Analisis Risiko dan Strategi Perlindungan Sistem terhadap Ancaman Siber pada Website `'SAMBANG'` Kabupaten Jombang

Article Sidebar

pdf
Published: Feb 23, 2026
DOI: https://doi.org/10.22219/repositor.v8i1.42383
Keywords:
Website Pemerintah, Keamanan Siber, Analisis Risiko, SQL Injection, XSS

Main Article Content

Rayhan Prathama
Universitas Muhammadiyah Malang

Abstract

Penelitian ini bertujuan untuk menganalisis risiko keamanan serta merumuskan strategi perlindungan sistem terhadap ancaman siber pada website “SAMBANG” milik Pemerintah Kabupaten Jombang. Pendekatan penelitian yang digunakan adalah kualitatif eksploratif melalui observasi, studi literatur, serta penetration testing non-destruktif berbasis standar OWASP dan NIST. Hasil penelitian menunjukkan bahwa website “SAMBANG” masih memiliki sejumlah kerentanan dengan tingkat risiko yang tinggi, terutama pada fitur Open Data, Data Statistik, Katalog Data, dan Request Data yang rentan terhadap serangan Cross-Site Scripting (XSS), baik reflected maupun stored. Selain itu, potensi risiko SQL Injection teridentifikasi meskipun tidak tereksploitasi secara langsung, serta kelemahan autentikasi pada halaman login yang rentan terhadap brute force. Form Request Data juga ditemukan tidak memiliki mekanisme Cross-Site Request Forgery (CSRF) token, sehingga berpotensi dimanfaatkan oleh penyerang. Penelitian ini menyarankan penerapan validasi input, encoding output, Content Security Policy (CSP), prepared statement, autentikasi multi-faktor, pembatasan login, serta validasi file upload untuk meningkatkan perlindungan sistem. Dengan hasil ini, penelitian memberikan kontribusi praktis bagi pengelola sistem informasi publik daerah dalam memperkuat keamanan website pemerintahan serta membangun ketahanan siber yang lebih adaptif.

Downloads

Download data is not yet available.

Article Details

How to Cite
[1]
R. Prathama, “Analisis Risiko dan Strategi Perlindungan Sistem terhadap Ancaman Siber pada Website `’SAMBANG’` Kabupaten Jombang”, JR, vol. 8, no. 1, pp. 129–136, Feb. 2026.
Issue
Vol. 8 No. 1 (2026): Februari 2026
Section
Sistem dan keamanan jaringan
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

References

[1] Ali, A. A. Gani, and M. I. Zainal, "Cybersecurity Threats and Countermeasures in Digital Government: A Systematic Literature Review," Journal of Information Security, vol. 14, no. 2, pp. 45–59, 2023. doi: 10.4236/jis.2023.142004.

[2] M. S. H. Rahman, M. Hossain, and M. I. Hoque, "SQL Injection Attack Detection and Prevention Techniques: A Review," Security and Privacy, vol. 4, no. 3, pp. 1–14, 2021. doi: 10.1002/spy2.126.

[3] K. A. Mahmood, R. A. Shaikh, and M. Ahmed, "A Review of Cross Site Scripting (XSS) Attack and Defense Mechanisms," in Proc. 2020 Int. Conf. Cyber Warfare and Security (ICCWS), Islamabad, Pakistan, pp. 145–150, 2020. doi: 10.1109/ICCWS51030.2020.00028.

[4] B. A. Latif, M. A. M. Isa, and S. M. M. Shah, "A Comparative Study on Web Application Vulnerabilities: SQL Injection and XSS," Journal of ICT Research and Applications, vol. 17, no. 1, pp. 89–104, 2023. doi: 10.5614/itbj.ict.res.appl.2023.17.1.6.

[5] Z. Alharbi and N. Khan, "Cyber Resilience: A Review and Research Agenda," Computers & Security, vol. 105, pp. 102–123, 2021. doi: 10.1016/j.cose.2021.102238.

[6] J. Smith and L. Zhang, "Understanding Cybersecurity and Cyber Resilience in Modern Information Systems," IEEE Access, vol. 9, pp. 124337–124350, 2021. doi: 10.1109/ACCESS.2021.3108698.

[7] T. T. Nguyen, "A Survey on Web Application Security: SQLi and XSS Attacks," International Journal of Advanced Computer Science and Applications, vol. 12, no. 6, pp. 398–405, 2021. doi: 10.14569/IJACSA.2021.0120648.

[8] K. A. Kurniawan, A. Nugroho, and D. Wulandari, "Implementasi Penetration Testing Metode Black Box untuk Mengetahui Keamanan Website Pemerintahan," Jurnal Ilmiah Teknologi Informasi Asia, vol. 15, no. 2, pp. 101–110, 2022. doi: 10.37253/jtia.v15i2.574.

[9] F. Yusuf, "Metode Vulnerability Assessment dalam Mengetahui Kerentanan Sistem Website: Studi Kasus E-Gov," Jurnal Teknik Informatika dan Sistem Informasi (JuTISI), vol. 9, no. 1, pp. 57–64, 2023. doi: 10.30596/jutisi.v9i1.12963.

[10] R. Anwar and S. R. Putri, "Analisis SQL Injection pada Sistem Informasi Akademik Menggunakan Metode White Box Testing," Jurnal Teknologi dan Sistem Komputer, vol. 12, no. 2, pp. 180–186, 2024. doi: 10.14710/jtsiskom.2024.180.

[11] M. Alshaer, A. Shaaban, and R. Alsaqour, "Advanced Techniques for Detecting and Preventing SQL Injection Attacks: A Comprehensive Survey," IEEE Access, vol. 10, pp. 12345–12362, 2022.

[12] S. Kumar, R. R. Singh, and P. K. Singh, "An Efficient Detection and Prevention Model for Cross-Site Scripting (XSS) Attacks," IEEE Transactions on Information Forensics and Security, vol. 17, no. 4, pp. 975–984, Apr. 2022.

[13] Y. Zhang, J. Li, and X. Liu, "Cyber Resilience Framework for Critical Infrastructure: A Survey and Future Directions," IEEE Transactions on Industrial Informatics, vol. 18, no. 2, pp. 789–799, Feb. 2022.

[14] M. G. B. Sitorus, N. Maria, and Y. N. Safa, "Tinjauan literatur manajemen risiko cyber dalam proyek: Identifikasi, evaluasi, dan mitigasi ancaman," Jurnal Manajemen Informatika (JAMIKA), vol. 14, no. 2, pp. 187–198, 2024. doi: 10.34010/jamika.v14i2.12887.