Claim Missing Document
Check
Articles

Found 24 Documents
Search

Implementasi Dashboard Monitoring untuk Pengujian Kerentanan SQL Injection pada Environment GitLab Azhar, Muhammad Fahmi Al; Harwahyu, Ruki
Smart Comp :Jurnalnya Orang Pintar Komputer Vol 12, No 3 (2023): Smart Comp: Jurnalnya Orang Pintar Komputer
Publisher : Politeknik Harapan Bersama

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30591/smartcomp.v12i3.5492

Abstract

SQL Injection masih menjadi salah satu jenis kerentanan yang paling sering ditemukan pada aplikasi berbasis web. Pengujian terhadap aplikasi sebelum dirilis ke production harus dilakukan semaksimal mungkin agar kerentanan ini tidak muncul saat aplikasi tersebut rilis ke production. Salah satu jenis pengujian yang harus dilakukan adalah Static Application Security Testing (SAST). SAST bekerja dengan cara memindai dan menganalisis seluruh source code di dalam project untuk diperiksa apakah terdapat kesalahan logika dan jenis kerentanan tertentu. Dengan menggunakan platform GitLab, pengujian dapat dilakukan secara otomatis. Namun, hasil dari pengujian SAST tersebut tidak dapat dilihat secara langsung melalui platform GitLab. Berdasarkan kondisi tersebut, maka dibutuhkan aplikasi dashboard monitoring yang dapat diakses oleh tim pengembang dan tim operasional TI. Dengan menggunakan dashboard ini, maka programmer dapat mengetahui bagian source code mana yang mengandung kerentanan SQL Injection. Dashboard ini dibuat dengan menggunakan framework PHP CodeIgniter 4 dan Database MySQL.
Analisis Dan Verifikasi Protokol Kriptografi Aplikasi Manajemen Kunci Menggunakan Scyther: Studi Kasus Aplikasi XYZ Nurdiyanto, Indra Dimas; Harwahyu, Ruki
Smart Comp :Jurnalnya Orang Pintar Komputer Vol 12, No 2 (2023): Smart Comp: Jurnalnya Orang Pintar Komputer
Publisher : Politeknik Harapan Bersama

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30591/smartcomp.v12i2.5293

Abstract

Semakin meningkatnya ancaman dan serangan yang mengakibatkan kebocoran data di Indonesia sejalan dengan pesatnya perkembangan teknologi dan informasi.   Menjawab tantangan tersebut instansi ABC mengembangkan aplikasi XYZ sebagai salah satu solusi dalam pengamanan data dan informasi. Oleh karena itu, untuk memastikan kemampuan aplikasi tersebut dalam memberikan jaminan keamanan kepada pengguna, pada penelitian ini dilakukan analisis dan verifikasi keamanan protokol kriptografi aplikasi XYZ. Analisis dan verifikasi dilakukan melalui pendekatan verifikasi formal menggunakan alat bantu Scyther dengan focus pada protokol verifikasi pengguna, pembangkitan kunci, dan permintaan kunci untuk proses enkripsi-dekripsi. Hasil analisis menunjukan bahwa protokol-protokol tersebut telah menenuhi kriteria secrecy untuk informasi rahasia yang ditransmisikan namun memiliki kelemahan pada aspek autentikasi. Penerapan sharedsecret dan rangkaian cryptographic nonce terbukti  mampu mengatasi kelemahan pada protokol verifikasi pengguna aplikasi XYZ.
A Tamper-Evident Audit Logging Framework for Decentralized Single Sign-On: Prototype Design and Evaluation in Education-Oriented Digital Services Yufan Amri; Ruki Harwahyu
Journal of Vocational, Informatics and Computer Education Vol 4, No 1 (2026): March 2026
Publisher : Academic Bright Collaboration

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.66053/voice.v4i1.479

Abstract

Purpose – This study aims to design, implement, and evaluate a prototype framework for tamper-evident audit logging in a decentralized single sign-on environment for education-oriented digital services. It addresses the risk that detailed authentication and session records remain stored in mutable off-chain systems, while storing complete audit data on-chain may increase costs and privacy exposure. Methods – The study adopted an artifact-based prototype design and evaluation approach. The prototype combined PostgreSQL-based off-chain audit storage, deterministic snapshot construction, canonical JSON serialization, SHA-256 hashing, Merkle root generation, and blockchain anchoring through the AuditAnchor smart contract on the Polygon Amoy testnet. The evaluation was conducted in a controlled prototype environment through tamper-detection testing, latency benchmarking, snapshot and proof performance measurements, storage-growth observations, and anchoring cost analysis. Findings – Post-anchoring record modification, deletion, and insertion consistently produce root mismatches. Across the evaluated workloads, snapshot construction remained below 0.4 s for up to 5,000 records, proof verification remained lightweight, and anchoring consumed 49,953 gas per transaction under the tested setup. Research implications – The prototype suggests that education-oriented multi-service environments may benefit from keeping detailed audit data off-chain while anchoring compact integrity commitments on-chain to support audit reviews, cross-service access tracing, and post-incident verifications. Originality – This study contributes a prototype-level integration of decentralized SSO, deterministic off-chain audit snapshots, and on-chain Merkle-root anchoring for audit verification
Integrating the DeepSeek-R1 model as an analytical assistant in digital forensic investigations of corruption cases Hafni Ferdian; Ruki Harwahyu
Integritas: Jurnal Antikorupsi Vol 11 No 2 (2025): INTEGRITAS: Jurnal Antikorupsi
Publisher : Komisi Pemberantasan Korupsi

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.32697/integritas.v11i2.1557

Abstract

This article examines the integration of the DeepSeek-R1 large language model as an analytical assistant in digital forensic investigations, particularly in corruption cases. The growing volume of digital evidence often leads to substantial analysis backlogs that can extend for months or even years, thereby hindering law enforcement efforts [1]. The use of Artificial Intelligence (AI) and Large Language Models (LLMs) offers the potential to improve investigative efficiency by reducing the burden of processing massive datasets. DeepSeek-R1 is a newly released open-source LLM with advanced reasoning capabilities, achieving performance comparable to state-of-the-art models developed by OpenAI. This study outlines the role of DeepSeek-R1 in supporting digital forensic workflows—from tracing electronic evidence and analyzing data relationships to generating preliminary investigative reports. The methodology includes simulated corruption case experiments comparing investigations assisted by DeepSeek-R1 with conventional manual analysis. The results show that DeepSeek-R1 can accelerate the retrieval of relevant information and produce concise summaries rapidly, significantly reducing analysis time. However, the model remains prone to factual errors (hallucinations) and biases, making human validation by investigators essential. With proper risk mitigation and oversight, integrating DeepSeek-R1 has the potential to significantly enhance the effectiveness of digital forensic investigations in combating corruption.