Security Testing of Web-Based Application Back End Using Black Box Testing Method

Authors

  • Abd. Wahab Syahroni Universitas Madura
  • Nindian Puspa Dewi Universitas Madura
  • Nilam Ramadhani Universitas Madura
  • Ubaidi Universitas Madura
  • Badar Said Universitas Madura

DOI:

https://doi.org/10.33998/processor.2024.19.2.1752

Keywords:

Application security, REST API, Authentication, Authorization, Black Box Testing

Abstract

Application security is often overlooked during the development phase and even after the application is deployed. However, without proper security measures, even the most advanced technologies can lead to significant losses, such as unauthorized data access and potential data loss due to deletion actions. Developing applications using the REST API architecture allows users to access backend endpoints from outside the application, so attention must be given not only to authentication but also to authorization issues. Based on the results of testing the SILAB application using the Black Box Testing method, it can be concluded that the SILAB application still needs improvements in backend security, particularly in terms of authorization. This indicates that there are still vulnerabilities and threats that could potentially compromise the data in the SILAB application.

Downloads

Download data is not yet available.

References

A. W. Syahroni, M. T. Supratman, N. Ramadhani, B. Said, and N. P. Dewi, “Analisis Sentimen Komentar Mahasiswa Terhadap Dosen Pengampu Matakuliah pada Aplikasi SIMAT,” J. Process., vol. 18, no. 2, pp. 209–217, 2023.

S. Steven, W. Rifaldi, and U. Nugraha, “Strategi Pengamanan Front-end dalam Pengembangan Website,” JUSTINFO | J. Sist. Inf. dan Teknol. Inf., vol. 1, no. 1, pp. 42–53, 2023.

R. C. Saputra and Y. D. Setianto, “Web Service Security System Analysis with Rest Architecture Using The Aes Method with JWT,” Praxis (Bern. 1994)., vol. 3, no. 1, p. 76, 2020.

J. S. Utama and A. D. Indriyanti, “Pengamanan Restful API Web Service Menggunakan Json Web Token (Studi Kasus: Aplikasi Siakadu Mobile Unesa),” J. Emerg. Inf. …, vol. 04, no. 01, pp. 8–17, 2023.

D. V. Kornienko, S. V. Mishina, and M. O. Melnikov, “The Single Page Application architecture when developing secure Web services,” J. Phys. Conf. Ser., vol. 2091, no. 1, pp. 0–12, 2021.

A. Bastian, H. Sujadi, and L. Abror, “Analisis Keamanan Aplikasi Data Pokok Pendidikan (Dapodik) Menggunakan Penetration Testing Dan Sql Injection,” INFOTECH J., vol. 6, no. 2, pp. 65–70, 2020.

R. Haddad and R. E. Malki, “OpenAPI Specification Extended Security Scheme: A method to reduce the prevalence of Broken Object Level Authorization,” arXiv Prepr. arXiv2212.06606, no. Idl, pp. 1–10, 2022.

I. G. N. Ady Kusuma, “Perancangan Simple Stateless Autentikasi Dan Otorisasi Layanan Rest-Api Berbasis Protokol Http,” J. Manaj. Inform. dan Sist. Inf., vol. 4, no. 1, p. 78, 2021.

P. Painem and H. Soetanto, “Sistem Presensi Pegawai Berbasis Web Service Menggunakan Metode Restfull Dengan Keamanan JWT Dan Algoritma Haversine,” Fountain Informatics J., vol. 5, no. 3, p. 6, 2020.

A. Rahmatulloh, H. Sulastri, and R. Nugroho, “Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512,” J. Nas. Tek. Elektro dan Teknol. Inf., vol. 7, no. 2, 2018.

E. Edy, F. Ferdiansyah, W. Pramusinto, and S. Waluyo, “Pengamanan Restful API menggunakan JWT untuk Aplikasi Sales Order,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 3, no. 2, pp. 106–112, 2019.

I. P. A. Eka Pratama, “Pengujian Performansi Lima Back-End JavaScript Framework Menggunakan Metode GET dan POST,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 4, no. 6, 2020.

Uminingsih, M. Nur Ichsanudin, M. Yusuf, and S. Suraya, “Pengujian Fungsional Perangkat Lunak Sistem Informasi Perpustakaan Dengan Metode Black Box Testing Bagi Pemula,” STORAGE J. Ilm. Tek. dan Ilmu Komput., vol. 1, no. 2, pp. 1–8, 2022.

T. A. Nugroho et al., “Keamanan Berbasis Service Oriented Architecture Menggunakan Oauth 2.0 dan Json Web Token,” IJESPG J., vol. 1, no. 3, pp. 229–236, 2023.

H. Prasetyo and U. Nugraha, “Optimasi Keamanan dalam Pengembangan Aplikasi Menggunakan Metode Agile Scrum dan JSON Web Token,” JUSTINFO | J. Sist. Inf. dan Teknol. Inf., vol. 1, no. 1, pp. 34–41, 2023.

A. Umarjati and A. Wibowo, “Implementasi JWT pada Aplikasi Presensi dengan Validasi Fingerprint ,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 1, no. 10, pp. 1085–1091, 2021.

E. Gunadhi and A. P. Nugraha, “Penerapan Kriptografi Base64 Untuk Keamanan URL (Uniform Resource Locator) Website Dari Serangan SQL Injection,” J. Algoritm., vol. 13, no. 2, pp. 391–398, 2017.

Downloads

Published

2024-10-31

Abstract views:

25

PDF Download:

19

DOI:

10.33998/processor.2024.19.2.1752

Dimension Badge:

How to Cite

Abd. Wahab Syahroni, Nindian Puspa Dewi, Nilam Ramadhani, Ubaidi, & Badar Said. (2024). Security Testing of Web-Based Application Back End Using Black Box Testing Method. Jurnal PROCESSOR, 19(2). https://doi.org/10.33998/processor.2024.19.2.1752