Database Vulnerability Analysis of North Aceh e-Kinerja Website Using SQL Injection
DOI:
https://doi.org/10.47709/brilliance.v5i2.6780Keywords:
Information Security, SQL Injection, e-Kinerja, Blackbox Testing, ISSAFAbstract
The rapid advancement of information technology has significantly increased the risk of cyber threats, particularly in web-based systems. One of the most common attack techniques used to exploit vulnerabilities in web applications is SQL injection, which can result in sensitive data leakage and system compromise. This study aims to evaluate the database security of the E-Kinerja website of North Aceh Regency against SQL injection attacks using a black-box penetration testing approach. The assessment is conducted based on the Information Systems Security Assessment Framework (ISSAF), which provides a structured and systematic methodology for comprehensive security evaluation. The testing process includes several stages, namely planning and preparation, information gathering, network mapping, vulnerability identification, and penetration testing, utilizing tools such as SQLMap and OWASP ZAP. The results indicate that the target website is not vulnerable to SQL injection attacks, as no exploitable parameters were identified during testing. This is largely due to the implementation of security mechanisms such as Web Application Firewall (WAF) and Intrusion Prevention System (IPS), which effectively detect and prevent unauthorized access attempts. This study highlights the importance of implementing layered security strategies and continuously updating security protocols to address emerging cyber threats. The findings contribute to improving database security awareness and provide practical recommendations for strengthening the resilience of information systems in the government sector.
References
Abdul Gafur, dan. (2023). PENERAPAN SISTEM KINERJA BERBASIS E-KINERJA PADA PEMERINTAHAN KOTA BEKASI IMPLEMENTATION OF E-KINERJA BASED PERFORMANCE SYSTEM ASSESSMENT IN BEKASI CITY GOVERNMENT. Jurnal Administrasi Negara, 29(1).
Akhlia, Y. H. (2025). ISSAF-based penetration testing on e-commerce systems.
Alenezi, M., et al. (2021). Web application security vulnerabilities and prevention techniques. Journal of Cyber Security Technology, 5(2), 45–60.
Annas, M., Adek, R. T., & Afrillia, Y. (2024). Web application firewall design for cyber attack prevention.
Fitria, R. (2020). The Attacking Methods Involved in Current Trend Environment. Jurnal Teknologi Terapan Sains 4.0, 2(1)
Gusty, R. et al. (n.d.). Penerapan Sistem Informasi Sumber Daya Manusia Pada Program E. In Jurnal Administrasi Politik dan Sosial (Vol. 1). Retrieved from https://japs.ejournal.unri.ac.id/index.php/JAPS
Kumar, R., Singh, P., & Sharma, V. (2022). Intrusion prevention systems: A comprehensive study. International Journal of Network Security, 24(1), 12–25.
Nazaruddin, I. F. (2024). Security analysis of e-ticketing systems using ISSAF
Nisa, F., Nurfebruary, N. S., & Ikhwani, M. (2024). Analysis of academic portal website security using OWASP ZAP. Jurnal Nasional Komputasi dan Teknologi Informasi, 7(6)
Pratama, Y., et al. (2021). Cybersecurity awareness in government systems. Journal of Digital Governance, 3(1), 10–18.
Putra, R., et al. (2023). Penetration testing in public sector applications. Indonesian Journal of Information Systems, 8(2), 99–110.
Rahman, M., et al. (2022). Black-box penetration testing approach for web applications. IEEE Access, 10, 112233–112245.
Singh, A., & Sharma, K. (2021). Web application firewall effectiveness in cyber defense. Journal of Information Security, 12(3), 150–162.
Umar, R., Riadi, I., & Ihya, M. (2023). ISSAF framework for information system security assessment. Jurnal Teknologi Informasi, 12(1), 280–292.
Wibowo, A., et al. (2024). Security analysis of web applications using ISSAF. Journal of Information Systems Research, 15(1), 22–35.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Fidyatun Nisa, Muhammad Ikhwani, Nanda Sitti Nurfebruary, Siti Nayla Husna
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
info@itscience.org, web: 
