Artificial Intelligence, Statistics and Probability, Information Systems
36
Scopus Publications
493
Scholar Citations
10
Scholar h-index
14
Scholar i10-index
Scopus Publications
Benchmarking DevSecOps Pipelines: A Performance and Security Analysis of Laravel and CodeIgniter Muhammad Faki Raihan, Hermawan Setiawan Proceedings 2025 IEEE 2nd International Conference on Cryptography Informatics and Cybersecurity Icocics 2025, 2025 This study presents a comparative analysis of the performance and implementation of DevSecOps pipelines in two popular PHP frameworks, Laravel and CodeIgniter. To provide empirical data, two functionally identical web applications were developed and tested within a CI/CD pipeline orchestrated by Jenkins. The pipeline integrated SonarQube for Static Application Security Testing (SAST) and OWASP ZAP for Dynamic Application Security Testing (DAST) to automate security evaluations. The primary research goals were to measure pipeline execution time, compare resource consumption (CPU and memory), and analyze the detection effectiveness of the security tools on both frameworks. The results show that CodeIgniter is more efficient (execution time of 152 seconds vs. 167 seconds). However, both automated SAST and DAST tools failed to detect critical vulnerabilities without deep configuration, emphasizing the trade-off between efficiency and implementation effort. The main contribution of this study is empirical evidence demonstrating how a framework's architecture directly influences the trade-off between pipeline efficiency and the implementation effort required for meaningful security analysis, underscoring that automated tools are a baseline that requires intelligent human configuration to be truly effective.
Evaluation of Web Security and Performance in PHP Frameworks: A Case Study of Codeigniter 4 and Yii2 M. Dja’far Karzein Hafidz Yuntanozra, Hermawan Setiawan, I Komang Setia Buana Proceedings 2025 IEEE 2nd International Conference on Cryptography Informatics and Cybersecurity Icocics 2025, 2025 The selection of a framework is critical in web application development, especially for e-commerce systems that require both performance efficiency and strong data protection. This study compares two widely used PHP frameworks, CodeIgniter 4 and Yii2, by developing two identical e-commerce prototypes to ensure fair evaluation. Security testing was conducted using Dynamic Application Security Testing (DAST) tools, including OWASP ZAP and Wapiti3, to detect common vulnerabilities such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). Performance testing was conducted using Apache Benchmark (ab), with a focus on requests per second (RPS), response time, and transfer rate. The results show that CodeIgniter 4 reported higher proportions of CSRF (19%) and XSS (59%) vulnerabilities compared to Yii2 with only 0.6 % and 1 %, respectively. Conversely, Yii2 showed more weaknesses in security header configurations, including the absence of Content Security Policy (24 %) and missing anti-clickjacking headers <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$(12 \%)$</tex>. In terms of performance, Yii2 achieved on average 12.9 % higher RPS and 11.6 % faster response times, while CodeIgniter 4 exhibited a transfer rate nearly 2.2 times greater. These findings highlight a trade-off between security and performance in framework selection. Yii2 is more suitable for applications that prioritize stronger default security, whereas CodeIgniter 4 is advantageous for systems that require higher data throughput.
Extended Self-Adaptive Honey Encryption (XSHE) for User Authentication Scheme Using a Generative Adversarial Network (GAN) Adek Muhammad Zulkham RK, Girinoto, Herman Kabetta, Hermawan Setiawan Proceedings 2025 IEEE 2nd International Conference on Cryptography Informatics and Cybersecurity Icocics 2025, 2025 Robust user authentication is essential for safeguarding privacy and restricting system access to authorized personnel. Although password-based authentication remains a standard and cost-effective method, it continues to be vulnerable to malicious attacks. Existing enhancements, such as honey encryption and honeywords, seek to complicate password guessing; however, they still possess vulnerabilities related to genuine passwords. To overcome these limitations, this study proposes Extended Self-Adaptive Honey Encryption (XSHE), an innovative user authentication methodology. XSHE utilizes the PassGAN model to generate highly realistic synthetic passwords, further enhancing adaptability and real-time threat response, thus reducing dependence on actual user passwords and alleviating risks associated with conventional attacks. We have implemented and evaluated XSHE within a Python-based password authentication system. The results demonstrate that the seamless integration of PassGAN on the login interface significantly enhances the security of the password database and improves the detection of password-cracking attempts, thereby contributing to a more resilient authentication framework.
Beyond Static Analysis: Detecting SQL Injection via Context-Aware Code Review in Web Applications Christopher Ralin Anggoman, Rakha Maulana, Hermawan Setiawan, Muhammad Aqil Nuur Al-Farabi Proceedings 2025 IEEE 2nd International Conference on Cryptography Informatics and Cybersecurity Icocics 2025, 2025 Static analysis tools are widely integrated into modern software development pipelines to assist in detecting security vulnerabilities. However, these tools often fall short when addressing context-sensitive issues such as SQL Injection (SQLi), particularly in applications with dynamic query construction and complex data flows. This study introduces a structured, context-aware manual code review methodology designed to identify SQLi vulnerabilities commonly missed by static analyzers. The process includes input tracing, propagation analysis, verification of sanitization mechanisms, and control flow assessment. The proposed approach was applied to a widely used open-source library management system deployed in educational institutions in Indonesia. Four critical SQLi vulnerabilities were identified, successfully validated using time-based blind SQLi techniques with SQLMap, and formally registered under the CVE program. Neither DeepSource nor SonarCloud, under default configurations, detected any of these flaws, yielding a detection coverage of 0 percent. Beyond reporting these vulnerabilities, the study provides a new insight: manual context-aware review can detect context-sensitive SQLi that are consistently missed by automated tools. This finding underscores the indispensable role of human-in-the-loop auditing in uncovering real-world vulnerabilities and highlights the limitations of relying solely on automated static analysis in secure software development lifecycles.
Optimization of MLP-Regressor for Predicting Student's Cumulative Grade Point Average (GPA) Hermawan Setiawan, Ihsan Fadli Tampati, I Gede Maha Putra, Girinoto Icsintesa 2024 2024 4th International Conference of Science and Information Technology in Smart Administration the Collaboration of Smart Technology and Good Governance for Sustainable Development Goals, 2024 In the digital age, vast amounts of data offer opportunities to enhance student outcomes and achieve sustainable educational goals. Educational institutions aim to identify factors influencing academic performance and predict exam scores to provide tailored support to students in need. Educational Data Mining (EDM) techniques enable in-depth analysis of students’ historical data. Prior research has identified factors such as learning methods, study environment, parental involvement, and pressure as significant influencers of academic achievement. This study takes a novel approach by training a deep learning model on historical cumulative GPA data from Politeknik Siber dan Sandi Negara using regression to accurately predict cumulative GPA. The model is implemented in a web application, alerting educators to students at risk of declining cumulative GPA. The Multi-layer Perceptron (MLP) regressor is employed for training and evaluation, yielding optimized configurations for the number of neurons, hidden layer depth, and Adam optimizer with constant learning rate. Evaluation results using MSE, RMSE, MAE, R-squared, and Breusch-Pagan Test show that the model has good performance. Future research could focus on expanding the dataset to achieve greater predictive accuracy thereby empowering institutions to offer targeted support to students in need.
Implementation of Game-Based Learning to Enhance Security Awareness Against Child Cyber Grooming Attacks Fikra Amalia Raihana, Hermawan Setiawan, Herman Kabetta, Nurul Qomariasih 2024 8th International Conference on Information Technology Information Systems and Electrical Engineering Icitisee 2024, 2024 Online Gender-Based Violence (OGBV) has become an urgent concern with the rising cases of OGBV, especially during the Covid-19 pandemic. One alarming form of OGBV is cyber grooming, particularly child cyber grooming, which often targets children who lack adequate knowledge about safe internet use. Education is a crucial key in combating child cyber grooming crimes. This research aims to design a game-based learning application as an educational medium to enhance children's understanding of child cyber grooming crimes through the application of the Digital Game-Based Learning Instructional Design (DGBL-ID) method. DGBL-ID is chosen because its development stages focus not only on game design but also on instructional design. The application will be tailored to the needs of young children, making it expected to effectively convey concepts according to their needs and understanding. The application will be tested using the User Acceptance Test (UAT) approach to ensure its usability as an educational medium. The effectiveness of the application in enhancing early childhood knowledge will be measured using the One-Group Pre-test Post-test method and analyzed with the Wilcoxon Test. The research results show that the use of educational game applications in this study can make a significant contribution to increasing children's understanding of child cyber grooming crimes. Educational game media is an interesting and beneficial learning tool for children to understand the risks and necessary preventive actions for safe internet use.
Code Obfuscation in CI/CD Pipelines for Enhanced DevOps Security Angelita Salsabila Afifah, Herman Kabetta, I Komang Setia Buana, Hermawan Setiawan 2024 International Conference on Artificial Intelligence Blockchain Cloud Computing and Data Analytics Icoabcd 2024, 2024 In recent years, DevOps (Development and Operations) has become an essential part of the software industry, offering practices that enable quick, reliable, and high-quality software delivery. The business world's increasing demand for speed and expertise has highlighted the need for DevOps methods that streamline development stages without compromising software quality. Concurrently, security breaches such as data leaks necessitate addressing security threats in software, especially in the DevOps process. It has led to integrating security into DevOps, termed DevSecOps, which enhances software quality by embedding security principles. CI/CD, a DevOps practice, involves continuous integration, delivery, and code deployment. Continuous Deployment ensures software stability through automated testing before server deployment. The main goal of this research is to overcome source code hijacking attempts while in the CI/CD pipeline; even if it happens, the source code will not be easy to read and prevent the possibility of being modified by unauthorized users; technical protection via obfuscation is essential. This research proposes using the Blowfish encryption algorithm for code obfuscation in the CI/CD pipeline. Blowfish is preferred due to its shorter encryptionldecryption times. This automated code obfuscation mechanism, implemented in the CI/CD pipeline using GitHub Actions, aims to develop secure systems by making the source code more difficult to understand, ensuring secure Continuous Deployment.
A Design for Comprehensive Information System Management Framework Integrating Secure Software Development, Resource Management, and Real-Time Monitoring Herlambang Rafli Wicaksono, Ihsan Fadli Tampati, Nathanael Berliano Novanka Putra, Hermawan Setiawan, Dimas Rifqi Firmansyah Proceedings International Conference on Informatics and Computational Sciences, 2024 This paper proposes a holistic framework for the development, management, and monitoring of secure web information systems. Emphasizing a secure software development life cycle (SDLC), resource management, and real-time monitoring, the framework aims to standardize and enhance the process of web application development while prioritizing security at every phase. The framework incorporates threat modeling during planning and design, security guidelines during implementation, and continuous vulnerability scanning. Additionally, it integrates resource management to ensure effective allocation of human, hardware, and software resources. Tools are employed for real-time monitoring, providing usage insights that inform managerial decisions. The proposed framework strives to create a comprehensive approach to web application development that is both secure and well-managed. The implementation results demonstrate the proposed framework’s effectiveness in simplifying development, optimizing resources, and enhancing security for web applications. Furthermore, compared to the secure software development lifecycle (SSDLC) framework, it offers advantages in resource management and real-time monitoring, rendering it more comprehensive.
SocengGo: Social Engineering Educational Application Based on Attack-Defense Multiplayer Card Game Fadel Azzahra, Nurul Qomariasih, Herman Kabetta, Hermawan Setiawan, Rheva Anindya Wijayanti, Taqiya Nabilla Nathania Afnani Proceedings International Conference on Education and Technology ICET, 2024 Social engineering is still considered one of the most threatening attacks in the digital world. One of the best defenses against social engineering starts with education. Since it is important to present education in an engaging way, this research proposes an educational application with an attack-defense card game concept for social engineering education, namely SocengGo. The application applies the multiplayer concept to address the collaborative learning challenge in Education 4.0. The card game flow adopts the Cangkulan and UNO card games. The cards in the game consist of attack elements that describe social engineering techniques, defense elements that describe preventive measures for certain social engineering techniques, and the value of the effectiveness of defense elements against attack elements. The application can be accepted by users with the User Acceptance Index criteria of reaching ‘very acceptable’ and receiving a ‘positive’ response from application users, especially on the multiplayer concept which is promoted with value. This application has also been proven to be able to increase understanding of social engineering techniques and preventive steps.
Enhancing Data Governance and Personal Data Protection: A Strategic Review for Cases in Indonesia Raden Budiarto, I Komang Setia Buana, Herman Kabetta, Hermawan Setiawan, Girinoto, Nurul Qomariasih Proceedings 6th International Conference on Informatics Multimedia Cyber and Information System Icimcis 2024, 2024 This paper examines the state of data governance in developed countries and its application in Indonesia. The study explores the mechanisms used by developed countries, including comprehensive data protection laws, independent regulatory authorities, and established data governance frameworks. It also discusses how data-sharing initiatives drive innovation, economic growth, and enhanced data utilization in these countries. In Indonesia, data governance regulations are outlined in the Personal Data Protection (PDP) law and government regulations on system operators and electronic transactions. The paper presents the results of a PESTLE analysis, which indicates favorable political, economic, social, technological, environmental, and legal factors for data governance in Indonesia. However, challenges such as weak data sovereignty, lack of public awareness, and incomplete regulations must be addressed. A SWOT analysis highlights strengths, such as a growing digital economy and government commitment to privacy and data protection, and weaknesses, such as the absence of a personal data protection commission and incomplete regulations. This paper concludes with recommendations for the Indonesian government and society to strengthen data sovereignty, establish a dedicated regulatory body, enhance public awareness, develop comprehensive data governance frameworks, foster collaboration, and improve data security measures. Implementing these recommendations will enable Indonesia to establish a robust data governance ecosystem that protects individual privacy, attracts foreign investment, and drives the growth of the digital economy.
Comparison of LSTM Architecture for Malware Classification Girinoto, Hermawan Setiawan, Prasetyo Adi Wibowo Putro, Yogha Restu Pramadi Proceedings 2nd International Conference on Informatics Multimedia Cyber and Information System Icimcis 2020, 2020
Security Testing on File Upload Web Applications Based on the Yii 2 Framework R Setyawan, RA Wijayanti, H Setiawan Info Kripto 20 (1), 23-33 , 2026 2026
Meta-analytical model of the relationship between learning motivation, self-efficacy, and academic achievement in online learning H Setiawan, W Widodo, M Lapasau, SA Wahid, A Musliman Jurnal Konseling dan Pendidikan 13 (4), 96-114 , 2025 2025 Citations: 1
Beyond Static Analysis: Detecting SQL Injection via Context-Aware Code Review in Web Applications CR Anggoman, R Maulana, H Setiawan, MAN Al-Farabi 2025 IEEE 2nd International Conference on Cryptography, Informatics, and … , 2025 2025
Benchmarking DevSecOps Pipelines: A Performance and Security Analysis of Laravel and CodeIgniter MF Raihan, H Setiawan 2025 IEEE 2nd International Conference on Cryptography, Informatics, and … , 2025 2025
Evaluation of Web Security and Performance in PHP Frameworks: a Case Study of Codeigniter 4 and Yii2 MDKH Yuntanozra, H Setiawan, IKS Buana 2025 IEEE 2nd International Conference on Cryptography, Informatics, and … , 2025 2025
Extended Self-Adaptive Honey Encryption (XSHE) for User Authentication Scheme Using a Generative Adversarial Network (GAN) AMZ RK, H Kabetta, H Setiawan 2025 IEEE 2nd International Conference on Cryptography, Informatics, and … , 2025 2025
Spaticrypt: Platform Edukasi Kriptografi Berbasis Web dengan Konsep Gamifikasi Capture-the-Flag dan Integrasi Chatbot Kecerdasan Buatan sebagai Asisten Virtual MF Sugiyarto, RN Yasa, G Girinoto, H Setiawan, HR Wicaksono Info Kripto 19 (1), 39-47 , 2025 2025 Citations: 2
DASAR DASAR M DEPAN Dasar Dasar Data Mining: Konsep, Teknik Dan Aplikasi, 172 , 2025 2025
Design and Build a Research Information System at National Cyber and Crypto Polythecnic with Recommender System for Thesis Supervisor Based on Text Similarity Metric RA Wijayanti, RR Hanaputra, H Setiawan, RN Yasa, J Lumbantoruan, ... JEEMECS (Journal of Electrical Engineering, Mechatronic and Computer Science … , 2025 2025 Citations: 1
Rancang Bangun Aplikasi Surat Izin Sekolah Berbasis Web Menggunakan Metode WDLC H Setiawan, IS Tsany Info Kripto 18 (3), 105-109 , 2024 2024 Citations: 1
Enhancing Data Governance and Personal Data Protection: A Strategic Review for Cases in Indonesia R Budiarto, IKS Buana, H Kabetta, H Setiawan, N Qomariasih 2024 International Conference on Informatics, Multimedia, Cyber and … , 2024 2024 Citations: 1
Rancang Bangun Model Pengasuhan pada Sistem Informasi Akademik Universitas XYZ berbasis RESTful Web service IKS Buana, MU Simanjuntak, H Setiawan SEMNASTERA (Seminar Nasional Teknologi dan Riset Terapan) 6, 169-176 , 2024 2024
Evaluasi Usability Pada Aplikasi Matahari Mall Dengan Metode Think Aloud Dan System Usability Scale A Salsabila, MU SImanjuntak, H Setiawan Journal of Information Systems Management and Digital Business 2 (1), 18-28 , 2024 2024 Citations: 8
SocengGo: Social Engineering Educational Application Based on Attack-Defense Multiplayer Card Game F Azzahra, N Qomariasih, H Kabetta, H Setiawan, RA Wijayanti, ... 2024 10th International Conference on Education and Technology (ICET), 118-123 , 2024 2024 Citations: 2
Evaluasi Dan Perancangan User Experience Pada Aplikasi Cove Menggunakan Ux Honeycomb WW Sejati, E Sibagariang, H Setiawan Computer Based Information System Journal 12 (2), 29-39 , 2024 2024 Citations: 1
Implementation of game-based learning to enhance security awareness against child cyber grooming attacks FA Raihana, H Setiawan, H Kabetta, N Qomariasih 2024 8th International Conference on Information Technology, Information … , 2024 2024 Citations: 8
Penilaian Risiko Secure Software Development Life Cycle pada Sistem Informasi Senat Mahasiswa Perguruan Tinggi XYZ Menggunakan Metode OWASP H Setiawan, MN Ghiffari Info Kripto 18 (2), 57-65 , 2024 2024
Human-Computer Interaction Enhancement for Linux Cli Application using Telegram Bot Piping H Wicaksono, F Azzahra, H Setiawan SAINTEKBU 16 (02), 71-79 , 2024 2024
Code Obfuscation in CI/CD Pipelines for Enhanced DevOps Security AS Afifah, H Kabetta, IKS Buana, H Setiawan 2024 International Conference on Artificial Intelligence, Blockchain, Cloud … , 2024 2024 Citations: 4
MOST CITED SCHOLAR PUBLICATIONS
Buku Ajar Metodologi Penelitian Kuantitatif & Aplikasi Pengolahan Analisa Data Statistik H Hildawati, L Suhirman, BF Prisuna, L Husnita, B Mardikawati, S Isnaini, ... PT. Sonpedia Publishing Indonesia , 2024 2024 Citations: 65
Pemasaran Digital di Era Society 5.0: Transformasi Bisnis di Dunia Digital I Ifadhila, AY Rukmana, E Erwin, LPRA Ratnaningrum, M Aprilia, ... PT. Sonpedia Publishing Indonesia , 2024 2024 Citations: 45
Face anti-spoofing using CNN classifier & face liveness detection RB Hadiprakoso, H Setiawan 2020 3rd International Conference on Information and Communications … , 2020 2020 Citations: 37
Vulnerability analysis using the interactive application security testing (iast) approach for government x website applications H Setiawan, LE Erlangga, I Baskoro 2020 3rd International Conference on Information and Communications … , 2020 2020 Citations: 29
Design of information security risk management using ISO/IEC 27005 and NIST SP 800-30 revision 1: A case study at communication data applications of XYZ institute H Setiawan, FA Putra, AR Pradana 2017 International Conference on Information Technology Systems and … , 2017 2017 Citations: 26
Teknologi big data: Pengantar dan penerapan teknologi big data di berbagai bidang APS Iskandar, H Setiawan, L Judijanto, GS Mahendra, M Ardi, NAR Putri, ... PT. Green Pustaka Indonesia , 2024 2024 Citations: 17
Comparison of LSTM architecture for malware classification H Setiawan, PAW Putro, YR Pramadi 2020 international conference on informatics, multimedia, cyber and … , 2020 2020 Citations: 15
Text preprocessing for optimal accuracy in Indonesian sentiment analysis using a deep learning model with word embedding RB Hadiprakoso, H Setiawan, RN Yasa, Girinoto AIP Conference Proceedings 2680 (1), 020050 , 2023 2023 Citations: 12
Designing and building secure electronic medical record application by applying AES-256 and RSA digital signature G Wening Werdi Mukti, H Setiawan IOP Conference Series: Materials Science and Engineering 852 (1), 012148 , 2020 2020 Citations: 12
Penerapan sistem antrian sebagai upaya mengoptimalkan pelayanan terhadap pasien pada loket pengambilan obat di puskesmas cicurug sukabumi jawa barat B Ruswandi Skripsi Fakultas Sains dan Teknologi Universitas Islam Negeri Syarif … , 2006 2006 Citations: 11
Classification of personality type based on twitter data using machine learning techniques H Setiawan, AA Wafi 2020 3rd International conference on information and communications … , 2020 2020 Citations: 10
Implementation of SHA-256 and AES-256 for securing digital Al Quran verification system AS Dewi, H Setiawan 2019 Fourth International Conference on Informatics and Computing (ICIC), 1-8 , 2019 2019 Citations: 10
Design of secure electronic disposition applications by applying blowfish, SHA-512, and RSA digital signature algorithms to government institution H Setiawan, KR Citra 2018 International Seminar on Research of Information Technology and … , 2018 2018 Citations: 10
Pengaruh penerapan layanan marketing syariah dan kepuasan pelanggan terhadap loyalitas pelanggan: rumah makan Wong Solo Cabang Tebet I Farida UIN Syarif Hidayatullah Jakarta: Fakultas Syariah dan Hukum, 2011 , 2011 2011 Citations: 10
Design and development of information sharing and analysis center (ISAC) as an information sharing platform IM Sholihah, H Setiawan, OG Nabila 2021 Sixth International Conference on Informatics and Computing (ICIC), 1-6 , 2021 2021 Citations: 9
Evaluasi Usability Pada Aplikasi Matahari Mall Dengan Metode Think Aloud Dan System Usability Scale A Salsabila, MU SImanjuntak, H Setiawan Journal of Information Systems Management and Digital Business 2 (1), 18-28 , 2024 2024 Citations: 8
Implementation of game-based learning to enhance security awareness against child cyber grooming attacks FA Raihana, H Setiawan, H Kabetta, N Qomariasih 2024 8th International Conference on Information Technology, Information … , 2024 2024 Citations: 8
Analysis of sql injection attack detection and prevention on mysql database using input categorization and input verifier AAS Arif, R Purwoko, N Qomariasih, H Setiawan 2022 IEEE 8th Information Technology International Seminar (ITIS), 190-194 , 2022 2022 Citations: 8
Pemrograman Terstruktur IKS Buana, H Setiawan, PAW Putro Syiah Kuala University Press , 2022 2022 Citations: 8
Optimization of MLP-Regressor for Predicting Student’s Cumulative Grade Point Average (GPA) H Setiawan, IF Tampati, IGM Putra 2024 4th International Conference of Science and Information Technology in … , 2024 2024 Citations: 7
