Deteksi Sql Injection pada Web Menggunakan Metode Code Review dan Penetration Testing

Abstract

Various types of websites are developed today with the higher level of complexity, it still has the risk of security holes that can be exploited by cyber criminals. One type of attack is the most common SQL injection. This study aims to test the effectiveness of the methods Code Review and Penetration Testing in detecting SQL injection security holes in the web. In this study 360 Review proposed an approach in implementing both the detection method. The first stage is to test the Code Review method to find SQL Injection, and then use the results back to plan the Penetration Testing method. The results of this study can help web developers in understanding the potential SQL injection security holes in its application to then determine the choice of method is effective in detecting the gap.