Journal of Computer Science and Informatics Engineering (J-Cosine)

Security Audit and Analysis of High School Websites Using Cross Site Scripting (XSS) Method and Insecure Direct Object Reference (IDOR) Penetration Test

Muhammad Kholilul Adrian, Raphael Bianco Huwae, Ahmad Zafrullah Mardiansyah — Mon, 30 Jun 2025 00:00:00 +0800

This study investigates security vulnerabilities in secondary school PPDB websites, focusing on Structured Query Language (SQL) Injection and Cross Site Scripting (XSS) techniques. The research aims to conduct a security audit and analysis using XSS methods and Insecure Direct Object References (IDOR) penetration tests. The primary objectives are to identify existing security gaps, provide recommendations for improvement, and enhance the overall security of these websites. By addressing these vulnerabilities, the study seeks to make PPDB websites more secure and reliable in protecting users' personal data and maintaining system integrity. Additionally, this research aims to raise awareness among PPDB system managers and schools about the importance of cybersecurity in website development and management, offering practical solutions and serving as a reference for improving website security in the educational sector.

Security Analysis of the Lombok Tourism Android Application Using Penetration Testing (Pentesting) Methods Based on the OWASP Mobile Top 10-2024 Framework

Ida Bagus Adi Surya Kemenuh, Raphael Bianco Huwae, Andy Hidayat Jatmika — Mon, 30 Jun 2025 00:00:00 +0800

Android has become the most widely used operating system for mobile devices, playing a crucial role in supporting the tourism sector. As tourism in Indonesia grows, the demand for quick and easy access to information for travel planning has increased. However, concerns about the security of user data in Android applications have emerged. This study focuses on penetration testing of tourism-related Android applications in Lombok to identify vulnerabilities, particularly based on the OWASP Top 10 Mobile Risks. Using static analysis with the Mobile Security Framework (MobFS), two critical vulnerabilities were identified: Insecure Data Storage and Insufficient Cryptography. Penetration testing revealed that although there was a risk related to insecure data storage, no sensitive user data was found in the application's database. The application was also found to use outdated encryption (CBC with PKCS7 padding), which could expose it to padding oracle attacks. This research emphasizes the need for robust security measures in mobile applications within the tourism sector.

REST API Development of the Mataram Scout Information System for Member Management and Activity Reporting using Scrum Method

I Desak Putu Diah Anggiani, Budi Irmawati, Royana Afwani — Mon, 30 Jun 2025 23:20:32 +0800

The development of a web-based Scout Information System for Kwartir Cabang Mataram aims to improve the management of member data and activities through a REST API. The current data management process, relying on tools like Google Forms and Microsoft Excel, is inefficient and error-prone. To address these issues, the proposed system integrates all levels of scout organization within the Mataram City, from school-based scout units (gugus depan) to the city level scout organization (kwartir cabang), creating a centralized platform for real-time data access. Built using the Scrum method, the system is developed through iterative sprints and regularly improved based on stakeholder feedback. The REST API architecture enables seamless communication between the back-end and front-end components, ensuring system scalability, flexibility, and future integration with other platforms, including mobile applications. Black-box testing guarantees the functionality of the system’s endpoints. This system is expected to enhance operational efficiency and reduce administrative delays.

Development of Scholarship Information and Consultation Center Website for Straya Institute Using Prototyping Method

Faza Alliya Audristy Putri Ronce, Dwi Ratnasari, Santi Ika Murpratiwi — Mon, 30 Jun 2025 23:21:42 +0800

The rapid development of information technology has had a considerable impact on the efficiency of education administration, especially in the management of scholarship information. However, many institutions still experience difficulties in handling data and limited access to scholarship information. The purpose of this research is to create a Scholarship Information and Consultation Center website for Straya Institute that can overcome these difficulties through prototyping. The prototyping approach allows for iterative development, ensuring that the system responds to user needs through continuous feedback and revision. The system is intended to facilitate access to scholarship information, program registration, and consultation with users. Evaluation methods include system testing using black-box testing and User Acceptance Testing (UAT), involving administrative and general users. The results showed a high level of user satisfaction (average UAT score of 98.2%), verifying the efficiency, usability, and usefulness of the system. This research advances the field by providing an effective digital solution for scholarship management, improving accessibility, and optimizing administrative operations. Future research could look at other enhancements such as automated scholarship file selection and AI-powered recommendation systems to improve user experience.

Prototyping Interface for a Website-Based Visitor Management System of Gili Tramena: A Design Thinking Approach

Nadya Amara, Noor Alamsyah, Ramaditia Dwiyansaputra — Mon, 30 Jun 2025 23:21:55 +0800

Gili Tramena which stands for Gili Trawangan, Gili Air and Gili Meno. The three Gili Islands are one of the tourist destinations that are visited by many tourists, both local and foreign tourists because of their underwater power. The high flow of tourists has both positive and negative impacts from an economic, social and environmental perspective. The positive impacts of increased tourism include economic improvement in Gili Tramena, globalization of Indonesian tourism, and improvement of public infrastructure. The negative impacts of increased tourism include cultural change, economic dependency, degraded water quality, and damage to coral reefs. These negative impacts will continue if the number of tourists continues to increase. One way to prevent this is to limit the number of visitors to Gili Tramena each day. Tourist data collection, which is still done manually, is also the reason for the difficulty in controlling tourists entering Gili Tramena. One way to streamline visitor data collection is through a Visitor Management System (VMS). This VMS will help to collect data systematically. Therefore, it is necessary to design a UI/UX VMS information system to limit and control visitors entering Gili Tramena. The UI/UX design of the Tramena VMS was carried out using the Design Thinking approach with 5 stages, namely Emphatize, Define, Ideate, Prototype, and Test. Based on the results of testing using the SUS (System Usability Score) method, a score of 85.92 was obtained, which indicates that this system is included in the "Excellent" category, with the UI/UX design meeting high standards in terms of usability, efficiency, and overall user experience. It is expected that this system can be further developed with the actual implementation of the designed design.

Information Systems Security Risk Management Using the COBIT 2019 Framework and NIST 800-30 on the Website People's Representative Council NTB

Alvionita Safira Wahab, Raphael Bianco Huwae, Andy Hidayat Jatmika — Mon, 30 Jun 2025 23:22:17 +0800

This research analyzes information security risk management on the website of the Regional People's Representative Council (DPRD) of West Nusa Tenggara (NTB) using the COBIT 2019 and NIST 800-30 frameworks. The main objective of this research is to identify weaknesses in existing security controls and provide recommendations for improvements to deal with cyber threats, specifically DDoS, cross-site scripting (XSS), deface, and SQL injection attacks, which can disrupt service availability and data security. The research methods included interviews with five key stakeholders who have responsibilities in information security, as well as the distribution of questionnaires to ten IT staff. Data from the interviews and questionnaires were analyzed using risk mapping according to the COBIT 2019 framework and NIST 800-30 to identify capability gaps. The results showed specific weaknesses in the management of controls against XSS and DDoS threats, especially in the aspects of monitoring and incident response. The research conclusions emphasize the need to improve risk management through the addition of more up-to-date security technology, increased security awareness and training for staff, and regular security audits to ensure the sustainability of risk management. Recommendations include the implementation of a more sophisticated threat detection system, periodic training for staff, and a more structured incident response procedure to improve security and ensure continuity of public services through the DPRD NTB website.

Design Of A Website-Based Mental Health Early Detection Information System (Case Study: Hu'u Subdistrict)

Nurul Wahida, Nadiyasari Agitha, Budi Irmawati — Mon, 30 Jun 2025 00:00:00 +0800

Mental health problems in Hu'u Sub-district are related to the high number of attempted suicides, indicating a lack of access to early detection of mental health disorders. This study aims to design and build a website-based mental health early detection information system to facilitate the early identification of mental health problems in adolescents. The system was developed using the Personal Extreme Programming (PXP) method and the Strengths and Difficulties Questionnaire (SDQ) as a testing instrument. The development process was carried out in two iterations for 30 days. The system was tested using the black box method and User Acceptance Testing (UAT). The results of black box testing show that the system functions correctly and according to the expected functionality. UAT testing involving students and the Rasabou Health Center showed an average score of 90% and 90.04%. These results show that the system is effective in detecting mental health disorders and has met expectations by user needs.

Cost-Effective Virtual Reality Simulation for Chemistry Practicum using Hand Gesture

David Arizaldi Muhammad, Ario Yudo Husodo, Fitri Bimantoro, Muntari Muntari — Mon, 30 Jun 2025 23:22:09 +0800

We developed a virtual reality (VR) simulation of a chemistry practicum that incorporates the act of pouring liquid using hand gestures. This addresses the need for safe, cost-effective alternatives in chemistry education while still exercising practicum motor skills. Our simulation centers on the practicum of making picric acid, which presents significant both cost and safety challenges. Utilizing Leap Motion hand gesture technology as an input method offers a more affordable option than traditional VR controllers. We conducted usability testing with 16 participants, including a lecturer and undergraduate students from multiple backgrounds, to evaluate the application’s effectiveness and gather feedback. Results indicate that the simulation works as intended and accurately represents the practicum, achieving marginal usability. The application can reduce costs by at least IDR 658,638.00 per session and eliminates hazards associated with handling picric acid, highlighting its potential as a valuable educational tool.

Comparative Analysis of ResNet-50 and VGG16 Architecture Accuracy in Garbage Classification System

Putu Yudhis Yudhis, Fitri Bimantoro, Regania Pasca Rassy — Mon, 30 Jun 2025 23:22:51 +0800

Population growth and urbanization have resulted in an exponential increase in waste generation, causing serious environmental and health risks. Garbage classification is essential to optimize the recycling process and minimize waste in landfills. In particular, Convolutional Neural Networks (CNN) and Deep Learning, has shown effectiveness for image classification systems such as waste sorting. This research addresses the gap in comparative analysis of CNN architectures for garbage classification by comparing the performance of VGG16 and ResNet-50. This study's objective is to identify the most effective architecture for categorizing six different categories of garbage: cardboard, glass, metal, paper, plastic, and trash. Using a dataset of 2,467 photos, the models were trained, validated, and tested using improved preprocessing and data augmentation techniques. The results showed that VGG16 obtained slightly greater accuracy (97%) than ResNet-50 (96%), indicating that VGG16 could be a better architecture for garbage classification systems. This study helps further development of automated waste sorting systems for recycling management, paving the way for more sustainable waste solutions. Hope for future research, this study can help in expanding the dataset, then using other architectures to improve the accuracy of the model, and help people to process garbage according to the type.

Algorithm Design for Converting Indonesian Latin to Sasak Latin Using the Sequence-To-Sequence Transformers Method

Muhammad Giri Restu Adjie, Ramaditia Dwiyansaputra, Fitri Bimantoro, Arik Aranta — Mon, 30 Jun 2025 00:00:00 +0800

Bahasa Sasak adalah bahasa daerah yang digunakan di Nusa Tenggara Barat, yang menghadapi tantangan dalam mempertahankan penggunaannya, terutama di kalangan generasi muda, karena dominasi bahasa Indonesia di lingkungan formal. Penelitian ini mengeksplorasi tantangan-tantangan tersebut dan menyoroti pentingnya melestarikan bahasa Sasak sebagai identitas sosial dan budaya yang penting bagi masyarakat Sasak. Penelitian ini bertujuan untuk mengembangkan sistem penerjemah mesin untuk menerjemahkan bahasa Indonesia ke bahasa Sasak dengan menggunakan metode Sequence-to-Sequence Transformer. Dengan menggunakan model Transformer dengan arsitektur berbasis encoder-decoder, penelitian ini menerjemahkan teks bahasa Indonesia ke bahasa Sasak, dengan memanfaatkan metode Rule-Based untuk preprocessing dataset. Dataset yang digunakan terdiri dari lebih dari 85.290 baris pasangan teks bahasa Indonesia-Sasak, yang dibagi menjadi set training, validasi dan testing. Pelatihan yang dilakukan oleh model ini mencapai hasil akhir akurasi setelah 30 epoch sebesar 0.99 dan akurasi validasi sebesar 0.98 serta dengan skor 6.075 dalam evaluasi Bilingual Evaluation Understudy (BLEU). Hal ini menunjukkan kemampuan model yang kuat untuk menghasilkan terjemahan yang akurat, meskipun bahasa Sasak adalah bahasa yang kompleks. Penelitian ini tidak hanya untuk melestarikan bahasa Sasak tetapi juga membuka jalan baru bagi para peneliti di masa depan dalam pemrosesan dan pelestarian bahasa, terutama untuk bahasa yang memiliki sumber daya yang lebih sedikit seperti bahasa Sasak.