Analysis of Security Hotspots in Diploma 3 Information Technology Program's Final Project at Del Institute of Technology

Main Article Content

Hernawati Susanti Samosir
Muhammad Anis Al Hilmi
Yulanda Pasaribu
Salomo Gemayel Josep Sinambela
Vivaldi Adventus Simangunsong
Benyamin Sibarani
Yen Rylin Hutasoit

Abstract

This research investigates security hotspots in Del Institute of Technology students' final project particularly regarding the implementation of the Model-View-Controller (MVC) principles using PHP Laravel. A security hotspot was proposed to find patterns in program code sections that could be hotspots or possible vulnerabilities. Some security hotspot examples are misplacement of logic in the view instead of the controller, improper handling of file uploads in the controller, and various other errors. The research generated through this methodology offers insights into commonly overlooked vulnerable points in software development practices. Additionally, the study includes an analysis of 16 students' final projects, where data is collected, and controller and blade files are separated. This plugin, a result of previous research, is useful for assisting in secure coding, detecting security indicators, and preventing vulnerabilities. Eight security hotspots are created to help detect vulnerabilities in the code. Each line of code is then examined to determine its compatibility with each previously established security hotspot. Furthermore, we used a threshold of around 80% in this research based on IBM standards. The results will be evaluated in terms of accuracy and F1 score, allowing for the identification of which security hotspots are most frequently encountered in student final projects. This research is expected to contribute to the improvement of programming standards and security practices in software engineering, providing a better understanding for educators and developers.

Downloads

Download data is not yet available.

Article Details

How to Cite
Analysis of Security Hotspots in Diploma 3 Information Technology Program’s Final Project at Del Institute of Technology. (2024). ASTEEC Conference Proceeding: Computer Science, 1(1), 111-115. https://www.proceedings.asteec.com/index.php/acp-cs/article/view/18
Section
Articles

How to Cite

Analysis of Security Hotspots in Diploma 3 Information Technology Program’s Final Project at Del Institute of Technology. (2024). ASTEEC Conference Proceeding: Computer Science, 1(1), 111-115. https://www.proceedings.asteec.com/index.php/acp-cs/article/view/18