Habibi, Thoriq Afif (2025) Pengembangan Aplikasi Deteksi Celah Keamanan SQL Injection Pada Kode PHP Dengan Metode Static Taint Analysis. Other thesis, Institut Teknologi Sepuluh Nopember.
![[thumbnail of 5025211154-Undergraduate_Thesis.pdf]](http://repository.its.ac.id/style/images/fileicons/text.png) |
Text
5025211154-Undergraduate_Thesis.pdf - Accepted Version Restricted to Repository staff only until 1 April 2027. Download (3MB) | Request a copy |
Abstract
Keamanan merupakan masalah yang sangat krusial dalam proses pengembangan perangkat lunak, khususnya aplikasi web. Salah satu ancaman yang sangat berbahaya adalah serangan SQL injection (SQLi). Dengan melakukan SQLi, penyerang dapat mencuri kredensial, mendapatkan data sensitif, merusak database, hingga melakukan denial of service. Oleh karena itu, penelitian ini bertujuan untuk mengembangkan alat yang dapat mendeteksi celah keamanan SQLi pada kode Hypertext Preprocessor (PHP). Alat ini menggunakan metode static taint analysis, yaitu penulusuran data dari untrusted source hingga mencapai sink tanpa mengeksekusi kode program. Penelusuran data ini akan mencari apakah data dari unstrusted source telah disanitasi sebelum digunakan pada query database. Dengan taint analysis, alat deteksi tidak hanya melaporkan adanya celah keamanan, namun juga bagian kode program yang menyebabkan adanya celah keamanan.
Alat deteksi SQLi dengan metode static taint analysis bekerja melalui 5 proses, yaitu (1) membaca kode sumber PHP, (2) mem-parsing kode sumber menjadi Abstract Syntax Tree (AST), (3) mengubah AST ke bentuk Static Single Assignment (SSA), (4) melakukan taint analysis dari unstrusted source, dan (5) melaporkan dan menyajikan celah keamanan yang terdeteksi. Pada proses keempat, analisis dilakukan menggunakan aturan source, sanitizer, dan sink yang juga ditentukan pada penelitian ini. Penentuan aturan ini didasarkan pada bagaimana PHP menerima request klien dan mengakses database. Selain itu, dilakukan juga penanganan tipe data variabel serta pemeriksaan kondisi alur data yang dapat memengaruhi hasil deteksi. Pengujian dan evaluasi dilakukan dengan mengeksekusi alat deteksi pada tiga jenis dataset lalu dibandingkan Semgrep. Tiga jenis dataset yang digunakan yaitu dataset skrip PHP dengan label, program aplikasi PHP, dan program aplikasi Laravel. Berdasarkan pengujian pada dataset skrip PHP, didapatkan akurasi 84,36%, presisi 55,97%, recall 68,84%, dan f1-score 71,77%. Hasil ini lebih baik dibanding Semgrep yang mendapat akurasi 72,86%, presisi 30,08% dan recall 27,54%, dan f1-score 28,75%. Selanjutnya, didapatkan 14 TP dan 8 FP di "WeBid", 4 TP lebih banyak dan 15 FP lebih sedikit dibanding Semgrep; 35 TP dan 0 FP di "PHP7-Webchess", 2 FP lebih sedikit dibanding Semgrep; serta 7 TP dan 0 FP di "PWEB-Tugas-10", hasil yang sama dengan Semgrep. Sedangkan pada aplikasi Laravel, didapatkan 1 TP dan 0 FP baik paka "Vulnerable-Laravel" maupun "vulnerable-laravel-app". Di sisi lain, Semgrep gagal mendeteksi celah keamanan pada keduanya. Dalam hal efisiensi, alat deteksi yang dikembangkan membutuhkan durasi rata-rata deteksi pada dataset skrip PHP dan kelima aplikasi selama 0,0057 detik/baris kode, 0,00175 detik/baris kode, 0,00074 detik/baris kode, 0,00036 detik/baris kode, 0,00003 detik/baris kode, dan 0,00097 detik/baris kode.
==================================================================================================================================
Security is a critical issue in the software development process, especially for web applications. One of the most dangerous threats on a web application is SQL injection (SQLi) attacks. By performing SQLi, attackers can steal credentials, gain sensitive data, crash the databases, and even execute denial of service attacks. Therefore, this research aims to develop a tool that can detect SQLi vulnerabilities in a PHP code. This tool uses the static taint analysis method, which traces data from untrusted sources to sinks without executing the program code. This data tracing will check if data from untrusted sources have been sanitized before being used in database queries. With taint analysis, the detection tool not only reports the presence of security vulnerabilities but also highlights the program code causing these vulnerabilities. The SQLi detection tool using the static taint analysis method works through five processes: (1) reading the PHP source code, (2) parsing the source code into an AST (Abstract Syntax Tree), (3) converting the AST into SSA (Static Single Assignment) form, (4) performing taint analysis from untrusted sources, and (5) reporting detected security vulnerabilities. In the fourth process, the analysis is conducted using source, sanitizer, and sink rules. These rules are determined based on how PHP receives client requests and accesses the database. Additionally, handling variable data types and checking data flow conditions that could affect detection results are also carried out. Testing and evaluation were conducted by executing the detection tool on three types of datasets and comparing it to Semgrep. The three types of datasets used were labeled PHP script datasets, PHP application programs, and Laravel application programs. Based on testing on the PHP script dataset, the accuracy achieved was 84.36%, precision 55.97%, recall 100%, and f1-score 71.77%. These results are better compared to Semgrep, which achieved 72.86% accuracy, 30.08% precision, 27.54% recall, and 28.75% f1-score. Furthermore, 14 true positives (TP) and 8 false positives (FP) were found in the "WeBid", 4 more TP and 15 fewer FP than Semgrep; 35 TP and 0 FP in the "PHP7-Webchess", 2 fewer FP than Semgrep; and 7 TP and 0 FP in the "PWEB-Tugas-10", the same result as Semgrep. Meanwhile, in the Laravel applications, 1 TP and 0 FP were detected in both "Vulnerable-Laravel" and "vulnerable-laravel-app". On the other hand, Semgrep failed to detect vulnerabilities in both. In terms of efficiency, the developed detection tool required detection average durations of 0,0057 second/line of code, 0,00175 second/line of code, 0,00074 second/line of code, 0,00036 second/line of code, 0,00003 second/line of code, and 0,00097 second/line of code for the PHP script dataset and the five applications, respectively.
| Item Type: | Thesis (Other) |
|---|---|
| Uncontrolled Keywords: | Web Security, SQL injection, Static Analysis, Taint Analysis, PHP |
| Subjects: | T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55201-(S1) Undergraduate Thesis |
| Depositing User: | Thoriq Afif Habibi |
| Date Deposited: | 30 Jan 2025 07:30 |
| Last Modified: | 30 Jan 2025 07:30 |
| URI: | http://repository.its.ac.id/id/eprint/117167 |
Actions (login required)
 |
View Item |
