Hasil Pencarian  ::  Simpan CSV :: Kembali

"DevOps for developers delivers a practical, thorough introduction to approaches, processes and tools to foster collaboration between software development and operations. Efforts of Agile software development often end at the transition phase from development to operations. This book covers the delivery of software, this means “the last mile”, with lean practices for shipping the software to production and making it available to the end users, together with the integration of operations with earlier project phases (elaboration, construction, transition). DevOps for developers describes how to streamline the software delivery process and improve the cycle time (that is the time from inception to delivery). "

"SQL Injection adalah salah satu jenis serangan yang paling sering terjadi pada aplikasi berbasis web. Serangan ini pada umumnya terjadi karena minimnya validasi dari sisi input pada aplikasi. Meskipun penyebab terjadinya SQL Injection telah banyak diketahui, sayangnya serangan ini masih menjadi salah satu kerentanan yang sering muncul aplikasi. Penggunaan tools SAST yang digunakan selama ini seringkali tidak dapat mendeteksi adanya kerentanan SQL Injection di dalam source code, khususnya aplikasi yang menggunakan framework. Selain itu, proses pengujian yang berulang-ulang juga menjadi kesulitan tersendiri bagi tim pengembang dan keamanan aplikasi. Penelitian ini mengusulkan metode untuk mendeteksi kerentanan SQL Injection pada framework CodeIgniter.Penelitian ini dilakukan dengan menggunakan studi kasus aplikasi berbasis PHP di instansi XYZ, khususnya pada aplikasi yang menggunakan framework CodeIgniter 3. Metode yang digunakan dalam tesis ini adalah dengan mengembangkan tool dengan nama SQLI-SA yang dapat mendeteksi kerentanan SQL Injection dengan metode static analysis. Tool ini dapat berjalan secara stand alone ataupun terintegrasi dengan platform DevOps. SQLI-SA dapat mendeteksi kerentanan SQL Injection dengan tingkat akurasi sebesar 88.8% dan dapat memberikan informasi kepada tim pengembang untuk memperbaiki source code yang terdeteksi rentan terhadap SQL Injection melalui dashboard monitoring.

---

SQL Injection is one of the most common types of attack on web-based applications. This attack generally occurs due to the lack of validation from the input side of the application. Even though the causes of SQL Injection are widely known, unfortunately, this attack is still one of the most common vulnerabilities in applications. The use of SAST tools used so far often cannot detect SQL Injection vulnerabilities in the source code, especially applications that use frameworks. In addition, the repeated testing process is also a challenge for the development team and application security. This study proposes a method for detecting SQL Injection vulnerabilities in the CodeIgniter framework.

This research was conducted using a PHP-based application case study at the XYZ agency, especially in applications that use the CodeIgniter 3 framework. The method used in this thesis is to develop a tool called SQLI-SA that can detect SQL Injection vulnerabilities using the static analysis method. This tool can run stand-alone or integrated with the DevOps platform. SQLI-SA can detect SQL Injection vulnerabilities with an accuracy rate of 88.8% and can provide information to the development team to fix source code that is detected as vulnerable to SQL Injection through the monitoring dashboard."

"Proses pengembangan perangkat lunak tidak hanya terdiri dari tugas pengembangannya saja, melainkan terdapat juga tugas-tugas yang bersifat operasional terkait proses DevOps dan IT Ops. Tugas-tugas tersebut secara tradisional dilakukan dengan cara manual, akan tetapi proses tersebut berlangsung cukup lama dan sifatnya yang berulang, manual, dan tidak memiliki nilai tambah pada aplikasi disebut toiling works yang berdampak buruk pada produktivitas pengembang perangkat lunak. Proses pengerjaan tugas yang manual tersebut berpotensi besar melanggar least privilege principle dimana pelaksana tugas hanya boleh diberikan akses ke sumber daya yang memang diperlukan saja karena pelaksana tugas diberikan akses penuh ke sebuah shared jump host server. Solusi ChatOps sebagai model kolaborasi dimana pekerjaan dilakukan di dalam aplikasi chat berpotensi untuk menyelesaikan dua masalah tersebut dalam pelaksanaan tugas DevOps dan IT Ops. Implementasi dari solusi ChatOps ini dilakukan pada tiga buah tugas dari tahap requirements gathering menggunakan Slack sebagai aplikasi chat dan Semaphore Ansible sebagai tasks handler. Pengujian dilakukan dengan membandingkan solusi ChatOps dengan metode manual dengan tiga buah parameter yaitu waktu untuk menjalankan tugas, waktu sampai tugas selesai, dan keamanan berdasarkan least privilege principle. Hasil pengujian menunjukkan solusi ChatOps lebih unggul dari metode manual dari sisi waktu dan berpotensi menerapkan least privilege principle yang lebih baik.

---

Software development process comprises of development tasks and operational tasks mostly related to DevOps and IT Ops. Operational tasks are usually done manually but since it happens oftenly and have no enduring value, it is a toiling work that wastes time. The process that is done manually may also violate least privilege principle since full access to a server is usually given. ChatOps as a collaboration model where work is done inside the chat application has a potential to solve those two issues in doing DevOps and IT Ops related tasks. The implementation of ChatOps as a solution is done with three tasks as a subject based on the requirements gathering results done in this research. Technologies used are Slack as the chat application and Semaphore Ansible as the tasks handler. Evaluation is done by comparing ChatOps solution with the manual method by using three parameters: the time needed to execute the task, the time needed until the task is finished, and the security analysis based on 2 least privilege principle. Evaluation results showed that the ChatOps solution requires less time than the manual method and able to implement better security in terms of better implementation of least privilege principle."

"This book provides critical knowledge for any developer engaged in delivering the business and software engineering goals required to create and operate a large-scale production website. It addresses how developers can collaborate effectively with business and engineering teams to ensure applications are smoothly transitioned from product inception to implementation, and are properly deployed and managed. This book provides unique insights into how systems, code, and process can all work together to make large-scale website development and operations ultra-efficient."

"Foundation version control for web developers explains how version control works, what you can do with it and how. Using a friendly and accessible tone, you will learn how to use the three leading version control systems, subversion, git and mercurial, on multiple operating systems. The history and integral concepts of version control are covered so that you will gain a thorough understanding of the subject, and why it should be used to manage all changes in web development projects. Topics covered include, how to choose the correct software for your needs, creating and working with repositories, understanding trunks, branches, hooks, conflicts and merging, setting up respository servers and integrating with Apache, and using terminal, and understanding alternatives."

"Banyak pesaing membuat PT Asuransi XYZ harus adaptif dan cepat dalam menyediakan layanan aplikasi yang baik kepada pelanggan. Perusahaan ini sudah banyak melakukan perubahan baik dari struktur organisasi hingga budaya khususnya dalam software development yang sudah mengadopsi Agile dan DevOps. Namun pada kenyataannya masih besar keterlambatan waktu penyebaran pada aplikasi. Melalui permasalahan menjelaskan bahwa ada permasalahan dari sisi people yakni developer yang masih memiliki mindset individual. Menjawab permasalahan tersebut dengan Budaya DevOps bahwa developer tidak hanya memikirkan tentang coding namun bagaimana product ini dapat di production dengan cepat. Penulis melakukan studi literatur terhadap teori DevOps dengan berlandaskan model yang dibuat oleh Luz (2019) dan teori lainnya. Kemudian memetakan kondisi saat ini berdasarkan hasil studi literatur yang telah dibuat melalui kuesioner. Berdasarkan kondisi tersebut dipilih yang tidak memenuhi threshold untuk diberikan rekomendasi. Rekomendasi diberikan validasi terhadap teori DevOps, kemudian di lanjutkan validasi dengan orang expert dan yang terakhir validasi dengan orang internal. Rekomendasi budaya meliputi deployment dilakukan lebih sering dan tidak perlu menunggu waktu khusus, tim pengembang perlu mengetahui bagaimana proses yang ada pada bagian operasi, tim operasi perlu memberikan feedback kepada tim pengembang dan memiliki rasa kepercayaan (trust) antara tim pengembang dan tim operasi.

---

The highly competitive insurance industry has forced PT Asuransi XYZ to be more adaptive to changes and fast in providing good application services to customers. To stay ahead of the competition, PT Asuransi XYZ introduced changes to both organizational structure and the entire company work culture. The key steps were to adopt Agile and DevOps. Previously, there was considerable delay in the deployment time of the applications. DevOps comes from a train of thought, where developers not only think about coding but also how the product can be released to production quickly. Researchers conducted a literature study on the DevOps theory based on the model created by Luz (2019) and other theories. Then they mapped the current conditions based on the results of literature studies that have been made through a questionnaire. Based on these conditions, those who did not meet the threshold were chosen to be given a recommendation. Recommendations are validated against the DevOps theory, then proceeded with validation by expert people and finally validated by internal people. Cultural recommendations include very frequent deployments and drastically cut-short the development to release time. The development team should be aware of the process in the operations section, the operations team needs to provide regular feedback back to the development team. Both teams need to have a sense of trust between them to achieve the goal."

"Perusahaan penyedia teknologi telekomunikasi XYZ memiliki sistem informasi yang dibangun secara in-house, outsource, dan subscription untuk menjalankan aktivitas bisnis sehari-hari. Digital Project Management (DPM) merupakan salah satu sistem informasi yang dikembangkan secara in-house. DPM terbagi atas 3 sub-modul, salah satunya adalah Bill of Quantity and Material (BAM). BAM merupakan sistem supply chain management yang mencakup perencanaan sumber daya hingga logistik. Unit BAM mengharapkan bisnisnya untuk terus berkembang, memperluas pangsa pasar, dan menjaga kepercayaan pemangku kepentingan yang dimilikinya saat ini. Namun dalam mencapai harapan tersebut, unit BAM menghadapi kendala tidak dapat mencapai target waktu pengembangan yang telah ditetapkan. Salah satu penyebab dari kendala ini adalah tidak adanya kolaborasi antar tim pengembang dan tim operasional dalam BAM. Dalam menjawab permasalahan tersebut, dilakukan penelitian untuk menyusun rekomendasi yang dapat membantu menjawab permasalahan yang dihadapi oleh BAM dengan mengadopsi konsep DevOps. Penelitian ini berjenis applied research serta metode analisis data yang digunakan adalah explanatory sequential mixed-methods. Berdasarkan hasil penelitian, dari 28 konsep adopsi DevOps, 21 konsep dapat diaplikasikan di unit BAM. Rekomendasi untuk menjawab permasalahan yang dihadapi oleh unit BAM disusun berdasarkan konsep-konsep tersebut. Rekomendasi ini terdiri atas lima kategori, yaitu perubahan pola pikir (mindset change), perubahan proses pengembangan (development process change), peningkatan proses berbagi (sharing enhancement), perubahan keorganisasian (organizational change), serta pembuatan DevOps pipeline. Rancangan DevOps pipeline ini telah melewati proses validasi oleh project manager dan Global ICT DevOps Engineer.

---

Telecommunication technology provider company XYZ has an information system which was built by in-house, outsourced, or subscription to carry out daily business activities. Digital Project Management (DPM) system is one of the information systems developed in-house. DPM is divided into 3 sub-modules, one of which is the Bill of Quantity and Material (BAM). BAM is a supply chain management system that includes resource planning up to logistics. BAM unit expects its business to grow, expand market share, and maintain the trust of current stakeholders. But in achieving these expectations, BAM unit faces problem of not being able to achieve the development time targets that had been set. One of the causes of this problem is the absence of collaboration between developer teams and operation team in BAM unit. In answering these problems, research was conducted to develop recommendations that can help answer the problems faced by BAM unit by adopting the concept of DevOps. This research is characterized as applied research and the data analysis method is explanatory sequential mixed-methods. Based on the results of the study, from 28 concepts of DevOps adoption, BAM unit can apply 21 concepts. Recommendation to answer the problems faced by BAM unit were built based on these concepts. The recommendation is categorized into 5 categories, which are mindset change, development process change, sharing enhancement, organizational change, and creating a DevOps pipeline. The DevOps pipeline design has passed the validation process by the project manager and the Global ICT DevOps Engineer."

"This book explains not only the design decisions of the frameworks, but also how you can apply similar designs and techniques to your own code. This book takes great care in covering every inch of Spring MVC and Spring Web Flow to give you the complete picture. Along with all the best known features of these frameworks. You’ll also learn how to correctly and safely extend the frameworks to create customized solutions. This book is for anyone who wishes to write robust, modern, and useful web applications with the Spring Framework."

"With Pro Spring 3, you’ll learn Spring basics and core topics, and gain access to the authors’ insights and real–world experiences with remoting, Hibernate, and EJB. Beyond the basics, you'll learn how to leverage the Spring Framework to build various tiers or parts of an enterprise Java application like transactions, the web and presentations tiers, deployment, and much more. A full sample application allows you to apply many of the technologies and techniques covered in this book and see how they work together."