Article Per Year (5 Year)
p-Index From 2020 - 2025
0.61
P-Index
This Author published in this journals
All Journal J-SAKTI (Jurnal Sains Komputer dan Informatika) J-SAKTI (Jurnal Sains Komputer dan Informatika) eProceedings of Engineering
Nugraha, Yadi
Unknown Affiliation
Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Electrical & Electronics Engineering Energy Engineering Industrial & Manufacturing Engineering

Published : 3 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 3 Documents
Search

 1 
Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Skill Level Nugraha, Yadi; Widjajarto, Adityas; Fathinuddin, Muhammad
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 7, No 2 (2023): EDISI SEPTEMBER
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v7i2.690

Abstract

Attack trees can be formulated based on the steps of exploitation that occur in web applications. The aim of this research is to understand the relationship between attack trees and exploitation characteristics based on time and skill level metrics. The platform for exploitation testing uses DVWA and is organized into an attack tree. The attack tree is structured with both protected and unprotected WAF conditions. The attack tree is organized based on five vulnerabilities: SQL Injection, XSS (Reflected), Command injection, CSRF, and Brute force. The analysis results with the unprotected WAF condition conclude that the XSS (Reflected) attack tree ranks first with a score of 131.92. The SQL Injection attack tree ranks last with a score of 1727.56. Meanwhile, with the WAF, the SQL Injection attack tree ranks first with a score of 54. The Brute force attack tree ranks last with a score of 319.51. Thus, this relationship can be used for ranking attack trees based on time and skill level metrics. Further research can involve detailing the steps of exploitation using CVSS scores as a skill level calculation and measuring parameters using IDS as one of the firewall features.
Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Skill Level Nugraha, Yadi; Widjajarto, Adityas; Fathinuddin, Muhammad
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 7, No 2 (2023): EDISI SEPTEMBER
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v7i2.690

Abstract

Attack trees can be formulated based on the steps of exploitation that occur in web applications. The aim of this research is to understand the relationship between attack trees and exploitation characteristics based on time and skill level metrics. The platform for exploitation testing uses DVWA and is organized into an attack tree. The attack tree is structured with both protected and unprotected WAF conditions. The attack tree is organized based on five vulnerabilities: SQL Injection, XSS (Reflected), Command injection, CSRF, and Brute force. The analysis results with the unprotected WAF condition conclude that the XSS (Reflected) attack tree ranks first with a score of 131.92. The SQL Injection attack tree ranks last with a score of 1727.56. Meanwhile, with the WAF, the SQL Injection attack tree ranks first with a score of 54. The Brute force attack tree ranks last with a score of 319.51. Thus, this relationship can be used for ranking attack trees based on time and skill level metrics. Further research can involve detailing the steps of exploitation using CVSS scores as a skill level calculation and measuring parameters using IDS as one of the firewall features.
Implementasi dan Analisis Attack Tree pada Aplikasi DVWA Berdasar Metrik Time dan Skill Level Nugraha, Yadi; Widjajarto, Adityas; Fathinuddin, Muhammad
eProceedings of Engineering Vol. 11 No. 4 (2024): Agustus 2024
Publisher : eProceedings of Engineering

Show Abstract | Download Original | Original Source | Check in Google Scholar

Abstract

Abstrak - Attack tree dapat dirumuskan berdasarkanlangkah-langkah eksploitasi yang terjadi pada aplikasi web.Tujuan dari penelitian ini adalah untuk memahami relasiattack tree dan karakter eksploitasi berdasarkan metrik timedan skill level. Platform untuk pengujian eksploitasimenggunakan DVWA dan disusun menjadi attack tree.Penyusunan attack tree dengan kondisi terlindungi dan tidakterlindungi WAF. Attack tree disusun berdasarkan limakerentanan yaitu SQL Injection, XSS (Reflected), Commandinjection, CSRF, dan Brute force. Hasil analisis dengankondisi tidak dilindungi WAF menyimpulkan XSS (Reflected)attack tree menempati urutan pertama dengan skor 131,92.SQL Injection attack tree menempati urutan terakhir denganskor 1727,56. Sedangkan dengan WAF SQL Injection attacktree menempati urutan pertama dengan skor 54. Brute forceattack tree menempati urutan terakhir dengan skor 319,51.Kelanjutan penelitian dapat berupa merinci langkaheksploitasi menggunakan CVSS score sebagai perhitunganskill level dan pengukuran parameter menggunakan IDSsebagai salah satu fitur firewall. Kata kunci: attack tree, eksploitasi, metrik, time, skilllevel
Co-Authors Adityas Widjajarto Muhammad Fathinuddin