The Journal of Information Systems and Technology (SIENNA) has been published by the Faculty of Engineering and Computer Science (FTIK), University of Muhammadiyah Kotabumi (UMKO) since July 2020. SIENNA contains manuscripts of research results in the fields of Information Systems, Information Technology, and Computer Science. SIENNA (P-ISSN: 2745-987X and E-ISSN: 2745-9861) is committed to publishing quality articles in Indonesian so that they can become the main reference for researchers in the fields of Informa... Readmore

The Journal of Information Systems and Technology (SIENNA) has been published by the Faculty of Engineering and Computer Science (FTIK), University of Muhammadiyah Kotabumi (UMKO) since July 2020. SIENNA contains manuscripts of research results in the fields of Information Systems, Information Technology, and Computer Science. SIENNA (P-ISSN: 2745-987X and E-ISSN: 2745-9861) is committed to publishing quality articles in Indonesian so that they can become the main reference for researchers in the fields of Information Systems, Information Technology and Computer Science.

2745-987X (printed) | 2745-9861 (online)


XSS Attack Detection and Mitigation Using Multi-Layer Security Mechanism (MLSM)

BSSN stated that there were 12.9 million cyber threats in Indonesia during 2018. In January - April 2020, the number of cyber-attacks increased. In those four months, the number of cyberattacks reached 88 million. The methods, applications, and attack techniques used cannot be identified easily. However, according to data from the OWASP Top Ten in 2017 and 2021 (statistics-based proposal), there are 10 website security vulnerabilities that are most often exploited. XSS is one of the security holes included in the list. In addition to being a loophole that is often found, the impact of XSS is very fatal, because it allows attackers to do account takeovers, theft of personal data, and so on. There are several studies that have implemented mechanisms to detect and mitigate XSS attacks. However, the implementation has not yet obtained effective and holistic results. The mechanism tested by previous research still leaves a security problem that allows attackers to execute XSS attacks. One of the things that cause this problem is the use of a single-layer security mechanism. Therefore, the purpose of this study is to test the effectiveness of the multi-layer security (MLSM) mechanism in detecting and mitigating XSS attacks. MLSM consists of five layers, namely OWASP ModSecurity, Framework/CMS Security Feature, HTTP Middleware, Templating Engine, and Data Sanitizer. To test the security level of MLSM, the researchers conducted a simulation of attacks using the Arachni and ZAP applications on a sample website that had 170 XSS security vulnerabilities. Based on test attacks on non-MLSM websites, Arachni successfully executed 168 of 170 (98.82%), and ZAP executed 103 of 170 (60.58%) XSS attacks. However, after implementing the MLSM feature on the website, Arachni and ZAP attacks failed to perform XSS attacks, both stored, reflected, and DOM-based XSS. There is no single type of XSS attack that can be carried out on MLSM websites

Perancangan dan Implementasi Sistem Pendataan Kasus Tindak Pidana

North Lampung Police has a vision of realizing a professional, moral, modern, superior and trustworthy Police Police of North Lampung in order to support the creation of a sovereign, independent and personable Indonesia based on mutual cooperation. And to realize this vision, the North Lampung Police have several missions, one of which is to realize the sustainable use of technology and police data systems that are integrated in the North Lampung Police Station area, which is supported by scientific studies and studies, in order to further optimize the performance of the Police. Based on the results of the competition above, the researcher won 3rd place with the title "Collecting Criminal Cases". The prototype that was produced from the competition, the researchers implemented it in the form of research with the title "Design and implementation of a data collection system for criminal cases". To solve this problem, the researcher used the prototype method. With steps 1. Listening to user needs, 2. Designing samples or Mock-ups, 3. Testing samples or Mock-ups. From the results of testing applications by users in the form of admin login pages, admin menu pages, user list pages on admins, investigator data pages on admins, user login pages, user menu pages, and case addition pages by users, it can be concluded that the data collection application for criminal cases runs smoothly. good.


Server is a place to store data and information that is owned so that it can be accessed by anyone and connected workstations from anywhere. If the server room gets too hot or too humid, it can cause your server to not work properly.air with too high humidity can damage the hardware on the server, for example, equipment can cause a short circuit caused by rust. The ideal humidity level for a server room is between 40 and 50%. As the humidity level increases, the amount of water vapor in the air increases. This can cause changes in vapor to liquid, electronic devices cannot be exposed to water. Many mistakes that are often made by server owners are by placing temperature and humidity detection sensors in the room, the temperature detection sensor should be placed in the rack of each server at each rack level, which is positioned at the front and back of the rack. The device that is commonly used in making Internet of Things applications is Arduino, Arduino is used as a link between the internet and sensors so that data from these sensors can be accessed. via the internet to set the behavior of specific equipment. In this study, Arduino was used because Arduino is an opensource device, the programming language used is C language and the Python programming language can also be used. From the availability of the library, there are many libraries that are ready and easy to use. Temperature and humidity detection in this study uses a DHT 11 temperature and humidity sensor connected to an Arduino device that is connected to the internet via a local network.


Persaingan dunia usaha yang ketat maka perusahaan harus pintar-pintar melihat peluang dan kebutuhan masyarakat, sehingga perusahaan mengeluarkan program Pembiayaan Ulang untuk para konsumen yang ingin menjaminkan kendaraannya dan pembayaran kendaraan tersebut dilakukan secara cicilan. Dalam penentuan pemberian Pembiayaan Ulang masih mengutamakan analisis karyawan yang diberi tugas dalam mensurvei kondisi konsumen yang akan mengajukan Pembiayaan Ulang pada FIF Group Kotabumi, sehingga dalam penentuan penerima kredit terkadang tidak objektif sehingga sering terjadi kredit macet yang menghambat perputaran uang pada FIF Group Kotabumi.   Sistem Pendukung Keputusan (SPK) merupakan salah satu solusi perusahaan yang membantu melakukan pengambilan keputusan terhadap konsumen layak atau tidak layak menerima pembiayaan pembiayaan ulang. Dibutuhkan suatu metode perhitungan yang digunakan untuk menyelesaikan permasalahan dengan banyak kriteria. Salah satu metode perhitungan yang digunakan adalah Metode Technique for Others Refrences by Simillarity to Ideal Solution (TOPSIS). Konsep dasar dari metode TOPSIS yang didasarkan pada konsep bahwa alternatif terbaik tidak hanya memiliki jarak terpendek dari solusi ideal positif tetapi juga memiliki jarak terjauh dari solusi ideal negatif.   Hasil dari sistem pendukung keputusanyang dibangun ini dapat menghasilkan keputusan yang lebih objektif. Menghasilkan 6 nasabah diterima dan 4 nasabah ditolak yang dapat digunakan sebagai rekomendasi penentuan kepada PT. FIF Group Cabang Kotabumi.


The Internet, and in particular the World Wide Web, is widely used by businesses, government agencies, corporations and individuals. Based on that fact internet service providers offer a lot of choices, and it can be confusing so we end up choosing the expensive one just to make sure we get the speed we need. All internet service providers must have interference, be it caused by the weather or broken cables and so on. The load balancing method can be used to send and receive internet access on a network through several gateways. When we subscribe to an internet connection with 2 ISPs load balancing can be used as a bandwidth balancer. The principles of load balancing remain the same in any environment, although circumstances and applications will differ. Internet service providers use a balancing strategy to handle fluctuating amounts of incoming internet traffic. Load balancing effectively minimizes server response time and maximizes throughput. The role of load balancing is sometimes likened to that of a traffic police, as it is meant to systematically direct requests to the right location at a given moment, thereby preventing costly congestion and unforeseen incidents. The load balancer must ultimately provide the performance and security needed to sustain complex IT environments, and the complex workflows that occur within them.


Scholarship assignment is an operations management problem facing university administrators, which is usually resolved based on the administrator's personal experience. This research proposes an incentive method inspired by dynamic programming to replace the traditional decision-making process in scholarship assignments. The aim is to find the optimal scholarship assignment scheme with the highest equity while taking into account practical constraints and equity requirements. The methodology used in determining scholarship recipients at Pringsewu Muhammdiyah University uses the Naïve Bayes algorithm. The research results show that the Naïve Bayes algorithm with K-10 and K-Fold Cross Validation with k=10 has an accuracy of 95.01%. This shows that Naïve Bayes is an algorithm that can predict.

Indexer Sites