ANALYSIS AND IMPLEMENTATION OF WEB SERVER SECURITY (FIKOM UMI CASE STUDY)

Abstract

Web server security issues are a very important factor to consider and manage to prevent losses due to various external attacks. A one-click CSRF attack was found on the UMI Computer Science Department web server,From the description of the attacks that occurred, it can be seen that there is a serious threat to the security of the UMI Fikom VPS web server. Therefore, efforts are needed to continue to fight various types of attacks that commonly occur on servers and websites, namely DDoS attacks and SQL injections. If the vulnerability is caused by a DDoS attack or SQL injection, the security of the web server is enhanced by a web application firewall. Based on the analysis of DDoS and SQL injection attack tests, a vulnerability was detected on the UMI Fikom web server for DDoS attacks, but the CodeIgniter framework used on the UMI Fikom web server has been compiled, so that an SQL injection attack occurs. no vulnerabilities were detected. Based on PHP Data Objects (PDO). WAF (Web Application Firewall) security implementation using Mod Security successfully defeated DDoS attacks in 10 tests with an average CPU health of Fikom UMI VPS of 1.45%. So before WAF (Web Application Firewall) Mod Security existed, Fikom UMI's web server was much more secure.