IMPLEMENTASI KEAMANAN ENDPOINT PADA APLIKASI WEB MENGGUNAKAN NODE.JS DAN TEKNIK MIDDLEWARE
DOI:
https://doi.org/10.70248/jcsit.v2i3.2724Abstract
Keamanan endpoint merupakan aspek krusial dalam pengembangan aplikasi web modern, terutama pada layanan API yang menjadi pintu masuk utama antara klien dan server. Penelitian ini bertujuan untuk merancang dan mengimplementasikan sistem keamanan endpoint menggunakan pendekatan modular berbasis Node.js dan Express.js. Beberapa fitur keamanan diterapkan, antara lain autentikasi berbasis JSON Web Token (JWT), middleware verifikasi token, pembatasan jumlah permintaan menggunakan express-rate-limit, serta konfigurasi keamanan dasar dengan Helmet dan CORS. Metode penelitian ini melibatkan tahapan perancangan aplikasi, implementasi fitur keamanan, pengujian menggunakan Postman, dan analisis respons server terhadap berbagai skenario akses. Hasil menunjukkan bahwa sistem mampu menolak permintaan tidak sah, membatasi akses berlebihan, serta melindungi aplikasi dari serangan umum berbasis HTTP. Middleware keamanan yang diimplementasikan bekerja efektif secara sinergis tanpa menurunkan performa sistem secara signifikan. Dengan pendekatan yang sederhana dan dapat direplikasi, penelitian ini memberikan kontribusi praktis bagi pengembang dalam membangun aplikasi web yang aman. Hasil studi ini juga membuktikan bahwa kombinasi berbagai middleware keamanan dapat meningkatkan ketahanan endpoint terhadap berbagai jenis ancaman siber.
References
S. Serbout, A. El Malki, C. Pautasso, and U. Zdun, API Rate Limit Adoption – A pattern collection, vol. 1, no. 1. Association for Computing Machinery, 2023. doi: 10.1145/3628034.3628039.
S. Mosavi, C. Islam, M. A. Babar, S. Abuadbba, and K. Moore, “Detecting Misuse of Security APIs: A Systematic Review,” ACM Comput. Surv., vol. 1, no. 1, 2025, doi: 10.1145/3735968.
M. Amer and T. S. Sobh, “New Framework for Securing Web APIs Token-Based Authentication / Authorization with Auto Expire Auto Refresh (AEAR) Features,” Int. J. Comput. Appl., vol. 186, no. 25, pp. 8–14, 2024, doi: 10.5120/ijca2024923712.
ARAVINDA A KUMAR and Divya TL, “Security measures implemented in RESTful API Development,” Open Access Res. J. Eng. Technol., vol. 7, no. 1, pp. 105–112, 2024, doi: 10.53022/oarjet.2024.7.1.0042.
C. Liu, S. Chen, L. Fan, B. Chen, Y. Liu, and X. Peng, Demystifying the Vulnerability Propagation and Its Evolution via Dependency Trees in the NPM Ecosystem, vol. 2022-May, no. 1. Association for Computing Machinery, 2022. doi: 10.1145/3510003.3510142.
T. Al Rahat, Y. Feng, and Y. Tian, “Cerberus: Query-driven Scalable Vulnerability Detection in OAuth Service Provider Implementations,” Proc. ACM Conf. Comput. Commun. Secur., no. November, pp. 2459–2473, 2022, doi: 10.1145/3548606.3559381.
d R. B. ¯ e Algimantas Venčkauskas, Donatas Kukta, Šarunas Grigaliūnas, “Enhancing Microservices Security with Token-Based Access Control Method,” Sensors, 2023.
D. Berardi, S. Giallorenzo, A. Melis, M. Prandini, J. Mauro, and F. Montesi, “Microservice security: a systematic literature review,” PeerJ Comput. Sci., vol. 7, pp. 1–66, 2022, doi: 10.7717/PEERJ-CS.779.
M. Matias, E. Ferreira, N. Mateus-Coelho, O. Ribeiro, and L. Ferreira, “Evaluating Effectiveness and Security in Microservices Architecture,” Procedia Comput. Sci., vol. 237, pp. 626–636, 2024, doi: https://doi.org/10.1016/j.procs.2024.05.148.
A. Mishra and Y. I. Alzoubi, “Structured software development versus agile software development: a comparative analysis,” Int. J. Syst. Assur. Eng. Manag., vol. 14, no. 4, pp. 1504–1522, 2023, doi: 10.1007/s13198-023-01958-5.
J. G. Rivera Ibarra, G. Borrego, and R. R. Palacio, “Early Estimation in Agile Software Development Projects: A Systematic Mapping Study,” Informatics, vol. 11, no. 4, pp. 1–25, 2024, doi: 10.3390/informatics11040081.
O. Ethelbert, F. F. Moghaddam, P. Wieder, and R. Yahyapour, “A JSON token-based authentication and access management schema for cloud SaaS applications,” Proc. - 2017 IEEE 5th Int. Conf. Futur. Internet Things Cloud, FiCloud 2017, vol. 2017-Janua, pp. 47–53, 2017, doi: 10.1109/FiCloud.2017.29.
B. Chinthanet et al., “Code-Based Vulnerability Detection in Node.js Applications: How far are we?,” Proc. - 2020 35th IEEE/ACM Int. Conf. Autom. Softw. Eng. ASE 2020, pp. 1199–1203, 2020, doi: 10.1145/3324884.3421838.
D. Firmani, F. Leotta, and M. Mecella, “On computing throttling rate limits in web APIs through statistical inference,” Proc. - 2019 IEEE Int. Conf. Web Serv. ICWS 2019 - Part 2019 IEEE World Congr. Serv., no. October, pp. 418–425, 2019, doi: 10.1109/ICWS.2019.00075.
N. S. Filho, “Implementation and Challenges of CORS in Web Applications Developed with Csharp : A Technical and Practical Analysis,” no. September, 2024, doi: 10.5281/zenodo.13717167.
S. Serbout, A. Romanelli, and C. Pautasso, “ExpressO: From Express.js Implementation Code to OpenAPI Interface Descriptions,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 13928 LNCS, pp. 29–44, 2023, doi: 10.1007/978-3-031-36889-9_4.
S. Edirimannage, C. Elvitigala, A. K. K. Don, W. Daluwatta, P. Wijesekara, and I. Khalil, “Developers Are Victims Too : A Comprehensive Analysis of The VS Code Extension Ecosystem,” 2024, [Online]. Available: http://arxiv.org/abs/2411.07479
S. D. Sri, M. A. S, S. V. R, R. C. Raman, G. Rajagopal, and S. T. Chan, “Automating REST API Postman Test Cases Using LLM,” 2024, [Online]. Available: http://arxiv.org/abs/2404.10678
N. Soni, “Impact of performance on security : JWT Token Name : Neelakshi Soni,” 2024.
M. D. Network, “Securing APIs: Express rate limit and slow down.” Accessed: Jul. 08, 2025. [Online]. Available: https://developer.mozilla.org/en-US/blog/securing-apis-express-rate-limit-and-slow-down/
W. Wang, J. Wang, and W. Gao, “HODOR: Shrinking Attack Surface on Node.js via System Call Limitation”.
