Article Per Year (5 Year)
p-Index From 2020 - 2025
0.817
P-Index
This Author published in this journals
All Journal Jurnal of Applied Multimedia and Networking Jurnal Teknik Informatika (JUTIF) Jurnal Pengabdian kepada Masyarakat Politeknik Negeri Batam ROUTERS: Jurnal Sistem dan Teknologi Informasi
Nelmiawati, Nelmiawati
Unknown Affiliation
Arts Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Economics, Econometrics & Finance Education Electrical & Electronics Engineering Engineering Library & Information Science Mechanical Engineering Other

Published : 4 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search
Journal : Jurnal Teknik Informatika (JUTIF)

 1 
Analysis of Polyglot Obfuscation Techniques against ModSecurity in Preventing Cross-Site Scripting (XSS) and SQL Injection Attacks with Experimental Method Nelmiawati, Nelmiawati; Dealova, Kessy
Jurnal Teknik Informatika (Jutif) Vol. 6 No. 4 (2025): JUTIF Volume 6, Number 4, Agustus 2025
Publisher : Informatika, Universitas Jenderal Soedirman

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.52436/1.jutif.2025.6.4.5000

Abstract

Internet use has increased every year, as shown by the percentage of internet users in Indonesia reaching 79.50% in 2024. However, security is something that cannot be ignored, especially with the growing number of Cross-Site Scripting (XSS) and SQL Injection Attacks in web platforms. According to OWASP Top 10 report, these two attacks were listed in 2017 and appeared again in the 2021 version, showing that they are still relevant today. In fact, in June 2024, XSS and SQL Injection vulnerabilities were found in a company, PT. XYZ. One way to mitigate these attacks is by using a Web Application Firewall (WAF) such as ModSecurity, which can protect websites from exploitation. However, previous research found that older versions of ModSecurity had weaknesses that could be bypassed with simple obfuscation techniques. This study aims to analyze the effectiveness of the built-in rules in ModSecurity Core Rule Set (CRS) version 4.7 in handling XSS and SQL Injection payloads with polyglot obfuscation, a method that uses complex character encoding to avoid WAF detection. The research was conducted using an experimental method. This study contributes to improve WAF security by testing against modern obfuscation-based attacks, so that security does not rely solely on the default WAF configuration. The results show that all payloads were detected and blocked by ModSecurity with an HTTP 403 response, proving that the CRS 4.7 built-in rules can effectively protect against XSS and SQL Injection threats.
Co-Authors Afif, Iqbal Arif, Hamdani Dealova, Kessy Fani, Maidel Haikal, Antoni Khaira, Hajrul Putra, Septafiansyah Dwi Ramadhan, Gilang Bagus