Article Per Year (5 Year)
p-Index From 2021 - 2026
1.463
P-Index
This Author published in this journals
All Journal TEKNIK INFORMATIKA Traksi : Majalah Ilmiah Teknik Mesin Seminar Nasional Aplikasi Teknologi Informasi (SNATI) Telematika : Jurnal Informatika dan Teknologi Informasi Seminar Nasional Informatika (SEMNASIF) Seminar Nasional Teknologi Informasi Komunikasi dan Industri JURNAL ILMIAH INFORMATIKA IJID (International Journal on Informatics for Development) JISKa (Jurnal Informatika Sunan Kalijaga) Cyber Security dan Forensik Digital (CSFD) Kalbiscientia Jurnal Sains dan Teknologi Jumat Informatika: Jurnal Pengabdian Masyarakat Dwija Inspira: Jurnal Pendidikan Multi Perspektif Jurnal Informatika Polinema (JIP)
Bambang Sugiantoro
Unknown Affiliation
Civil Engineering, Building, Construction & Architecture Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Education Electrical & Electronics Engineering Energy Engineering Industrial & Manufacturing Engineering Library & Information Science Mathematics Mechanical Engineering Other

Published : 32 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 32 Documents
Search

 1   2   3   4 
Optimasi Sistem Keamanan REST API Menggunakan Zero Trust Architecture dan Keycloak Tools Dalam Infrastruktur Berbasis Microservices Denny Afrizal; Muhammad Taufiq Nuruzzaman; Bambang Sugiantoro; Agung Fatwanto
Cyber Security dan Forensik Digital Vol. 9 No. 1 (2026): Edisi Mei 2026
Publisher : Fakultas Sains dan Teknologi UIN Sunan Kalijaga Yogyakarta

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.14421/csecurity.2026.9.1.5486

Abstract

Keamanan layanan REST API pada arsitektur microservices menjadi isu penting seiring meningkatnya kompleksitas sistem digital dan perluasan permukaan serangan. Penelitian ini bertujuan mengimplementasikan prinsip Zero Trust Architecture (ZTA) untuk memperkuat mekanisme otorisasi OAuth 2.0 pada sistem REST API berbasis microservices. Pendekatan ZTA menolak kepercayaan implisit dan mewajibkan verifikasi berkelanjutan pada setiap permintaan akses, baik dari dalam maupun luar jaringan. Penelitian ini menggunakan metode kualitatif dengan pendekatan eksperimental melalui tahapan kajian literatur, perancangan sistem, implementasi, pengumpulan data, dan pengujian. Studi kasus dilakukan pada pengembangan sistem keamanan REST API berbasis Spring Boot dengan Keycloak sebagai penyedia identitas dan akses. Penguatan keamanan diterapkan melalui integrasi Multi-Factor Authentication (MFA), validasi token JSON Web Token (JWT), pemanfaatan code verifier sekali pakai, serta Redis sebagai penyimpanan sementara untuk mendukung proses verifikasi dinamis. Pengujian dilakukan dengan membandingkan kondisi sebelum dan sesudah penerapan ZTA berdasarkan parameter skor risiko, impact, likelihood, dan waktu proses permintaan. Hasil pengujian menunjukkan bahwa penerapan ZTA menurunkan skor risiko rata-rata dari 34,08 menjadi 10,88 atau sebesar 68,1 persen, tanpa menimbulkan dampak signifikan terhadap performa sistem. Waktu proses permintaan tetap berada pada kisaran 7 milidetik dengan perbedaan yang sangat kecil setelah penguatan keamanan diterapkan. Temuan ini membuktikan bahwa ZTA efektif dalam memperkuat otorisasi OAuth 2.0 pada lingkungan microservices, sekaligus menekan risiko serangan seperti token hijacking, brute-force, replay attack, dan man-in-the-middle (MiTM). Dengan demikian, penerapan ZTA dapat menjadi pendekatan keamanan yang relevan dan praktis untuk pengembangan REST API yang membutuhkan perlindungan data tinggi.  Kata kunci: Zero Trust Architecture, OAuth 2.0, REST API, Keamanan, Microservices ----------------------------------------------------------------------   Enhancing REST API Security Through Zero Trust Architecture and Keycloak Integration in Microservices-Based Infrastructures The security of REST API services in microservices architecture has become a critical issue as the complexity of digital systems increases and the attack surface expands. This study aims to implement the principles of Zero Trust Architecture (ZTA) to strengthen the OAuth 2.0 authorization mechanism in a microservices-based REST API system. The ZTA approach rejects implicit trust and mandates continuous verification for every access request, whether originating from inside or outside the network. This study employs a qualitative method with an experimental approach, conducted through the following stages: literature review, system design, implementation, data collection, and testing. The case study was carried out on the development of a REST API security system built with Spring Boot, using Keycloak as the identity and access provider. Security hardening was applied through the integration of Multi-Factor Authentication (MFA), JSON Web Token (JWT) validation, the use of a one-time code verifier, and Redis as temporary storage to support dynamic verification processes. Testing was conducted by comparing conditions before and after the implementation of ZTA based on the parameters of risk score, impact, likelihood, and request processing time. The test results indicate that the implementation of ZTA reduced the average risk score from 34.08 to 10.88, representing a decrease of 68.1 percent, without causing any significant impact on system performance. The request processing time remained at approximately 7 milliseconds, with only a marginal difference observed after security hardening was applied. These findings demonstrate that ZTA is effective in strengthening OAuth 2.0 authorization within a microservices environment, while simultaneously mitigating the risk of attacks such as token hijacking, brute-force, replay attacks, and man-in-the-middle (MiTM) attacks. Therefore, the adoption of ZTA can serve as a relevant and practical security approach for REST API development that requires a high level of data protection. Keywords: Zero Trust Architecture, OAuth 2.0, REST API, Security, Microservices
Evaluasi Tingkat Keamanan Informasi Pada Pusat Teknologi Informasi Dan Pangkalan Data (PTIPD) Universitas Islam Negeri Sunan Kalijaga Berdasarkan Indeks KAMI Versi 4.2 Naufal Naufal Hafizh Mufafaq; Fiki Sanora; Bambang Sugiantoro
Cyber Security dan Forensik Digital Vol. 9 No. 1 (2026): Edisi Mei 2026
Publisher : Fakultas Sains dan Teknologi UIN Sunan Kalijaga Yogyakarta

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.14421/csecurity.2026.9.1.5931

Abstract

Peningkatan ketergantungan terhadap teknologi informasi di lingkungan perguruan tinggi menimbulkan risiko keamanan yang memerlukan penilaian rutin untuk melindungi kerahasiaan, integritas, dan ketersediaan data. Penelitian ini bertujuan untuk menilai tingkat kematangan keamanan informasi di Pusat Teknologi Informasi dan Pangkalan Data (PTIPD) UIN Sunan Kalijaga dengan menggunakan instrumen Indeks Keamanan Informasi (KAMI) versi 4.2, yang didasarkan pada standar ISO/IEC 27001. Metode yang diterapkan adalah deskriptif kualitatif melalui wawancara dan kuesioner untuk mengukur lima domain utama keamanan informasi beserta aspek tambahannya. Hasil penilaian menunjukkan bahwa sistem elektronik institusi tersebut termasuk dalam kategori ketergantungan yang "Tinggi". Secara umum, tingkat keamanan informasi mencapai predikat "Baik" dengan skor total 635. Tingkat kematangan pada area yang dievaluasi berkisar antara Level III hingga V, di mana Tata Kelola (Level IV), Pengelolaan Risiko (Level V), dan Kerangka Kerja (Level V) telah diimplementasikan secara komprehensif. Akan tetapi, Pengelolaan Aset serta Teknologi dan Keamanan Informasi masih berada pada Level III (Diterapkan Sebagian). Penilaian terhadap aspek tambahan menunjukkan hasil yang sangat memuaskan, khususnya dalam pengamanan layanan infrastruktur awan yang mencapai 100%. Kesimpulannya, PTIPD UIN Sunan Kalijaga telah memenuhi standar keamanan informasi minimum, tetapi memerlukan perhatian lebih besar pada aspek teknologi dan pengelolaan aset. Kata kunci: Indeks KAMI, PTIPD, keamanan informasi, ISO/IEC 27001, evaluasi keamanan.  ---------------------------------------------------------------------- Evaluation Of Information Security Levels At The Information Technology And Data Center (PTIPD) Of Sunan Kalijaga State Islamic University Yogyakarta Based On KAMI Index Version 4.2 Increased dependence on information technology in higher education environments poses security risks that require regular assessment to protect the confidentiality, integrity, and availability of data. This study aims to assess the level of information security maturity at the Information and Data Technology Center (PTIPD) of Sunan Kalijaga State Islamic University Yogyakarta using the Information Security Index (KAMI) version 4.2 instrument, which is based on the ISO/IEC 27001 standard. The method used is descriptive qualitative through interviews and questionnaires to measure the five main domains of information security and other additional aspects. The assessment results show that the institution's electronic system is in the “High” category in terms of dependence. In general, the level of information security achieved a rating of “Good” with a total score of 635. The maturity level in the areas evaluated ranged from Level III to V, where Governance (Level IV), Risk Management (Level V), and Framework (Level V) have been comprehensively implemented. However, Asset Management and Information Technology and Security are still at Level III (Partially Implemented). The assessment of additional aspects shows very satisfactory results, particularly in securing cloud infrastructure services, which reached 100%. In conclusion, PTIPD UIN Sunan Kalijaga has met the minimum information security standards but requires greater attention to technology and asset management aspects. Keywords: KAMI Index, PTIPD, information security, ISO/IEC 27001, security evaluation
Co-Authors Agung Fatwanto Ahmad Luthfi Ahmad Syarif Afandi Ahmad Yudistira Fahmi Zaini Amarudin, Hanif Annida Rizki Luthfi Astuti Arjun Zakari Yahya Dadang Juwoto Buru Daryono Daryono Denny Afrizal Desti Maulida Didik Sudyana Dirman Fiki Sanora Irham Son’Aniy Jazi Eko Istiyanto Jazi Eko Istiyanto Kharisma Mahesa M SAID ABDURROHMAN KUNTA MARDLIAN AMAN Mahbub Puba Fawzan Muhammad Syaeful Bahry Muhammad Taufiq Nuruzzaman nana Naufal Hafizh Mufafaq Naufal Naufal Hafizh Mufafaq Nur Kukuh Wicaksono Rahmatun Nazila Retantyo Wardoyo Rosidin Al Caruban Rusnaldy - Sri Hartati Susilo Adi Widyanto Widodo Widodo Yudha Riwanto Yudi Istianto Yudi prayudi