Smart Payment Application Security Optimization from Cross-Site Scripting (XSS) Attacks Based on Blockchain Technology

Imam Riadi, Rusydi Umar, Tri Lestari

Abstract


The digital era is an era everyone has used technology and they are connected to each other very easily. The Smart Payment application is one of the applications that is developing in the digital era. This application is not equipped with security, so there is a concern that hackers will try to change user or even change user data. One of the possible attacks on this application is a cross-site attack (XSS). It is a code injection attack on the user side. Security in the Smart Payment application needs to be improved so that data integrity is maintained. In this research, security optimization is carried out by implementing blockchain. Blockchain has the advantage in terms of security with the concept of decentralization by utilizing a consensus algorithm that can eliminate and make improvements to data changes made by hackers. The result obtained from this study is the implementation of blockchain to maintain the security of payment transaction data on the Smart Payment application from XSS attacks. It is proven by the results of the vulnerability before and after blockchain implementation. Before the implementation of the vulnerability is found, 1 XSS vulnerability had a high level of overall risk. Meanwhile, the result of the vulnerability after blockchain implementation was not found from XSS attacks (the XSS vulnerability was 0 or not found).

Keywords


IoT; Vulnerabillity; XSS; Security; Blockchain

Full Text:

PDF (Indonesian)

References


A. Haryadi, H. Priyanto, and H. Anra, “Designing News Insertion Application with Internet Content Adaptation Protocol,” vol. 5, no. 3, pp. 1–6, 2017. https://jurnal.untan.ac.id /index.php/justin/article/view/20575

A. Winarto, “E-Transcript Design with Blockchain Technology,” Pros. Semin. Nas. Pakar, vol. 0, no. 0, pp. 1-37.1–1.37. 6, 2019, [Online]. Available: https://www.trijurnal.lemlit.trisakti.ac.id/ pakar/article/view/4176%0Ahttps://www.trijurnal.lemlit.trisakti.ac.id/pakar/article/view/4176/3316.

A. Y. W, Yunanri, Imama Riadi, “Vulnerability Detection Analysis on Open Journal System Web Server Using OWASP Scanner,” Jurnal Rekayasa Teknologi Informasi (JURTI), vol. 2, no. 1. pp. 1–8, 2018. http://e-journals.unmul.ac.id/index.php/INF/article/view/1319

D. Sasmoko and Y. A. Wicaksono, “Internet of Things (IoT) Implementation in Infusion Monitoring Using ESP 8266 and WEB to Share Data,” J. Ilm. Inform., vol. 2, no. 1, pp. 90–98, 2017, doi: 10.35316/jimi.v2i1.458. https://ejournal.amiki.ac.id/index.php/JIMI/article/view/36/21

D. Setiadi and M. N. Abdul Muhaemin, “Application of the Internet of Things (IoT) in the Irrigation Monitoring System (Smart Irrigation),” Infotronik J. Teknol. Inf. dan Elektron., vol. 3, no. 2, p. 95, 2018, doi: 10.32897/infotronik.2018.3.2.108. http://jurnal.usbypkp.ac.id/index.php/infotronik /article/download/108/93

F. Rozi, H. Amnur, F. Fitriani, and P. Primawati, “Home Security Using Arduino Based on the Internet Of Things,” INVOTEK J. Inov. Vokasional dan Teknol., vol. 18, no. 2, pp. 17–24, 2018, doi: 10.24036/invotek.v18i2.287. http://invotek.ppj.unp.ac.id/index.php/invotek/article/view/287/72

I. Busthomi, I. Riadi, R. Umar, and J. P. Soepomo, “Optimization of Event Registration Information Security Using Blockchain Technology,” vol. XII, no. 1, pp. 74–82, 2020. https://www.researchgate.net/publication/342200694_Optimasi_Keamanan_Autentikasi_dari_Man_in_the_Middle_Attack_MiTM_Menggunakan_Teknologi_Blockchain

I.M Suartana, H. Endah Wahanani, and A. Noor Sandy, “Web Server Security System With Application Firewall (WAF),” Scan, vol. X, no. 1, pp. 3–8, 2015. https://www.researchgate.net/publication/347328470_Implementasi_Web_Application_Firewall_Menggunakan_Modsecurity_Sebagai_Strategi_Pengamanan_Web_Server/link/5fd9dbf545851553a0bd813b/download

I. Riadi et al., “Cross-Site Scripting (XSS) Attack Vulnerability Analysis on Smart Payment Applications Using the OWASP Framework,” vol. 5, no. 3, pp. 146–152, 2020. https://www.researchgate .net/publication/345830787_Analisis_Kerentanan_Serangan_Cross_Site_Scripting_XSS_pada_Aplikasi_Smart_Payment_Menggunakan_Framework_OWASP

J. Fat, H. Candra, and W. Wiliam, “Sensor Data Securitization in the Internet of Things (IoT) Applications Using the Ethereum Blockchain on the Testnet Network,” TESLA J. Tek. Elektro, vol. 21, no. 1, p. 79, 2019, doi: 10.24912/tesla.v21i1.5886. https://www.neliti.com/id/publications/296798 /sekuritisasi-data-sensor-pada-aplikasi-internet-of-things-iot-dengan-menggunakan

L. Arief and T. A. Sundara, “Study on the Use of Blockchain for the Internet of Things (IoT), "J. RESTI (Engineering Systems and Information Technology), vol. 1, no. 1, p. 70, 2017, doi: 10.29207/resti.v1i1.26. https://www.researchgate.net/publication/321798741_Studi_atas_Peman faatan_Blockchain_bagi_Internet_of_Things_IoT/link/5cded3a2299bf14d95a2b834/download

P. J. Taylor, T. Dargahi, A. Dehghantanha, R. M. Parizi, and K. K. R. Choo, “A systematic literature review of blockchain cyber security,” Digit. Commun. Networks, vol. 6, no. 2, pp. 147–156, 2020, doi: 10.1016/j.dcan.2019.01.005. https://www.sciencedirect.com/science/article/pii/S2352864818 301536

R. Cole, M. Stevenson, and J. Aitken, “Blockchain technology: implications for operations and supply chain management,” Supply Chain Manag., vol. 24, no. 4, pp. 469–483, 2019, doi: 10.1108/SCM-09-2018-0309. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7522652/pdf/main.pdf

Rusdiana, C. Banta, and Sanusi, “Website Security Analysis Against Cross-Site Request Forgery (CSRF) Attacks,” KANDIDATJurnal Ris. dan Inov. Pendidik., vol. 1, no. 1, pp. 21–29, 2019. http://jurnal.abulyatama.ac.id/index.php/kandidat/article/view/328/pdf_1

S. D. K. Hu, H. N. Palit, and A. Handojo, “Implementasi Blockchain: Studi Kasus e-Voting,” J. Infra, vol. 7, no. 1, pp. 183–189, 2019. https://trijurnal.lemlit.trisakti.ac.id/pakar/article/view/4176

S. S. H. Putra, “Countermeasures for XSS Attacks, CSRF, SQL Injection Using Blackbox Methods on the IVENMU Marketplace,” J. Pendidik. dan Teknol. Inf., vol. 4, no. 2, pp. 289–300, 2017. http://lppm.upiyptk.ac.id/PTI/index.php/pti/article/view/75/51

Sunardi, I. Riadi, and P. A. Raharja, “Vulnerability analysis of E-voting application using open web application security project (OWASP) framework,” Int. J. Adv. Comput. Sci. Appl., vol. 10, no. 11, pp. 135–143, 2019, doi: 10.14569/IJACSA.2019.0101118. https://thesai.org /Publications/ViewPaper?Volume=10&Issue=11&Code=IJACSA&SerialNo=18

T. A. S. Lathifah Arief, “Jurnal Resti,” Study on the Usability of Blockchain for the Internet of Things, vol. 1, no. 1, pp. 19–25, 2017. https://www.neliti.com/id/publications/240112/studi-atas-pemanfaatan-blockchain-bagi-internet-of-things-iot

U. Rahardja, Q. Aini, M. Yusup, and A. Edliyanti, “Application of Blockchain Technology as a Media for Securing E-Commerce Transaction Processes,” CESS (Journal Comput. Eng. Syst. Sci., vol. 5, no. 1, p. 28, 2020, doi: 10.24114/cess.v5i1.14893. https://www.researchgate.net/publication/ 342955653_Penerapan_Teknologi_Blockchain_Sebagai_Media_Pengamanan_Proses_Transaksi_E-Commerce

Y. Yulianingsih, “Protecting Applications from Cross-Site Scripting Attacks with the Metacharacter Method,” J. Nas. Teknol. dan Sist. Inf., vol. 3, no. 1, pp. 83–88, 2017, doi: 10.25077/teknosi.v3i1.2017.83-88. https://www.researchgate.net/publication/317113534_ Melindungi_Aplikasi_dari_Serangan_Cross_Site_Scripting_dengan_Metode_Metacharacter




DOI: http://dx.doi.org/10.35671/telematika.v14i2.1221

Refbacks

  • There are currently no refbacks.




Indexed by:

     http://click.accelo.com/wf/click?upn=KMJOFt8368XHDV6m09YF-2BTGnIfzAj8ov81j3S3dKrgX-2FSP8SBOSe2Y-2FRl3XtyVdizj-2FkXxL-2F-2FBp-2BQ3h3JmTUMA-3D-3D_m-2BrHp932aZXzO0XgkbwedgKvn5QWlonE5sMgaivZdq7OsTVSTY4hEqzD-2Bq18nXAyLJBneuiZlt38H2UV92XxYUTcMxEriSXBXl4R62YQbqlgPCj4HTJTRlEeMBija8NFLIgPs2I1UuCR2UCZXSiKb2ocM6V4QaW-2FslHJUiSZesKuX9OlsnCNztILLyuQC4ZZvCegHVeQWDMYSYLvWzv-2FxgZ4v9s-2B2Ehf-2FEsLNi2Ea97Xe1t2vA4kmxioKhj90qGfUs7WlNUb-2B3FL0DjX8F4BTUuUiemqtsGMdQg-2By7qV9RY-3D       

Telematika

ISSN 2442-4528 (online) | ISSN 1979-925X (print)
Published by : Universitas Amikom Purwokerto
Jl. Let. Jend. POL SUMARTO Watumas, Purwonegoro - Purwokerto Telp (0281) 623321 Fax (0281) 621662
Email: telematika@amikompurwokerto.ac.id

Creative Commons License
This work is licensed under a  Creative Commons Attribution 4.0 International License.