Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal Sains, Nalar, dan Aplikasi Teknologi Informasi
Hasbullah, Salman Akbar
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Implementation Layered Mitigation Techniques for Unrestricted File Upload and Server-Side JavaScript Injection Hasbullah, Salman Akbar; Fauzan, Mohamad Nurkamal; Andarsyah, Roni
Jurnal Sains, Nalar, dan Aplikasi Teknologi Informasi Vol. 5 No. 1 (2026)
Publisher : Department of Informatics Universitas Islam Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.20885/snati.v5.i1.42248

Abstract

The popularity of Node.js as a server-side application development platform has introduced new security challenges stemming from the dynamic features of JavaScript. Vulnerabilities such as Unrestricted File Upload (UFU) and Server-Side JavaScript Injection (SSJI) often arise from insecure input handling and over-reliance on third-party libraries. This research aims to design, implement, and evaluate a multi-layered security mitigation model for Node.js-based web applications built using the Express.js framework. A constructive research approach was employed, wherein hybrid security middleware was developed to enforce comprehensive validation. This middleware integrates content-based file type validation (magic numbers), file name sanitization to prevent path traversal, and malicious input pattern blocking to mitigate SSJI and prototype pollution. The effectiveness of the model was empirically evaluated within a controlled local testing environment using the Jest testing framework by comparing a vulnerable application against its secured counterpart. Test results demonstrate that the proposed mitigation model successfully blocked 100% of the tested attack scenarios, achieving 100% test code coverage on the core security logic. This research yields a practical solution capable of enhancing the resilience of Node.js applications against common attacks exploiting language-specific features
Co-Authors Andarsyah, Roni Fauzan, Mohamad Nurkamal