Meningkatkan Keamanan Web Menggunakan Algoritma Advanced Encryption Standard (AES) terhadap Seragan Cross Site Scripting

Abstract

In the millennial era, the internet has become a very basic need to support community activities in various fields, one of which is education. SMK Maritim Nusantara in supporting the learning process uses a web-based application called e-learning which is used by teachers and students. The school website has several documents in digital form that must be kept confidential, such as student data, teacher data, student grades. After scanning using the Acunetix WVS 10.5 application, information was obtained about the security holes found on the website https://www.e-learning.smkmn.sch.id, with the results of which there were 8 (eight) attacks with details, 2 (two). ) a hight category with the name Cross site scripting (XSS) attack, 4 (four) medium categories with the name HTML form attack without CSRF protection and 2 (two) low categories with the name Password type input attack with auto-complete enabled. The most dangerous attack category / hight is XSS. XSS attack is an attack that inserts malicious code in the form of javascript through an input form that aims to steal cookies and then uses the cookie to enter the web legally so that data can be manipulated and even deleted. For this reason, a strong system is needed to maintain security, confidentiality of school data, one way that can be used is by implementing the Standard Advance Encryption Algorithm (AES), this algorithm has a high level of security and uses little memory in its operation so that it does not burdensome to process and easy to implement. The results of research conducted by applying the AES Algorithm explain that previously there were 2 (two) high category vulnerabilities called XSS attacks, after the implementation of the AES Algorithm, the XSS attack vulnerability was no longer found. Based on the results obtained in the study, it can be concluded that the implementation of the AES Algorithm in tokens can improve the security of the https://www.e-learning.smkmn.sch.id website from XSS attacks.