Analisa Kerentanan Web Application Menggunakan Metode OWASP Top 10

Authors

  • Muhammad Reyhansyah Dwi Putra, Universitas Bina Sarana Informatika,  Indonesia
  • Ari Winata, Universitas Bina Sarana Informatika,  Indonesia
  • Muhammad Abel Fathir, Universitas Bina Sarana Informatika,  Indonesia
  • Yoga Wahyu Prabowo, Universitas Bina Sarana Informatika,  Indonesia
  • Sach Fathan Mulyana, Universitas Bina Sarana Informatika,  Indonesia

DOI:

https://doi.org/10.55338/jumin.v7i1.8273

Keywords:

XGBoost, keamanan aplikasi web, OWASP Top 10, deteksi anomali, analisis lalu lintas HTTP

Abstract

Keamanan aplikasi web menjadi isu krusial seiring meningkatnya kompleksitas serangan siber, dengan kerentanan OWASP Top 10 sebagai vektor utama eksploitasi, sementara metode deteksi konvensional berbasis signature memiliki keterbatasan dalam menghadapi variasi serangan baru. Penelitian ini bertujuan mengembangkan sistem deteksi anomali keamanan web menggunakan algoritma XGBoost dengan pendekatan pattern recognition berbasis OWASP Top 10. Dataset CSIC HTTP 2010 dengan 61.065 sampel dibagi 80:20 untuk training dan testing. Feature engineering mengekstraksi 33 fitur teknis yang diseleksi menjadi 30 fitur terbaik menggunakan Mutual Information, meliputi analisis struktur URL, Shannon entropy, dan deteksi pola serangan OWASP. Model XGBoost dikonfigurasi dengan n_estimators=100, max_depth=8, learning_rate=0.1, dan cost-sensitive learning, dievaluasi menggunakan 5-fold cross-validation. Model mencapai akurasi 82,77%, precision 71,29%, recall 97,15%, F1-score 82,24%, dan ROC-AUC 93,29%. Pendekatan ini efektif meningkatkan deteksi anomali dengan recall tinggi dan berpotensi diimplementasikan sebagai lapisan proteksi tambahan pada Web Application Firewall

Downloads

Download data is not yet available.

References

S. Saeed, A. Alzahrani, and R. Khan, “Digital transformation and cybersecurity challenges for businesses resilience,” Sensors, vol. 23, no. 15, p. 6666, 2023, doi: 10.3390/s23156666.

OWASP Foundation, “OWASP Top 10 - 2021: The ten most critical web application security risks,” 2021. [Online]. Available: https://owasp.org/Top10/

B. R. Dawadi, B. Adhikari, and D. K. Srivastava, “Deep learning technique-enabled web application firewall for the detection of web attacks,” Sensors, vol. 23, no. 4, p. 2073, 2023, doi: 10.3390/s23042073.

A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, p. 20, 2019, doi: 10.1186/s42400-019-0038-7.

D. Chou and M. Jiang, “A survey on data-driven network intrusion detection,” ACM Comput. Surv., vol. 54, no. 9, pp. 1–36, 2021, doi: 10.1145/3472753.

T. Chen and C. Guestrin, “XGBoost: A scalable tree boosting system,” Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 785–794, 2016, doi: 10.1145/2939672.2939785.

F. Ullah, S. Ullah, G. Srivastava, and J. C. W. Lin, “Enhancing structured query language injection detection with trustworthy ensemble learning and boosting models using local explanation techniques,” Electronics (Basel)., vol. 13, no. 22, p. 4350, 2024, doi: 10.3390/electronics13224350.

C. Torrano-Gimenez, A. Perez-Villegas, and G. Alvarez, “An anomaly-based approach for intrusion detection in web traffic,” Journal of Information Assurance and Security, vol. 5, no. 4, pp. 446–454, 2010, [Online]. Available: https://www.tic.itefi.csic.es/dataset/

Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. Ahmad, “Network intrusion detection system: A systematic study of machine learning and deep learning approaches,” Transactions on Emerging Telecommunications Technologies, vol. 32, no. 1, p. e4150, 2021, doi: 10.1002/ett.4150.

K. Tadhani, D. Shah, D. Garg, M. Slamy, M. Shah, and V. Vijayakumar, “Securing web applications against XSS and SQLi attacks using a novel deep learning approach,” J. Electron. Imaging, vol. 33, no. 1, p. 11805, 2024, doi: 10.1117/1.JEI.33.1.011805.

V. Hnamte and J. Hussain, “A comparative study of using boosting-based machine learning algorithms for IoT network intrusion detection,” International Journal of Computational Intelligence Systems, vol. 16, no. 1, p. 194, 2023, doi: 10.1007/s44196-023-00355-x.

H. Liu, Y. Zhang, and J. Wang, “Deep learning in cybersecurity: A hybrid BERT-LSTM network for SQL injection attack detection,” IET Inf. Secur., vol. 18, no. 5, p. 565950, 2024, doi: 10.1049/2024/5565950.

Z. Thalji, A. Al-Saedi, S. Al-Amidi, and N. Al-Jamali, “AE-Net: Novel autoencoder-based deep features for SQL injection attack detection,” Computers, vol. 12, no. 5, p. 100, 2023, doi: 10.3390/computers12050100.

F. Gouveia and M. Correia, “Network intrusion detection with XGBoost and deep learning algorithms: An evaluation study,” in IEEE International Conference on Cyber Security and Resilience (CSR), 2021. doi: 10.1109/CSR54599.2021.9457953.

N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset,” Future Generation Computer Systems, vol. 100, pp. 779–796, 2020, doi: 10.1016/j.future.2019.05.041.

T. T. Nguyen and V. J. Reddi, “Deep reinforcement learning for cyber security,” IEEE Trans. Neural Netw. Learn. Syst., vol. 34, no. 8, pp. 3779–3795, 2023, doi: 10.1109/TNNLS.2021.3121870.

Downloads

Published

2026-02-19

How to Cite

Dwi Putra, M. R., Winata, A. ., Fathir, M. A. ., Prabowo, Y. W. ., & Mulyana, S. F. . (2026). Analisa Kerentanan Web Application Menggunakan Metode OWASP Top 10. Jurnal Media Informatika, 7(1), 476–487. https://doi.org/10.55338/jumin.v7i1.8273

Issue

Vol. 7 No. 1 (2026): Edisi Januari - Februari

Section

Articles

License

Copyright (c) 2026 reyhan, Ari Winata, Muhammad Abel Fathir, Yoga Wahyu Prabowo, Sach Fathan Mulyana

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.