<![CDATA[The rapid advancement of information technology has significantly increased the risk of cyber threats, particularly in web-based systems. One of the most common attack techniques used to exploit vulnerabilities in web applications is SQL injection, which can result in sensitive data leakage and system compromise. This study aims to evaluate the database security of the E-Kinerja website of North Aceh Regency against SQL injection attacks using a black-box penetration testing approach. The assessment is conducted based on the Information Systems Security Assessment Framework (ISSAF), which provides a structured and systematic methodology for comprehensive security evaluation. The testing process includes several stages, namely planning and preparation, information gathering, network mapping, vulnerability identification, and penetration testing, utilizing tools such as SQLMap and OWASP ZAP. The results indicate that the target website is not vulnerable to SQL injection attacks, as no exploitable parameters were identified during testing. This is largely due to the implementation of security mechanisms such as Web Application Firewall (WAF) and Intrusion Prevention System (IPS), which effectively detect and prevent unauthorized access attempts. This study highlights the importance of implementing layered security strategies and continuously updating security protocols to address emerging cyber threats. The findings contribute to improving database security awareness and provide practical recommendations for strengthening the resilience of information systems in the government sector.]]>
Copyrights © 2025
