Pengembangan Sistem Deteksi SQL Injection Berbasis Pola Menggunakan Regular Expression dengan Pemindaian Real-Time pada Aplikasi Web

Abstract

This article aims to develop a web-based SQL Injection detection system using the Regular Expression (RegEx) method as a lightweight and cost-effective approach for early vulnerability detection, with its novelty lying in the design and implementation of 110 RegEx patterns classified into six categories of SQL Injection attacks—Error-Based, Union-Based, Boolean-Based, Stacked Query, Time-Based, and Authentication Bypass—which are integrated into a real-time web-based scanning system. The system is developed using the Waterfall model, utilizing FastAPI for the backend and React for the frontend, and is enhanced with Role-Based Access Control (RBAC) and a visual dashboard for monitoring detection results. Unlike machine learning-based approaches that require high computational resources and training datasets, the proposed method emphasizes efficiency and ease of implementation. The testing results indicate that the system performs effectively, achieving a 100% success rate in 25 Black Box testing scenarios, while White Box testing produced a Cyclomatic Complexity value of 11, indicating that the system is maintainable, and user evaluation showed an average satisfaction score of 4.2 out of 5.0. This research contributes a structured, lightweight, and practical pattern-based SQL Injection detection approach that can be implemented as an early detection system to independently enhance web application security.