Published: 2026-04-20
Design and Development of a Vulnerability Simulation-Based Cybersecurity Training Platform for Secure Programming
DOI: 10.35870/ijsecs.v6i1.6809
Habib Nurfaizal, Afrizal Zein
-
Habib Nurfaizal:
Universitas Pamulang
-
Afrizal Zein:
Universitas Pamulang
Abstract
The increasing number of attacks on web applications necessitates strengthening secure programming competencies among computer science students. However, cybersecurity learning is often constrained by ethical and legal limitations, as direct testing on real-world systems is not permissible. This study designed and implemented a web-based cybersecurity training platform that provides a simulated vulnerability environment for secure programming practice. The methodology covers learning needs analysis, system design, vulnerability module implementation, and integration of defensive coding features. The platform operates as an online virtual laboratory accessible via www.kampuscyber.unaux.com, with modules addressing SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), File Upload Vulnerability, Insecure Direct Object Reference (IDOR), Command Injection, Directory Traversal, Weak Authentication, and Insecure Cookie handling. Each module maps programming errors directly to their security consequences, paired with defensive coding solutions. The evaluation involved 15 students enrolled in a cybersecurity training program. Across 10 modules, students achieved a 79.33% success rate in completing exploitation tasks and 65.33% in providing secure programming solutions — a gap that points to the greater difficulty of defensive over offensive competency. These findings indicate that the platform offers a safe and controlled environment for web vulnerability learning and mitigation practice, and may serve as an ethical alternative for practice-based secure programming education without exposing real-world systems to risk.
Keywords
Secure Programming; Cybersecurity; Vulnerability; Virtual Laboratory; Defensive Coding
Article Information
This article has been peer-reviewed and published in the International Journal Software Engineering and Computer Science (IJSECS). The content is available under the terms of the Creative Commons Attribution 4.0 International License.
-
Issue: Vol. 6 No. 1 (2026)
-
Section: Articles
-
Published: 2026-04-20
-
License: CC BY 4.0
-
Copyright: © 2026 Authors
-
DOI: 10.35870/ijsecs.v6i1.6809
AI Research Hub
This article is indexed and available through various AI-powered research tools and citation platforms. Our AI Research Hub ensures that scholarly work is discoverable, accessible, and easily integrated into the global research ecosystem.
Habib Nurfaizal, Universitas Pamulang
Department of Information Systems, Universitas Pamulang, South Tangerang City, Banten Province, Indonesia
Afrizal Zein, Universitas Pamulang
Department of Information Systems, Universitas Pamulang, South Tangerang City, Banten Province, Indonesia
-
Abdullayev, V., & Chauhan, A. S. (2023). SQL injection attack: Quick view. Mesopotamian journal of Cybersecurity, 2023, 30-34. https://doi.org/10.58496/MJCS/2023/006.
-
Abikoye, O. C., Abubakar, A., Dokoro, A. H., & Akande, O. N. (2020). A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm. EURASIP Journal on Information Security. https://doi.org/10.1186/s13635-020-00112-z
-
Ashari, I. F., Oktariana, V., Sadewo, R. G., & Damanhuri, S. (2022). Analysis of cross site request forgery (CSRF) attacks on West Lampung Regency websites using OWASP ZAP tools. Jurnal Informatika, 11, 276–281. https://doi.org/10.32736/sisfokom.v11i2.1393
-
Fazriani, N. I. S., Cut, B., & Sanusi. (2023). Uji keamanan website terhadap serangan path traversal (studi kasus website pendapatan warga). Jurnal Ristech (Jurnal Riset, Sains dan Teknologi), 4(1), 60–66.
-
Hariyadi, D., & Nastiti, F. E. (2021). Analisis keamanan sistem informasi menggunakan Sudomy dan OWASP ZAP di Universitas Duta Bangsa Surakarta. Jurnal Informatika dan Rekayasa Perangkat Lunak, 5(1), 35–42. https://doi.org/10.31603/komtika.v5i1.5134
-
Hayati, F., Nizar, M., Bana, S., Anugrah, T., & Huda, M. Q. (2024). Penetration testing keamanan website STIE Samarinda menggunakan teknik SQL injection dan XSS. Jurnal Ilmu Komputer dan Sistem Informasi, 12(1), 618–624. https://doi.org/10.23960/jitet.v12i1.3882
-
Herman, Riadi, I., Kurniawan, Y., & Rafiq, I. A. (2023). Analisis keamanan website menggunakan Information System Security Assessment Framework (ISSAF). Jurnal Keamanan Informasi, 9(1), 126–136.
-
Idris, M., Syarif, I., & Winarno, I. (2022). Web application security education platform based on OWASP API Security Project. Jurnal Nasional Teknik Elektro dan Teknologi Informasi, 10(2), 246–261. https://doi.org/10.24003/emitter.v10i2.705
-
Maizi, Z., & Zainal, Z. (2025). Analisis log akses server web untuk mendeteksi anomali dan serangan siber menggunakan metode kuantitatif dan kualitatif. Jurnal Teknologi dan Sistem Informasi, 8(3), 1741–1747.
-
Mahmud, S. M. S., & Azim, M. A. (2023). SQL injection attack vulnerabilities of web application and detection. International Journal of Computer Applications, 185(38), 41–48. https://doi.org/10.5120/ijca2023922829
-
Manuel, J. K., & Kurniati, R. (2025). Analisis keamanan website E-Pinter terhadap serangan SQL injection dan XSS. Jurnal Keamanan Siber, 4(September), 46–60.
-
Muhammad, H. H., Hadiana, A. I., & Ashaury, H. (2023). Pengamanan aplikasi web dari serangan SQL injection dan cross site scripting menggunakan web application firewall. Jurnal Teknik Informatika, 7(5), 3265–3273. https://doi.org/10.36040/jati.v7i5.7320
-
Natanael, Y., Felicia, R., Malays, E., & Sakti, S. (2024). Analisis keamanan informasi bagi pengguna menggunakan Kali Linux melalui teknik SQL injection website. TEKINFO, 25(1), 123–132.
-
Nelmiawati, & Dealova, K. (2025). Analysis of polyglot obfuscation techniques against ModSecurity in preventing cross-site scripting (XSS) and SQL injection attacks with experimental method. Jurnal Teknik Informatika (JUTIF), 6(4), 2540–2549. https://doi.org/10.52436/1.jutif.2025.6.4.5000
-
Putra, R. A., & Kautsar, I. A. (2023). Detection and prevention of insecure direct object references (IDOR) in website-based applications. Procedia of Engineering and Life Science, 4(June). https://doi.org/10.21070/pels.v4i0.1388
-
Sambhus, K. (2024). Automating SQL injection and cross-site scripting vulnerability remediation in code. Software, 3(1), 28–46. https://doi.org/10.3390/software3010002
-
Tryhubets, B., Tryhubets, M., & Zagorodna, N. (2024). Analysis of the efficiency of open source and commercial vulnerability scanners for e-commerce web application. Scientific Journal of the Ternopil National Technical University, 4(116), 23–30.
-
Wibowo, R. M., & Sulaksono, A. (2021). Web vulnerability through Cross Site Scripting (XSS) detection with OWASP security shepherd. Indonesian Journal of Information Systems, 3(2), 149-159. https://doi.org/10.24002/ijis.v3i2.4192.
-
Wiguna, B., Prabowo, W. A., & Ananda, R. (2020). Implementasi web application firewall dalam mencegah serangan SQL injection pada website. Jurnal Teknologi Informasi & Komunikasi, 11(2), 245–256.
-
Yogi, Ruslianto, I., & Bahri, S. (2019). Analisa log web server untuk mengetahui pola perilaku website menggunakan teknik regular expressions. Jurnal Komputer dan Aplikasi, 7(1), 120–130. https://doi.org/10.26418/coding.v7i01.32692.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
1. Copyright Retention and Open Access License
Authors retain copyright of their work and grant the journal non-exclusive right of first publication under the Creative Commons Attribution 4.0 International License (CC BY 4.0).
This license allows unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
2. Rights Granted Under CC BY 4.0
Under this license, readers are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, including commercial use
- No additional restrictions — the licensor cannot revoke these freedoms as long as license terms are followed
3. Attribution Requirements
All uses must include:
- Proper citation of the original work
- Link to the Creative Commons license
- Indication if changes were made to the original work
- No suggestion that the licensor endorses the user or their use
4. Additional Distribution Rights
Authors may:
- Deposit the published version in institutional repositories
- Share through academic social networks
- Include in books, monographs, or other publications
- Post on personal or institutional websites
Requirement: All additional distributions must maintain the CC BY 4.0 license and proper attribution.
5. Self-Archiving and Pre-Print Sharing
Authors are encouraged to:
- Share pre-prints and post-prints online
- Deposit in subject-specific repositories (e.g., arXiv, bioRxiv)
- Engage in scholarly communication throughout the publication process
6. Open Access Commitment
This journal provides immediate open access to all content, supporting the global exchange of knowledge without financial, legal, or technical barriers.