Article Per Year (5 Year)
p-Index From 2021 - 2026
0.408
P-Index
This Author published in this journals
All Journal Jurnal Manajemen Informatika dan Sistem Informasi Information Technology Education Journal
Muhlis Tahir
Universitas Trunodjoyo Madura
Computer Science & IT Education

Published : 2 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 2 Documents
Search

 1 
RANCANG BANGUN VULNERABLE WEB SIMULATION PADA REPLIKA PORTAL AKADEMIK UNTUK PENGUJIAN PENETRASI XSS DAN SQL INJECTION Fadli Maghfirli; Najwa Wahyu Azzuhra; Muhlis Tahir
Jurnal Manajemen Informatika dan Sistem Informasi Vol. 9 No. 2 (2026): MISI Juni 2026
Publisher : LPPM STMIK Lombok

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.36595/misi.v9i2.2057

Abstract

Keamanan aplikasi berbasis web sering kali diabaikan, padahal kelalaian pada validasi parameter masukan dapat berakibat fatal seperti pengambilalihan hak akses dan kebocoran basis data. Risiko ini sangat tinggi pada platform akademik institusi pendidikan yang mengelola aset data sensitif. Berangkat dari masalah tersebut, penelitian ini bertujuan merancang bangun Vulnerable Web Simulation mandiri berbentuk replika portal akademik universitas berarsitektur Role-Based Access Control (RBAC) sebagai lingkungan evaluasi kerentanan yang transparan dan legal. Pengujian dilakukan secara eksperimental melalui metode penetration testing manual dan otomatis dengan mengintegrasikan ParamSpider, DalFox, dan SQLMap. Hasil pengujian empiris membuktikan bahwa ketiadaan Prepared Statements memicu celah SQL Injection kritis. Melalui pengujian manual dengan muatan bypass otentikasi admin' -- -, gerbang login administrator berhasil ditembus. Lebih lanjut, pemindaian otomatis menggunakan SQLMap berhasil membongkar struktur internal dan mengekstrak seluruh data kredensial sensitif dari tabel pengguna. Pada lapisan antarmuka, absennya fungsi output encoding memicu kerentanan Cross-Site Scripting (XSS). Penyisipan skrip JavaScript tersimpan permanen pada fitur forum diskusi (Stored XSS), dan DalFox mendeteksi satu titik rentan Reflected XSS pada parameter pencarian. Kesimpulannya, pengabaian prinsip secure coding secara empiris meruntuhkan seluruh integritas kontrol akses akademik. Hasil penelitian ini berimplikasi sebagai panduan praktis penambalan celah keamanan dan rujukan pembangunan laboratorium virtual keamanan siber di lingkungan pendidikan.
Hybrid Deception–Detection Approach Using Dionaea Honeypot and Snort IDS for Wireless Network Security Alvin Kamil; Muhlis Tahir
Information Technology Education Journal Vol. 5, No. 2, May (2026)
Publisher : Jurusan Teknik Informatika dan Komputer

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.59562/intec.v5i2.277

Abstract

Purpose – This study implements a hybrid deception–detection approach by integrating Snort IDS and the Dionaea honeypot, supported by the ELK Stack for centralized monitoring and visualization within a wireless school network environment. The proposed approach provides a practical and low-cost security monitoring solution for educational institutions with limited cybersecurity resources.Design/methods/approach – The research method involved literature review, system design, implementation, and testing using simulated port scanning, brute force, and Denial of Service (DoS) attack scenarios. Snort IDS was configured to detect suspicious network traffic, while Dionaea operated as a decoy service to record attacker interactions. Generated alerts and interaction logs were centralized and visualized through the ELK Stack.Findings – The implementation results show that the proposed system generated alerts and interaction logs for all simulated attack scenarios within the controlled experimental environment. Snort IDS generated 2,928 port scanning alerts, 426 brute force alerts, and 3,428 DoS alerts, while Dionaea recorded 493 FTP interaction logs. The ELK Stack centralized and visualized 7,275 generated log records in near real-time. Baseline monitoring under normal traffic conditions did not produce false positive alerts. The reported values represent generated monitoring events rather than formal detection-performance metrics.Research implications/limitations – This study was conducted in a controlled school-scale wireless network environment using limited attack scenarios and short-term monitoring observations. Therefore, the findings may not directly represent large-scale production network conditions.Originality/value – This study demonstrates the feasibility of integrating traffic-based intrusion detection, deception-based interaction logging, and centralized monitoring within a unified wireless school network security architecture using open-source technologies.
Co-Authors Alvin Kamil Fadli Maghfirli Najwa Wahyu Azzuhra