Article Per Year (5 Year)
p-Index From 2020 - 2025
0.562
P-Index
This Author published in this journals
All Journal INTEK: Jurnal Penelitian Jurnal Teknologi Dan Sistem Informasi Bisnis JOURNAL OF INFORMATION SYSTEM RESEARCH (JOSH)
Widjajarto, A.
Unknown Affiliation
Computer Science & IT Decision Sciences, Operations Research & Management Electrical & Electronics Engineering Engineering

Published : 3 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 3 Documents
Search

 1 
Pemodelan Attack Tree Pada Spear Phishing Attack di Instansi Publik dengan Metrik Granularitas Data Pratiwi, Anisa Wahyu; Widjajarto, A.; Budiyono, Avon
Journal of Information System Research (JOSH) Vol 6 No 3 (2025): April 2025
Publisher : Forum Kerjasama Pendidikan Tinggi (FKPT)

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.47065/josh.v6i3.5876

Abstract

Data security is important to protect personal and sensitive information. Data leakage cases that have occurred in Indonesia have recorded that 80% of Indonesian citizens' data is sold on dark forums (dark web), this will certainly cause losses to individuals and organizations. Factors that cause data leaks can be the lack of security protocols, direct attacks, or phishing attacks. One type of phishing attack that targets more specific individuals is called a spear phishing attack. This research aims to identify potential data leakage from public data in public institutions by formulating an attack tree based on the Data Flow Diagram (DFD) of a spear phishing attack using data granularity metrics with a combination of attacks from Open Source Intelligence (OSINT) tools, social engineering tools, and email spoofing. This research generates and compares four attack tree models with no attack launching or exploitation. First OSINT TheHarvester, social engineering SEToolkit, and email spoofing. Second OSINT Metagoofil, social engineering ZPhisher, and email spoofing. Third OSINT Recon-ng, social engineering SEToolkit, and email spoofing. The fourth OSINT Snov.io, social engineering ZPhisher, and email spoofing. Spear phishing attack using OSINT Snov.io is the best attack combination because it has varied data details, namely getting five types of data and a high level of data granularity with a total of 367 data so that there are more opportunities to carry out attack planning and security analysis.
Desain Attack Tree Berdasar Metrik Time Pada Eksploitasi GraphQL Dengan Information Disclosure Vulnerability Napisa, Rida; Widjajarto, A.; Hediyanto, Umar Yunan Kurnia Septo
Jurnal Teknologi Dan Sistem Informasi Bisnis Vol 7 No 2 (2025): April 2025
Publisher : Prodi Sistem Informasi Universitas Dharma Andalas

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.47233/jteksis.v7i2.1627

Abstract

Graph Query Language (GraphQL) is a query language designed to manage interactions between clients and Application Programming Interfaces (APIs). GraphQL was created to facilitate data exchange between the backend and frontend, providing a clear and easily understandable data description. As GraphQL continues to gain popularity, the need for best security practices and tools to test and protect GraphQL APIs will become increasingly important. Like other technologies, GraphQL also has some weaknesses; one of them is its introspection feature, which can reveal sensitive information that should not be exposed. Therefore, this research aims to identify information disclosure vulnerabilities in GraphQL APIs and to find the most effective time between two security modes implemented: before and after hardening. Two methods and two tools are used to implement this, namely Introspection with InQL and Field Suggestion with Clairvoyance. This research is visually represented through an Attack Tree to provide a comprehensive overview of exploitation paths and potential attacks. After implementation, the results showed that the most successful and efficient exploitation method for information disclosure vulnerability before hardening was the Field Suggestion Method, with a total time of 7.94 seconds. The most efficient time before and after hardening turned out to be the same, with the Field Suggestion Method taking a total of 8.99 seconds after hardening. Thus, based on this time comparison, it can be concluded that the shorter the time required, the quicker an attacker can obtain harmful information from GraphQL.
Pemodelan Denial of Service: Pengukuran Waktu dan Penggunaan CPU pada Serangan GraphQL Ginting, Debora Natalia; Widjajarto, A.; Hediyanto , Umar Yunan Kurnia Septo
INTEK: Jurnal Penelitian Vol 12 No 1 (2025): April 2025
Publisher : Politeknik Negeri Ujung Pandang

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.31963/intek.v12i1.4943

Abstract

GraphQL is a query language that allows clients to request specific data from an API, making it more efficient and flexible compared to traditional REST APIs. This makes applications faster and more efficient by reducing data over-fetching, combining various data sources into a single request, and supporting schema changes without disrupting the integrity of existing applications. This study focuses on security testing and exploiting Denial of Service (DoS) vulnerabilities within GraphQL APIs. As a query language that is growing in popularity, GraphQL offers flexibility in data retrieval but is also vulnerable to DoS attacks. The research centers on DoS attacks using various exploitation techniques such as Circular Queries, Field Duplication, Alias Overloading, and Object Limit Overriding. Testing was conducted using the Kali Linux operating system and testing applications such as Altair and DVGA, employing the Threat Modeling Attack Tree method. The results of the testing show that the Field Duplication attack is the most effective, with the fastest execution time and relatively high CPU usage (2.5 seconds/88.5% reduced to 1.86 seconds/75.50%), while the lowest risk was found in Alias Overloading (1412.05 seconds/99% reduced to 691.29 seconds/93%). Although Alias Overloading posed the lowest risk, it still resulted in high CPU usage, burdening the server significantly. This study provides an understanding of the importance of testing and strengthening API security to prevent DoS attacks. Keywords— API GraphQL, Attack Tree, Denial of Service, exploitation, Cpu, Time
Co-Authors Avon Budiyono Ginting, Debora Natalia Napisa, Rida Pratiwi, Anisa Wahyu Umar Yunan Kurnia Septo Hediyanto