Pengembangan Engine Web Crawler Sebagai Pencari Jejak Serangan Cyber Stored Cross-Site Scripting

  • Ilham Yoga Prabhaswara Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana
  • I Made Agus Dwi Suarjaya Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana
  • Ni Kadek Dwi Rusjayanthi Program Studi Teknologi Informasi, Fakultas Teknik, Universitas Udayana

Abstract

Cross-site Scripting (XSS) vulnerability has long been a concern in web application security and is included in the OWASP Top 10 list. In 2017, XSS ranked 6th, but in 2021, it rose to the 4th position in the Injection category. This vulnerability exploits poorly validated input forms. This study aims to identify web pages that are vulnerable to Stored Cross-site Scripting attacks. The research is conducted by performing a search at three levels of depth. Web scraping is used to extract data from web pages, and the source code of the web pages is compared to Stored Cross-site Scripting attack patterns using the Knuth-Morris-Pratt algorithm. The results of the study indicate that some web pages exhibit detected attack patterns and traces of attacks, while others only show attack patterns without visible traces of attacks. Based on manual analysis of 56 randomly selected data from the research, it was found that 5 web pages had true positive values, indicating the presence of attack patterns and traces of attacks. Meanwhile, 49 other web pages had true negative values, where attack patterns were detected but no traces of attacks were found. This research provides insights into web pages vulnerable to Stored Cross-site Scripting attacks. The findings can be used to enhance web application security and reduce the potential for Cross-site Scripting attacks in the future.

Published
2023-07-19
How to Cite
PRABHASWARA, Ilham Yoga; SUARJAYA, I Made Agus Dwi; RUSJAYANTHI, Ni Kadek Dwi. Pengembangan Engine Web Crawler Sebagai Pencari Jejak Serangan Cyber Stored Cross-Site Scripting. JITTER : Jurnal Ilmiah Teknologi dan Komputer, [S.l.], v. 4, n. 2, p. 1880-1890, july 2023. ISSN 2747-1233. Available at: <https://ojs.unud.ac.id/index.php/jitter/article/view/104690>. Date accessed: 21 nov. 2024. doi: https://doi.org/10.24843/JTRTI.2023.v04.i02.p20.

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.