Adityas Widjajarto’s research while affiliated with Telkom University and other places

Graph Query Language (GraphQL) adalah sebuah bahasa query yang dirancang untuk mengatur interaksi antara klien dan Antarmuka Pemrograman Aplikasi (API). GraphQL diciptakan untuk memudahkan pertukaran data antara backend dan frontend, memberikan deskripsi data yang jelas dan mudah dimengerti. GraphQL terus mendapatkan popularitas, kebutuhan akan praktik terbaik keamanan dan alat untuk menguji dan melindungi API GraphQL akan semakin penting. Seperti teknologi lainnya, GraphQL juga memiliki beberapa kelemahan, salah satunya adalah fitur introspection nya dapat mengungkapkan informasi sensitif yang seharusnya tidak terekspos. Oleh karena itu, penelitian ini bertujuan untuk menemukan kerentanan information disclosure vulnerability pada GraphQL API dan mencari waktu yang paling efektif dari dua mode keamanan yang diterapkan yaitu mode sebelum dan sesudah herdening. Terdapat dua metode dan dua bantuan Tools yang digunakan dalam mengimplementasikannya, yaitu Introspection with InQL dan Field Suggestion with Clairvoyance. Penelitian ini direpresentasikan secara visual melalui Attack Tree untuk memberikan gambaran menyeluruh mengenai jalur eksploitasi dan potensi serangan. Setelah dimplementasikan, didapatkan hasil bahwa metode eksploitasi information disclosure vulnerability yang berhasil dilakukan dan paling efisien sebelum hardening adalah Field Suggestion Methodss dengan total waktu 7,94s. Waktu paling efisien sebelum dan setelah hardening ternyata sama, yaitu Field Suggestion Methods dengan total waktu 8,99s setelah hardening. Dengan demikian, dari hasil perbandingan waktu tersebut, dapat disimpulkan bahwa semakin singkat waktu yang dibutuhkan, maka semakin cepat penyerang memperoleh informasi berbahaya dari GraphQL.

GraphQL is a query language that allows clients to request specific data from an API, making it more efficient and flexible compared to traditional REST APIs. This makes applications faster and more efficient by reducing data over-fetching, combining various data sources into a single request, and supporting schema changes without disrupting the integrity of existing applications. This study focuses on security testing and exploiting Denial of Service (DoS) vulnerabilities within GraphQL APIs. As a query language that is growing in popularity, GraphQL offers flexibility in data retrieval but is also vulnerable to DoS attacks. The research centers on DoS attacks using various exploitation techniques such as Circular Queries, Field Duplication, Alias Overloading, and Object Limit Overriding. Testing was conducted using the Kali Linux operating system and testing applications such as Altair and DVGA, employing the Threat Modeling Attack Tree method. The results of the testing show that the Field Duplication attack is the most effective, with the fastest execution time and relatively high CPU usage (2.5 seconds/88.5% reduced to 1.86 seconds/75.50%), while the lowest risk was found in Alias Overloading (1412.05 seconds/99% reduced to 691.29 seconds/93%). Although Alias Overloading posed the lowest risk, it still resulted in high CPU usage, burdening the server significantly. This study provides an understanding of the importance of testing and strengthening API security to prevent DoS attacks. Keywords— API GraphQL, Attack Tree, Denial of Service, exploitation, Cpu, Time

This paper explores the digital transformation of village head elections in Sukadana, Indonesia, with a focus on the implementation of database-driven technology. We examine the transition from traditional paper-based voting methods to electronic voting systems and the impact on voter participation, transparency, and the overall electoral process. We also analyze the results of this transformation, identify challenges encountered during the process, and draw lessons from this case study. Furthermore, we provide recommendations for other rural areas considering a similar digital shift. Our findings highlight a significant increase in voter participation, improved process transparency, and the potential for enhancing democracy at the village level. The success of this digital revolution in a rural context underscores the importance of a tailored approach to technology adoption in such settings, considering local needs and addressing security concerns.

The rapid advancement of technology can influence every individual, organization, and even government in the accurate, effective, and efficient delivery of information. The XYZ local government is a governmental institution that serves the community in the field of trade. Information related to the XYZ regional government is directly managed by the XYZ Regional Communication and Information Office (Diskominfo), an institution specializing in technology and informatics. Diskominfo leverages technological progress to disseminate information to the community of the XYZ region, particularly those involved in trade, through their website, with the goal of facilitating the acquisition of accurate, precise, and reliable data directly. With the evolution of technology, the security of a website assumes increasing importance, as it can prevent attacks from irresponsible entities that may disrupt the system and harm the website owner. During the analysis process, the author simulates the role of an attacker to identify security vulnerabilities and weaknesses present on the XYZ local government website. This entails an analysis of security gaps aimed at determining the level of risk and confidence in the website. In the examination of security vulnerabilities, the author identifies 42 alerts, categorized into four risk levels: 9 vulnerabilities with a high-risk level, 13 with a medium-risk level, 11 with a low-risk level, and 9 with an informational risk level.

The rapid development of technology has impacted various aspects of life, including the way individuals, organizations, and governments deliver accurate, effective, and efficient information. XYZ local government, which is responsible for serving the community in the trade field, manages its information through the Communication and Information Agency (Diskominfo) of the XYZ region. Diskominfo employs technological advancements to provide the people of the XYZ region with direct access to accurate, precise, and reliable data through their website. However, the security of the website has become a crucial aspect to prevent attacks from malicious individuals that can cause damage to the system and harm the website owner. To analyze the website's security loopholes and vulnerabilities, the author performed a simulation of an attacker. The analysis aimed to evaluate the level of risk and confidence in the website. The results showed 42 alerts categorized into four risk levels: 9 vulnerabilities with a high-risk level, 13 vulnerabilities with a medium-risk level, 11 vulnerabilities with a low-risk level, and 9 vulnerabilities with an informational-risk level.

Information technology (IT) has been widely applied in various aspects of life, one of them through the IT implementations in hospitals to carry out administrative activities that aim to facilitate data processing and make existing operational activities run more effectively and efficiently. In this case of Muhammadiyah Sumberrejo Islamic Hospital, which requires a server room that is useful as a data center for IT management. It has a long-term plan to develop fair distribution of service in the form of the room heating, ventilation, air conditioning (HVAC) system based on humidity and temperature standard. Thus, it is necessary to design a monitoring system to align with the contextual setting and requirements. In this study, a data center for the Hospital will be designed using the standard of TIA-942 humidity and temperature while the PPDIOO Network Life-Cycle Approach method used for the development process. The result will be in accordance with the HVAC arrangement within the room.

p> The rapid development of information technology has made security become extremely. Apart from easy access, there are also threats to vulnerabilities, with the number of cyber-attacks in 2019 showed a total of 1,494,281 around the world issued by the national cyber and crypto agency (BSSN) honeynet project. Thus, vulnerability analysis should be conducted to prepare worst case scenario by anticipating with proper strategy for responding the attacks. Actually, vulnerability is a system or design weakness that is used when an intruder executes commands, accesses unauthorized data, and carries out denial of service attacks. The study was performed using the AlienVault software as the vulnerability assessment. The results were analysed by the formula of risk estimation equal to the number of vulnerability found related to the threat. Meanwhile, threat is obtained from analysis of sample walkthroughs, as a reference for frequent exploitation. The risk estimation result indicate the 73 (seventy three) for the highest score of 5 (five) type risks identified while later on, it is used for re-analyzing based on the spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of prvilege (STRIDE) framework that indicated the network function does not accommodate the existing types of risk namely spoofing. </p