Main Article Content

wasito sukarno imam riadi


The development of the security system on the application of a website is now more advanced. But a software that has vulnerability will threaten all fields such as information system of health, defense, finance, and education. Information technology security issues will become the threat that made managers of the website (webadmin) alerted. This paper is focused on how to handle various application web attacks, especially attacks that uses SQL Injection, using The Open Web Application Security Project (OWASP), the aim is raise awareness about application security web and how to handle an occurred attack.

Article Details

How to Cite
SUKARNO, wasito; RIADI, imam. MITIGATION HANDLING OF SQL INJECTION ATTACKS ON WEBSITES USING OWASP FRAMEWORK. Kursor, [S.l.], v. 9, n. 4, oct. 2019. ISSN 2301-6914. Available at: <>. Date accessed: 12 dec. 2019. doi:


[1] A. Sagala, E. Manurung, B. Siahaan, and R. Marpaung, “Detection, Identification And Web Handling Using Sql Injection And Cross-Site Scripting,” Inst. Teknol. Del, vol. 2014, pp. 20–24, 2014.
[2] B. A. Harahap, H. Lubis, and T. M. Diansyah, “Penetration Testing Web Security Using SQL Injection” Biltek, vol. 5, no. 70, pp. 1–5, 2015.
[3] T. R. Yudantoro, “SQL injection on the database security system,” J. Teknol. Inf. dan Komun., vol. 4, no. 2, pp. 89–93, 2013.
[4] M. Dahlan, A. Latubessy, M. Nurkamid, and L. H. Anggraini, “Testing And Analysis Of Website Security Against SQL Injection Attacks (Case Study: Website UMK ),” vol. 7, no. 1, pp. 13–19, 2015.
[5] J. O. Atoum and A. J. Qaralleh, “a Hybrid Technique for Sql Injection Attacks Detection and Prevention,” Int. J. Database Manag. Syst. ( IJDMS ), vol. 6, no. 1, pp. 21–28, 2014.
[6] R. Ellysa, M. Husni, and A. Pratomo, “SQL Injection Attack Detector Using SQL Injection Free Secure Algorithms in Web Applications,” Tek. Pomits, vol. 2, no. 1, pp. 1–6, 2013.
[7] I. Riadi, E. I. Aristianto, and A. Dahlan, “An Analysis of Vulnerability Web Against Attack Unrestricted Image File Upload,” Comput. Eng. Appl., vol. 5, no. 1, pp. 19–28, 2016.
[8] A. Lazzez and T. Slimani, “Forensics Investigation of Web Application Security Attacks,” Int. J. Comput. Netw. Inf. Secur., vol. 7, no. 3, pp. 10–17, 2015.
[9] S. G. Nugraha, S. Djanali, and A. Pratomo, “SQL Injection Detection and Prevention Detection System with SQL Query and Honeypot Query Attribute Removal,” vol. 2, no. 1, pp. 1–5, 2013.
[10] K. Randhe and V. Mogal, “Security Engine for prevention of SQL Injection and CSS Attacks using Data Sanitization Technique,” Int. J. Innov. Res. Comput. Commun. Eng., vol. 3, no. 6, pp. 5890–5898, 2015.
[11] V. C. Amit Chaturvedi, Shailendra Bagdi, “Analysis of SQL Injections Attacks and Vulnerabilities,” Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 6, no. 3, pp. 106–110, 2016.
[12] R. Pardosi, Kalilinux Top Hacking.pdf. Jasakom, 2015.
[13] D. W. Jeff Williams, OWASP Top 10-2017 rcl, 1st ed. Maryland, Amerika, 2017.
[14] D. S. Yudhistira, I. Riadi, and Y. Prayudi, “Live Forensics Analysis Method For Random Access Memory On Laptop Devices,” vol. 16, no. 4, 2018.
[15] M. A. Zulkifli and U. A. Dahlan, “Live Forensics Method for Analysis Denial of Service ( DOS ) Attack on Routerboard,” vol. 180, no. 35, pp. 23–30, 2018.
[16] M. I. Mazdadi, I. Riadi, and A. Luthfi, “Live Forensics on RouterOS using API Services to Investigate Network Attacks,” Int. J. Comput. Sci. Inf. Secur., vol. 15, no. 2, pp. 406–410, 2017.
[17] D. Mualfah and I. Riadi, “Network Forensics For Detecting Flooding Attack On Web Server,” IJCSIS) Int. J. Comput. Sci. Inf. Secur., vol. 15, no. 2, pp. 326–331, 2017.
[18] I. Riadi, A. W. Muhammad, and Sunardi, “Neural network-based ddos detection regarding hidden layer variation,” J. Theor. Appl. Inf. Technol., vol. 95, no. 15, pp. 3684–3691, 2017.
[19] N. Widiyasono, I. Riadi, and A. Luthfi, “Investigation on the services of private cloud computing by using ADAM Method,” Int. J. Electr. Comput. Eng., vol. 6, no. 5, pp. 2387–2395, 2016.
[20] A. Kurniawan, I. Riadi, and A. Luthfi, “Forensic analysis and prevent of cross site scripting in single victim attack using open web application security project (OWASP) framework,” J. Theor. Appl. Inf. Technol., vol. 95, no. 6, pp. 1363–1371, 2017.
[21] M. Dahlan, A. Latubessy, and M. Nurkamid, “Web Server Security Analysis Of Possibility Sql Injection Attacks, Case Study: UMK Web Server,” Pros. SNATIF, vol. 0, no. 0, pp. 251–258, 2015.