<![CDATA[Abstrak - Perkembangan teknologi informasi menuntut sistem keamanan yang adaptif terhadap ancaman siber modern. Model keamanan tradisional berbasis perimeter sudah tidak efektif, sehingga diperlukan pendekatan baru seperti Zero Trust Architecture (ZTA) dengan prinsip never trust, always verify. Penelitian ini bertujuan merancang dan membangun sistem login berbasis Zero Trust untuk mengamankan akses Dashboard Karyawan menggunakan bahasa pemrograman PHP dan basis data MySQL. Sistem ini mengintegrasikan autentikasi multi-faktor (OTP email), validasi eksplisit di setiap tahap login, pembatasan hak akses (least privilege), serta mekanisme session hardening seperti rotasi session ID, pengaturan cookie aman (Secure, HttpOnly, SameSite), timeout, dan lockout policy. Pengujian dilakukan melalui metode black box, uji integrasi, dan uji keamanan dengan hasil bahwa sistem mampu menolak akses tanpa autentikasi sah, mencegah reuse OTP, serta mencatat seluruh aktivitas keamanan secara real-time dalam log terstruktur. Implementasi ini terbukti meningkatkan keamanan identitas pengguna, melindungi data sensitif, serta menurunkan risiko penyalahgunaan kredensial dan serangan brute-force. Hasil penelitian menunjukkan bahwa penerapan prinsip ZTA dapat diimplementasikan secara efektif pada lingkungan sistem web berskala menengah tanpa mengorbankan kenyamanan pengguna.Kata kunci : Zero Trust Architecture; Autentikasi Multi-Faktor; Dashboard Karyawan; Keamanan Data; Sistem Login; Abstract - The rapid development of information technology requires security systems that can adapt to modern cyber threats. Traditional perimeter-based security models are no longer effective, necessitating a new approach such as the Zero Trust Architecture (ZTA), which operates on the principle of never trust, always verify. This study aims to design and develop a Zero Trust-based login system to secure employee dashboard access using PHP and MySQL technologies. The system integrates multi-factor authentication (OTP via email), explicit verification at every login stage, least privilege access control, and session hardening mechanisms such as session ID rotation, secure cookie configuration (Secure, HttpOnly, SameSite), timeout, and lockout policies. Testing through black-box, integration, and security tests showed that the system effectively denies unauthorized access, prevents OTP reuse, and records all security-related activities in a real-time structured log. The implementation enhances user identity protection, safeguards sensitive data, and reduces risks of credential misuse and brute-force attacks. The results indicate that the Zero Trust approach can be effectively implemented in mid-scale web systems without sacrificing usability.Keywords: Zero Trust Architecture; Multi-Factor Authentication; Employee Dashboard; Data Security; Login System;]]>
Copyrights © 2025
