol. Jar., vol. 4, no. 2, pp. 208–212, Apr. 2020, doi: 10.30743/INFOTEKJAR.V4I2.2420.
DOI: http://dx.doi.org/10.30998/string.v6i2.11477
Refbacks
- There are currently no refbacks.
Copyright (c) 2021 Rudi Hermawan
This work is licensed under a Creative Commons Attribution 4.0 International License.
STRING (Satuan Tulisan Riset dan Inovasi Teknologi) indexed by:
Ciptaan disebarluaskan di bawah Lisensi Creative Commons Atribusi 4.0 Internasional.
View My Stats