Pengembangan Engine Web Crawler Sebagai Pencari Jejak Serangan Cyber Stored Cross-Site Scripting

Abstract

Cross-site Scripting (XSS) vulnerability has long been a concern in web application security and is included in the OWASP Top 10 list. In 2017, XSS ranked 6th, but in 2021, it rose to the 4th position in the Injection category. This vulnerability exploits poorly validated input forms. This study aims to identify web pages that are vulnerable to Stored Cross-site Scripting attacks. The research is conducted by performing a search at three levels of depth. Web scraping is used to extract data from web pages, and the source code of the web pages is compared to Stored Cross-site Scripting attack patterns using the Knuth-Morris-Pratt algorithm. The results of the study indicate that some web pages exhibit detected attack patterns and traces of attacks, while others only show attack patterns without visible traces of attacks. Based on manual analysis of 56 randomly selected data from the research, it was found that 5 web pages had true positive values, indicating the presence of attack patterns and traces of attacks. Meanwhile, 49 other web pages had true negative values, where attack patterns were detected but no traces of attacks were found. This research provides insights into web pages vulnerable to Stored Cross-site Scripting attacks. The findings can be used to enhance web application security and reduce the potential for Cross-site Scripting attacks in the future.