Analisis Keamanan Terhadap SQL Injection pada Web Service Berbasis Representational State Transfer (REST)

ABSTRAKSI: Mashups merupakan fenomena saat ini yang dihasilkan karena inovasi web service REST dan AJAX (Asynchronous JavaScript API and XML). Web Service itu sendiri merupakan sistem perangkat lunak yang didesain untuk mendukung interoperabilitas interaksi antar mesin dalam suatu jaringan (network). Berdasarkan W3C, REST merupakan arsitektur web service. REST memiliki tujuan utama memanipulasi representasi resource dari web yang berupa XML. Protokol yang digunakan REST sama dengan protokol HTTP. Oleh sebab itulah REST cukup menggunakan protokol HTTP dan tidak memerlukan layer tambahan, sehingga sangat berbeda dengan arsitektur web service yang lain seperti SOAP dan XML-RPC. REST memiliki kekurangan, yaitu tidak adanya standard support untuk keamanannya. REST yang menggunakan HTTP GET memiliki parameter querysting sehingga memungkinkan terjadinya SQL Injection. Pada tugas akhir ini akan dibangun sebuah framework REST web service yang memiliki metode untuk miminimalisir serangan SQL Injection seperti regular expression, escape character, dan prepare statement. Pengujian dilakukan dalam dua tahap, yaitu uji banyaknya query SQL Injection yang tembus dan uji enumerasi untuk mendapat informasi sensitif database . Hasil pengujian akan menghasilkan beberapa data seperti server time execution dan memory usage. Berdasarkan hasil penelitian, didapat bahwa metode dengan escape character merupakan metode terbaik dilihat dari segi rata-rata server time execution dan penggunaan memori.Kata Kunci : SQL Injection, Web Service, REST, FrameworkABSTRACT: At this time, mashups are a phenomenon because of the innovations of RESTful Web services and AJAX (Asynchronous JavaScript API and XML. A Web service is a software system designed to support interoperable machine-tomachine interaction over a network. Based on W3C, REST is one of web service architecture. The main purpose of REST is manipulating reseource representation from Web to XML. REST use HTTP as protocol, so REST does not need additional layer to implement web service like SOAP or XML-RPC based web service. REST has one disadvantage. REST is lack of standard support for the security. It is possible for REST send querystring parameter via HTTP GET. Because of it, REST has SQL Injection vulnerability. In this paper will develop a REST web service framework which have methods like regular expression, escape character, and prepare statement to minimize SQL Injection attack. Testing will have two stage. In first stage, client will send SQL Injection queries to get how many query will be pass to the database. In second stage, client will enumerate to get sensitive information from database server. Testing result will create data which contains server time execution and memory usage. Based on research, the result is escape character method is the best method to defend against SQL Injection attack based on server time execution and memory usage.Keyword: SQL Injection, Web Service, REST, Framewor

INTEGRASI SISTEM DATA PEMILIH MENGGUNAKAN WEB SERVICE DENGAN METODE REPRESENTATIONAL STATE TRANSFER (REST)

INTEGRASI SISTEM DATA PEMILIH MENGGUNAKAN WEB SERVICE DENGAN METODE REPRESENTATIONAL STATE TRANSFER (REST) Oleh Runi Dwi Hapsari — [email protected] 1501781 ABSTRAK Teknologi informasi dan komunikasi yang saat ini sudah berkembang pesat di berbagai bidang menuntut suatu sistem untuk dapat mengolah dan menyajikan data sehingga menghasilkan informasi dengan cepat dan akurat. Bidang pemerintahan adalah salah satu yang memanfaatkan perkembangan teknologi informasi untuk meningkatkan kualitas di lembaga pemerintahan seperti Komisi Pemilihan Umum (KPU). Salah satu cara untuk meningkatkan kualitas tersebut adalah dengan memanfaatkan teknologi informasi dalam melakukan pengolahan data pemilih dan memberikan informasi data pemilih kepada masyarakat. Satu kemajuan teknologi yang dapat mengatasinya adalah dengan mengimplementasikan teknologi web service dengan metode Representational State Transfer (REST) yang bertujuan untuk memungkinkan dilakukannya pengecekan data transaksi secara terpusat walaupun Komisi Pemilihan Umum (KPU) memiliki database yang berbeda-beda di dalam website yang berbeda-beda pula. Pada penelitian ini penulis dapat menghasilkan sebuah website yang bersifat terpusat dengan memanfaatkan web service metode REST dalam proses pengambilan datanya yang bertujuan untuk menggabungkan atau menyatukan data-data tersebut walaupun berasal dari database yang berbeda-beda. Kata kunci: Data pemilih, web service, Metode Representational State Transfer (REST), database. INTEGRATION OF VOTER DATA SYSTEM USING WEB SERVICE USING REPRESENTATIONAL STATE TRANSFER (REST) METHOD Arranged by Runi Dwi Hapsari — [email protected] 1501781 ABSTRACT Information and communication technology which is currently growing rapidly in various fields requires a system to be able to process and present data to produce information quickly and accurately. The government sector is one that utilizes the development of information technology to improve quality in government institutions such as the General Election Commission (KPU). One way to improve the quality is by utilizing information technology in processing voter data and providing voter data information to the public. One technological advancement that can overcome this is by implementing web service technology with the Representational State Transfer (REST) method that aims to allow checking transaction data centrally even though the General Election Commission (KPU) has different databases on different websites also. In this study the author can produce a centralized website by utilizing the REST web service method in the data retrieval process which aims to combine or unify these data even though they come from different databases. Keywords: Voter data, web service, Representational State Transfer (REST) method, database

Analisis Desain Berbasis Arsitektur Microservices dengan Representational State Transfer (REST) (Studi Kasus: Heartenly.Com)

Arsitektur monolitik mendesain sistem aplikasi hanya terdiri dari satu bagian besar dan berjalan pada satu computational instance [1]. Hal tersebut menyebabkan, proses meningkatkan atau memperbaiki sistem aplikasi harus secara menyuluruh sekecil apapun peningkatan yang dilakukan. Heartenly.com sebagai aplikasi pencari jodoh asal Indonesia, masih menggunakan arsitektur monolitik. Heartenly.com, membutuhkan arsitektur yang dapat melakukan peningkatan atau perbaikan sistem dapat dilakukan secara independen tanpa harus mematikan seluruh layanan. Untuk itu Heartenly.com perlu melakukan perubahan pada arsitekturnya, dari monolitik menjadi microservice. Proses perubahan tersebut melibatkan proses dekomposisi untuk memecah layanan-layanan yang ada pada Heartenly.com. Metode dekomposisi menggunakan prinsip Domain-driven Design (DDD) dipadukan dengan arsitektur Representational State Transfer (REST) untuk mengoptimalkan jalur komunikasi karena Heartenly.com berbasis web. Hasil dekomposisi diuji dengan metode Single Responsibility Principle (SRP) dan Common Closure Principle (CCP) adaptasi dari prinsip Object Oriented Programming (OOP). Dalam penilitian ini, hasil analisis membuktikan bahwa, microservice dapat melakukan peningkatan layanan dan deployment secara independen Kata kunci : Microservice,dekomposisi,domain-driven design, RES

Framework for ReSTful Web Services in OSGi

Ensemble ReST is a software system that eases the development, deployment, and maintenance of server-side application programs to perform functions that would otherwise be performed by client software. Ensemble ReST takes advantage of the proven disciplines of ReST (Representational State Transfer. ReST leverages the standardized HTTP protocol to enable developers to offer services to a diverse variety of clients: from shell scripts to sophisticated Java application suite

Comparative Analysis of Xml and Json Using Php Application Platform with Representational State Transfer ( Rest ) Architectural

Data communication in the internet today is so complex as an example of the speed factor becomes very important in communicating, everyone wants fast data communication services provided in order to maximum. In relation to the application as a communication liaison with client server applications, web service using a data serialization format to transmit the data. Before the data is sent, either fromthe client to the server or vice versa, should be modified in a specific data format beforehand according to the web service is used. Types of data serialization format used in the web service such as XML and JSON. The method used for testing include data serialization method, data measurement method and data parsing method. Data serialization method is used to calculate the time serialization of data from the database to the form of XML and JSON in applications with PHP platform. Data measurement method used to measure the size of the XML and JSON data which based on many fields of data serialization process. Data parsing method is used to calculate the processing time and JSON parsing XML data. Results o f comparative analysis o f XML and JSON in PHP applications using thearchitecture Rest can be concluded that the test result o f the difference in time and time serialization and JSON parsing XML data is influenced by the number o f records, if the number of records the greater the difference in eating time data serialization and parsing the data the greater the time also itcan be concluded that the faster the process JSON serialization and parsing XML data is compared. Testing results o f the JSON data size is smaller than the size of XML. Data exchange using XML format has a size limit of up to 31456.31 KB while JSON XML exceeds the size limit. Testing results on the Internet when the number o f records up to 50,000 data when the data serialization and parsing time data can not be detected in the database

ReLock: a resilient two-phase locking RESTful transaction model

Service composition and supporting transactions across composed services are among the major challenges characterizing service-oriented computing. REpresentational State Transfer (REST) is one of the approaches used for implementing Web services that is gaining momentum thanks to its features making it suitable for cloud computing and microservices-based contexts. This paper introduces ReLock, a resilient RESTful transaction model introducing general purpose transactions on RESTful services by a layered approach and a two-phase locking mechanism not requesting any change to the RESTful services involved in a transaction

Design of a security mechanism for RESTful web service communication through mobile clients

Security is not taken into account by default in the Representational State Transfer (REST) architecture, but its layered architecture provides many opportunities for implementing it. In this paper, a security mechanism for Web service communication through mobile clients devices is proposed, that conforms to the REST architecture as much as possible. Results indicate that the custom security mechanism outperforms the Transport Layered Security (TLS) based system. Because of the genericness of REST, the proposed security mechanism can be adopted by a wide variety of other RESTful Web services

Rancang Bangun Web Service Api Dan Dokumentasi Rest Api Web Portal Unit Kegiatan Mahasiswa Di Politeknik Negeri Lampung

Currently, the student activity unit of the Lampung State Polytechnic itself already has a website that is connected to the official website of the Lampung State Polytechnic. Based on the results of research on 8 student activity units in Polinela, the web is considered to still not meet the needs of each student activity unit of the State Polytechnic in Lampung. then it is necessary to develop a backend system based on the Application Programming Interface (API) that can be implemented to create an Application and Mobile-based web. So an API-based system can be produced with a Representational State Transfer (REST) architecture and web REST API documentation portal for student activity units of the State Polytechnic in Lampung to make it easier for frontend developers to create a webSaat ini Unit kegiatan mahasiswa politeknik negeri lampung sendiri sudah memiliki webiste yang terhubung dengan web resmi milik Politeknik Negeri Lampung. Berdasarkan hasil penelitian kepada 8 unit kegiatan mahasiswa  yang ada di POLINELA, web tersebut dinilai masih belum memenuhi kebutuhan dari setiap Unit Kegiatan Mahasiswa Politeknik Negeri Lampung. maka perlu dibuat sebuah pengembangan sistem backend berbasis Application Programming Interface (API) yang dapat di implementasikan untuk membuat web berbasis Aplikasi dan Mobile. Maka dapat di hasilkan sistem berbasis API dengan arsitektur Representational State Transfer (REST) dan dokumentasi REST API web portal unit kegiatan mahasiswa Politeknik negeri lampung agar memudahkan frontend developer membuat sebuah we