The latest articles on Forem by ahmadasroni38 (@ahmadasroni38). https://forem.com/ahmadasroni38 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F649056%2Fe7493e8f-1f10-4d6e-b78e-20ea6e985f6c.jpg https://forem.com/ahmadasroni38 en ahmadasroni38 Mon, 09 Feb 2026 02:31:42 +0000 https://forem.com/ahmadasroni38/the-future-of-mobile-computing-435e https://forem.com/ahmadasroni38/the-future-of-mobile-computing-435e <h2> <strong>Introduction: The Phone in Your Pocket Is Just the Beginning</strong> </h2> <p>The mobile phone you carry today is <strong>not the final form</strong> of mobile computing. It is a <strong>transitional device</strong> — powerful, but temporary.</p> <p>In the last 15 years, mobile computing evolved from <strong>making calls</strong> to <strong>running our entire lives</strong>. The next 10 years will bring changes even more dramatic.</p> <p>As students, you need to understand not just <strong>how things work today</strong>, but <strong>where things are going</strong> — because you will be the engineers, designers, and entrepreneurs building that future.</p> <p>In this session, we explore <strong>five major trends</strong> shaping the future of mobile computing, supported by <strong>real examples</strong>, <strong>visual comparisons</strong>, and <strong>simple analogies</strong> that make complex ideas easy to grasp.</p> <blockquote> <p>"The best way to predict the future is to <strong>invent it</strong>."<br> — Alan Kay, Computer Scientist</p> </blockquote> <h3> <strong>The Mind-Blowing Starting Point</strong> </h3> <p>Before we look forward, let's appreciate how far we've come:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>Apollo 11 Computer (1969)</th> <th>Your Smartphone (2025)</th> </tr> </thead> <tbody> <tr> <td><strong>RAM</strong></td> <td>4 KB</td> <td>8–16 GB</td> </tr> <tr> <td><strong>Speed</strong></td> <td>0.043 MHz</td> <td>3+ GHz</td> </tr> <tr> <td><strong>Storage</strong></td> <td>72 KB</td> <td>256 GB+</td> </tr> <tr> <td><strong>Weight</strong></td> <td>32 kg</td> <td>200 grams</td> </tr> <tr> <td><strong>Cost</strong></td> <td>$150,000</td> <td>$200–1,000</td> </tr> </tbody> </table></div> <blockquote> <p>Your phone is <strong>100,000 times more powerful</strong> than the computer that landed humans on the Moon.</p> </blockquote> <p>That was 55 years ago. What will mobile look like in the <strong>next</strong> 10 years?</p> <h2> <strong>1. 5G and Beyond — Super-Fast Connectivity</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe363uikstedlnbxux2j3.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe363uikstedlnbxux2j3.jpg" alt="Image" width="800" height="1346"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Friudwkw5ju4l7n10hpvv.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Friudwkw5ju4l7n10hpvv.jpg" alt="Image" width="800" height="533"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb8jknwxmunxia5cllkhf.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb8jknwxmunxia5cllkhf.jpg" alt="Image" width="800" height="535"></a></p> <h3> <strong>What It Means</strong> </h3> <p>5G is the <strong>fifth generation</strong> of mobile networks — but it's not just "faster internet."</p> <p>5G brings <strong>three superpowers</strong>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Superpower</th> <th>What It Means</th> <th>Why It Matters</th> </tr> </thead> <tbody> <tr> <td>⚡ <strong>Speed</strong> </td> <td>Up to 20 Gbps (20x faster than 4G)</td> <td>Stream 8K video on your phone without buffering</td> </tr> <tr> <td>⏱️ <strong>Low Latency</strong> </td> <td>1ms delay (vs 50ms on 4G)</td> <td>Remote surgery, self-driving cars become possible</td> </tr> <tr> <td>📱 <strong>Massive Connections</strong> </td> <td>1 million devices per km²</td> <td>A stadium of 80,000 people — everyone connects</td> </tr> </tbody> </table></div> <blockquote> <p>On 4G, latency is a minor annoyance.<br> On 5G, latency becomes <strong>a matter of life and death</strong>.</p> </blockquote> <h3> <strong>Simple Example</strong> </h3> <p>Think of internet speed like <strong>downloading a 2-hour movie</strong>:</p> <ul> <li> <strong>3G</strong>: 26 hours (more than a full day!)</li> <li> <strong>4G</strong>: 6 minutes</li> <li> <strong>5G</strong>: 3.6 seconds</li> </ul> <p>But speed alone is not the point. The real game-changer is <strong>latency</strong> — the delay between action and response.</p> <p>Imagine you're playing an online game:</p> <ul> <li> <strong>4G latency (50ms)</strong>: You press "shoot" → small delay → character shoots</li> <li> <strong>5G latency (1ms)</strong>: You press "shoot" → <strong>instant</strong> response</li> </ul> <p>That 49 milliseconds doesn't matter much for gaming. But for:</p> <ul> <li>Remote surgery? It's <strong>life or death</strong> </li> <li>Self-driving cars? It's <strong>crash or safe</strong> </li> <li>VR experience? It's <strong>nausea or immersion</strong> </li> </ul> <h3> <strong>Real-World Illustration</strong> </h3> <p>Why does 5G matter in real life?</p> <p><strong>Remote Surgery</strong>: In China, a surgeon in Beijing operated on a patient <strong>3,000 km away</strong> using 5G and robotic arms. The delay? Only 2 milliseconds. The patient couldn't tell the doctor wasn't in the room.</p> <p><strong>Self-Driving Cars</strong>: A car traveling at 100 km/h needs to make instant decisions.</p> <ul> <li>On 4G (50ms delay) → the car travels <strong>1.4 meters blind</strong> before reacting</li> <li>On 5G (1ms delay) → the car travels only <strong>3 centimeters</strong> before reacting</li> </ul> <p>That's the difference between a safe stop and a collision.</p> <p><strong>Cloud Gaming</strong>: Services like Xbox Cloud Gaming and NVIDIA GeForce NOW stream high-end games to your phone. No expensive hardware needed. The game runs on a powerful server and the video streams to you. Like <strong>Netflix, but for gaming</strong>.</p> <h3> <strong>What Comes After 5G?</strong> </h3> <p><strong>6G</strong> is expected around <strong>2030</strong>:</p> <ul> <li>Speed: up to 1,000 Gbps (50x faster than 5G)</li> <li>Latency: 0.1 milliseconds</li> <li>AI-native network</li> <li> <strong>Holographic communication</strong> — 3D images of people projected in your room</li> <li>Satellite internet everywhere</li> </ul> <blockquote> <p>Imagine video calling someone — not on a flat screen, but as a <strong>3D hologram standing in your room</strong>. Like Star Wars, but real.</p> </blockquote> <h3> <strong>Academic Framing</strong> </h3> <p>This topic connects to:</p> <ul> <li> <strong>Network Architecture &amp; Protocols</strong> (how mobile networks are designed)</li> <li> <strong>Edge Computing</strong> (processing data closer to users, not in distant servers)</li> <li> <strong>Quality of Service (QoS)</strong> in real-time distributed systems</li> <li> <strong>Wireless Communication Theory</strong> (spectrum, bandwidth, signal propagation)</li> </ul> <h3> <strong>Teaching Hook for Students</strong> </h3> <p>Ask students:</p> <blockquote> <p>"If latency becomes essentially ZERO, what new application becomes possible that is <strong>impossible</strong> today?"</p> </blockquote> <p>That question trains <strong>creative systems thinking</strong>.</p> <h2> <strong>2. AI on Mobile — Your Phone Gets a Brain</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5zolvkaznqv70mxub0ak.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5zolvkaznqv70mxub0ak.jpg" alt="Image" width="800" height="376"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fslimbook.com%2Fweb%2Fimage%2F166042%2Finfograf%25C3%25ADa_CPUs%2520AI%2520NPU_2.png%3Faccess_token%3Dd4facd0a-9917-4d81-b846-a9e8faaaf529" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fslimbook.com%2Fweb%2Fimage%2F166042%2Finfograf%25C3%25ADa_CPUs%2520AI%2520NPU_2.png%3Faccess_token%3Dd4facd0a-9917-4d81-b846-a9e8faaaf529" alt="Image" width="1500" height="843"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhvgwqepf5jhcvc639so0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhvgwqepf5jhcvc639so0.png" alt="Image" width="800" height="533"></a></p> <h3> <strong>What It Means</strong> </h3> <p>AI is already <strong>everywhere</strong> in your phone — you just don't notice it because it works so well:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>What's Actually Happening</th> </tr> </thead> <tbody> <tr> <td>📸 Portrait mode</td> <td>AI separates you from the background and blurs it</td> </tr> <tr> <td>⌨️ Autocorrect</td> <td>AI predicts your next word based on patterns</td> </tr> <tr> <td>🗺️ "Fastest route"</td> <td>AI analyzes real-time traffic from millions of drivers</td> </tr> <tr> <td>🔒 Face ID</td> <td>AI maps and recognizes YOUR unique face</td> </tr> <tr> <td>📞 Spam detection</td> <td>AI filters suspicious calls and messages</td> </tr> </tbody> </table></div> <p>The big shift now is <strong>WHERE</strong> that AI runs.</p> <h3> <strong>Simple Example: Cloud AI vs On-Device AI</strong> </h3> <p><strong>Before (Cloud AI):</strong></p> <p>You take a photo of a flower → Phone sends image to Google's server via internet → Server processes it → Sends answer back → "It's a sunflower!" ⏱️ 2–3 seconds</p> <p>Problems:</p> <ul> <li>Needs internet (what if you have no signal?)</li> <li>Slow (round trip to server and back)</li> <li>Privacy risk (your photo goes to someone else's server)</li> </ul> <p><strong>Now (On-Device AI):</strong></p> <p>You take a photo → Phone's <strong>NPU (Neural Processing Unit)</strong> processes it locally → "It's a sunflower!" ⏱️ 0.1 seconds</p> <p>Benefits:</p> <ul> <li>No internet needed</li> <li>Much faster</li> <li>Completely private — data never leaves your phone</li> </ul> <blockquote> <p>Think of it this way:</p> <p><strong>Cloud AI</strong> = Calling a friend for every answer (slow, needs connection)</p> <p><strong>On-Device AI</strong> = Having the knowledge in your own brain (fast, private)</p> </blockquote> <h3> <strong>Real-World Illustration</strong> </h3> <p><strong>How your camera actually works:</strong></p> <p>You point your camera at a sunset. You press the button. In <strong>0.5 seconds</strong>:</p> <ol> <li>Camera takes <strong>9 photos</strong> at different brightness levels</li> <li>AI chip analyzes all 9 photos</li> <li>AI <strong>combines the best parts</strong> of each photo</li> <li>AI enhances colors, sharpness, and contrast</li> <li>You get <strong>ONE perfect photo</strong> </li> </ol> <p>All of this happens on your phone. No internet. No cloud. Just the AI chip.</p> <blockquote> <p>You think you're a good photographer.<br> Actually... your phone's AI is. 😄</p> </blockquote> <h3> <strong>Where Is Mobile AI Going?</strong> </h3> <p><strong>Today</strong>: You talk TO your phone.<br> "Hey Google, set an alarm for 7 AM." → Done.</p> <p><strong>Near future</strong>: Your phone talks to YOU.</p> <p>Imagine: You have a meeting at 9 AM tomorrow.</p> <ul> <li>Your phone checks traffic → sets alarm at 7:15 (traffic is light)</li> <li>Pre-orders your usual coffee from the nearby cafe</li> <li>Checks weather → reminds you to bring an umbrella</li> </ul> <p><strong>You didn't ask for any of this.</strong> Your phone just... KNEW.</p> <p>This is called <strong>proactive AI</strong> or <strong>context-aware AI</strong> — instead of you telling the phone what to do, the phone anticipates what you NEED.</p> <blockquote> <p>"The best interface is <strong>NO interface</strong>."<br> — Golden Krishna, UX Designer</p> </blockquote> <h3> <strong>Design Implication</strong> </h3> <p>On-device AI changes how we build apps:</p> <p>✔ Design for <strong>intelligence</strong> — apps should anticipate, not just respond<br> ✔ Consider <strong>offline AI</strong> — not all users have stable internet<br> ✔ Balance <strong>personalization vs privacy</strong> — more data = smarter AI, but also more risk<br> ✔ Optimize for <strong>NPU chips</strong> — AI models must be small enough to run on limited hardware</p> <h3> <strong>Academic Framing</strong> </h3> <p>This connects to:</p> <ul> <li> <strong>Machine Learning Model Optimization</strong> (quantization, pruning, distillation)</li> <li> <strong>Edge Computing vs Cloud Computing</strong> trade-offs</li> <li> <strong>Privacy by Design</strong> principles</li> <li> <strong>TinyML</strong> — Machine Learning for resource-constrained devices</li> <li> <strong>Human-Computer Interaction (HCI)</strong> — proactive vs reactive interfaces</li> </ul> <h3> <strong>Teaching Hook for Students</strong> </h3> <p>Ask students:</p> <blockquote> <p>"If your phone's AI could learn everything about your habits, is that <strong>helpful</strong> or <strong>scary</strong>? Where should the line be?"</p> </blockquote> <p>That question trains <strong>ethical thinking about AI</strong>.</p> <h2> <strong>3. Foldables and Wearables — New Shapes, New Possibilities</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fazh4sl88q3dx8qygfgzf.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fazh4sl88q3dx8qygfgzf.jpg" alt="Image" width="800" height="520"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7adr3odgvt4n0i6jjwll.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7adr3odgvt4n0i6jjwll.jpg" alt="Image" width="800" height="450"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyvric6ucmyymml5o3f2x.webp" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyvric6ucmyymml5o3f2x.webp" alt="Image" width="550" height="550"></a></p> <h3> <strong>What It Means</strong> </h3> <p>For 15 years, phones have been getting <strong>BIGGER</strong> — from 3.5 inches to nearly 7 inches.</p> <p>The reason is obvious: we want big screens for content — videos, games, reading, multitasking.</p> <p>But here's the <strong>conflict</strong>:</p> <blockquote> <p>We want <strong>BIG screens</strong> for content.<br> We want <strong>SMALL phones</strong> for portability.</p> </blockquote> <p><strong>Foldable phones solve both problems.</strong></p> <h3> <strong>Simple Example</strong> </h3> <p><strong>Samsung Galaxy Z Fold:</strong></p> <ul> <li> <strong>Closed</strong>: Normal phone (6.2" screen) — fits in your pocket ✔</li> <li> <strong>Open</strong>: Mini tablet (7.6" screen) — great for content ✔</li> </ul> <p><strong>Samsung Galaxy Z TriFold (2025):</strong></p> <ul> <li> <strong>Closed</strong>: Regular 6.5" phone</li> <li> <strong>Fully open</strong>: 10" tablet — the largest screen ever on a Galaxy phone</li> <li>Only <strong>3.9mm thin</strong> at its thinnest point</li> <li>Runs 3 apps simultaneously side-by-side</li> <li>Supports Samsung DeX for desktop-like experience</li> </ul> <blockquote> <p>One device. Multiple form factors. Zero compromise.</p> </blockquote> <h3> <strong>Real-World Illustration: Impact on Development</strong> </h3> <p>Foldable screens create <strong>new challenges for developers</strong>:</p> <p>Your app must work in <strong>BOTH modes</strong> — phone layout AND tablet layout.</p> <p>When the user folds or unfolds the phone, your app must:</p> <ul> <li> <strong>Instantly switch</strong> layouts</li> <li> <strong>Not crash</strong> during transition</li> <li> <strong>Not lose data</strong> during the change</li> <li>Handle the <strong>screen crease</strong> at the fold point</li> </ul> <p>Remember last week's challenge about <strong>device fragmentation</strong>? Foldables make it even more complex.</p> <blockquote> <p>"It works on my phone" was never an acceptable conclusion.<br> With foldables, it's even LESS acceptable.</p> </blockquote> <h3> <strong>Beyond Phones: Wearable Computing</strong> </h3> <p>The future of mobile computing is not just about phones. Computing is moving <strong>from your pocket to your body</strong>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Device</th> <th>What It Does</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td>⌚ <strong>Smart Watch</strong> </td> <td>Heart rate, steps, messages, payments</td> <td>Apple Watch, Galaxy Watch</td> </tr> <tr> <td>👓 <strong>Smart Glasses</strong> </td> <td>Navigation, translation, AR overlay, recording</td> <td>Meta Ray-Ban, Apple Vision Pro</td> </tr> <tr> <td>💍 <strong>Smart Ring</strong> </td> <td>Sleep tracking, health data, NFC payment</td> <td>Samsung Galaxy Ring</td> </tr> <tr> <td>🎧 <strong>Smart Earbuds</strong> </td> <td>Real-time translation, AI assistant, noise control</td> <td>Google Pixel Buds, AirPods Pro</td> </tr> <tr> <td>🩹 <strong>Smart Patches</strong> </td> <td>Blood sugar monitoring, medicine delivery (future)</td> <td>Dexcom G7, Abbott Libre</td> </tr> </tbody> </table></div> <blockquote> <p>"The phone might not disappear — but it will <strong>share its job</strong> with many devices on your body."</p> </blockquote> <h3> <strong>Design Implication</strong> </h3> <p>Designing for wearables requires different thinking:</p> <p>✔ <strong>Micro-interactions</strong> — screen is tiny, interactions must be ultra-simple<br> ✔ <strong>Glanceable information</strong> — users look for 2–3 seconds, not 30<br> ✔ <strong>Context-first design</strong> — show only what matters RIGHT NOW<br> ✔ <strong>Battery awareness</strong> — wearable batteries are even smaller than phones<br> ✔ <strong>Multi-device continuity</strong> — start task on watch, continue on phone, finish on tablet</p> <h3> <strong>Academic Framing</strong> </h3> <p>This connects to:</p> <ul> <li> <strong>Responsive &amp; Adaptive UI Design</strong> across dynamic form factors</li> <li> <strong>Ubiquitous Computing</strong> (Mark Weiser's vision — computing that disappears into the environment)</li> <li> <strong>Multi-device UX Design</strong> and continuity frameworks</li> <li> <strong>Wearable Sensor Technology</strong> and health informatics</li> <li> <strong>Human Factors Engineering</strong> — designing for body-worn devices</li> </ul> <h3> <strong>Teaching Hook for Students</strong> </h3> <p>Ask students:</p> <blockquote> <p>"If computing moves from your phone to your body, do you even NEED a phone anymore? What's the <strong>minimum device</strong> you could live with?"</p> </blockquote> <p>That question trains <strong>platform-independent design thinking</strong>.</p> <h2> <strong>4. AR and VR on Mobile — Mixing Real and Digital</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdxnpfs8tfn9wc1bjmbwi.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdxnpfs8tfn9wc1bjmbwi.jpg" alt="Image" width="800" height="450"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlul8uojtwhkn14jjgu4.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlul8uojtwhkn14jjgu4.jpg" alt="Image" width="800" height="531"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.researchgate.net%2Fpublication%2F370380136%2Ffigure%2Ffig3%2FAS%253A11431281154328536%25401682772283035%2FComparison-between-AR-and-VR.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.researchgate.net%2Fpublication%2F370380136%2Ffigure%2Ffig3%2FAS%253A11431281154328536%25401682772283035%2FComparison-between-AR-and-VR.jpg" alt="Image" width="588" height="302"></a></p> <h3> <strong>What It Means</strong> </h3> <p>Two technologies are merging the real and digital worlds:</p> <p><strong>AR (Augmented Reality)</strong> = Real world + digital objects <strong>added on top</strong></p> <blockquote> <p>You see your real room through your phone camera... and there's a virtual sofa in the corner. You can walk around it. Change its color. But it's not real.</p> <p>Example: Pokémon GO, IKEA Place app</p> </blockquote> <p><strong>VR (Virtual Reality)</strong> = Completely digital world (real world <strong>blocked</strong>)</p> <blockquote> <p>You put on a headset. Suddenly you're standing on top of Mount Everest. You look around — 360 degrees of snow and sky. Nothing is real. Everything is digital.</p> <p>Example: Meta Quest, PlayStation VR</p> </blockquote> <h3> <strong>Simple Example: AR You Can Try Right Now</strong> </h3> <p>AR is not science fiction. It's on your phone <strong>today</strong>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>App</th> <th>What It Does</th> </tr> </thead> <tbody> <tr> <td><strong>IKEA Place</strong></td> <td>Place virtual furniture in your real room before buying</td> </tr> <tr> <td><strong>Apple Measure</strong></td> <td>Point your phone at a table → AR measures it. No ruler needed</td> </tr> <tr> <td><strong>Google Translate</strong></td> <td>Point camera at Japanese text → it transforms to English <strong>on screen, in real-time</strong> </td> </tr> <tr> <td><strong>Google Maps Live View</strong></td> <td>Giant arrows appear <strong>on the real street</strong> showing you where to walk</td> </tr> </tbody> </table></div> <p>These are simple but powerful examples of AR <strong>already integrated</strong> into daily life through mobile devices.</p> <h3> <strong>Real-World Illustration: The Future of AR</strong> </h3> <p>Some experts believe that in 10–15 years, <strong>we won't carry phones anymore</strong>. Instead, we'll wear <strong>lightweight AR glasses</strong> that look like normal glasses.</p> <p>Imagine your day:</p> <ul> <li>You look at your desk → <strong>emails float</strong> in the air next to your coffee cup</li> <li>You walk outside → <strong>navigation arrows</strong> appear on the road ahead</li> <li>You meet someone at a conference → their <strong>name tag floats</strong> above their head</li> <li>You sit at work → your <strong>dashboard appears</strong> on your desk, as big as you want</li> </ul> <p>No phone to pull out. No screen. The digital world and the real world become <strong>one</strong>.</p> <p><strong>Apple Vision Pro</strong> ($3,499, 2024) is the first step. It's big and expensive.</p> <p>But remember — the first mobile phones were also big and expensive. And look where we are now.</p> <h3> <strong>AR in Education</strong> </h3> <p>AR is transforming how students learn:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Subject</th> <th>Traditional Approach</th> <th>With AR</th> </tr> </thead> <tbody> <tr> <td><strong>Biology</strong></td> <td>Read about the heart in a textbook</td> <td> <strong>Walk inside</strong> a 3D beating heart</td> </tr> <tr> <td><strong>History</strong></td> <td>Look at photos of ancient Rome</td> <td> <strong>Stand in</strong> the Colosseum and look around</td> </tr> <tr> <td><strong>Chemistry</strong></td> <td>See 2D diagrams of molecules</td> <td> <strong>Pick up and rotate</strong> 3D molecular structures</td> </tr> <tr> <td><strong>Geography</strong></td> <td>Study flat maps</td> <td> <strong>Explore</strong> a 3D globe with terrain and data layers</td> </tr> </tbody> </table></div> <blockquote> <p>"AR meets learners right where they are, catering to a diversity of styles and needs to ensure every child is reached."</p> </blockquote> <h3> <strong>Design Implication</strong> </h3> <p>Designing for AR/VR requires new thinking:</p> <p>✔ <strong>Spatial UI Design</strong> — interfaces exist in 3D space, not flat screens<br> ✔ <strong>Comfort &amp; Safety</strong> — long AR/VR sessions cause eye strain and motion sickness<br> ✔ <strong>Real-world context</strong> — AR apps must understand physical environments (lighting, surfaces, obstacles)<br> ✔ <strong>New input methods</strong> — hand gestures, eye tracking, voice commands (no touchscreen!)<br> ✔ <strong>Privacy concerns</strong> — AR glasses with cameras raise serious surveillance questions</p> <h3> <strong>Academic Framing</strong> </h3> <p>This connects to:</p> <ul> <li> <strong>Spatial Computing</strong> and 3D interaction design</li> <li> <strong>Computer Vision</strong> — how devices "see" and understand the real world</li> <li> <strong>Presence Theory</strong> — the psychological sense of "being there" in virtual environments</li> <li> <strong>Mixed Reality (MR) Continuum</strong> (Milgram &amp; Kishino, 1994) — the spectrum from fully real to fully virtual</li> <li> <strong>Constructivist Learning Theory</strong> — learning by doing and experiencing</li> </ul> <h3> <strong>Teaching Hook for Students</strong> </h3> <p>Ask students:</p> <blockquote> <p>"Would you give up your phone for AR glasses? What would you <strong>gain</strong>? What would you <strong>lose</strong>?"</p> </blockquote> <p>That question forces students to think about <strong>trade-offs in technology adoption</strong>.</p> <h2> <strong>5. IoT — Your Phone as the Remote Control for Everything</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.researchgate.net%2Fpublication%2F325516236%2Ffigure%2Ffig1%2FAS%253A745546511835136%25401554763548064%2FThe-concept-of-the-Wireless-Home-Automation-System-WHAS-using-IoT-Source-2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.researchgate.net%2Fpublication%2F325516236%2Ffigure%2Ffig1%2FAS%253A745546511835136%25401554763548064%2FThe-concept-of-the-Wireless-Home-Automation-System-WHAS-using-IoT-Source-2.png" alt="Image" width="753" height="552"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.mdpi.com%2FIoT%2FIoT-03-00022%2Farticle_deploy%2Fhtml%2Fimages%2FIoT-03-00022-g013.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fwww.mdpi.com%2FIoT%2FIoT-03-00022%2Farticle_deploy%2Fhtml%2Fimages%2FIoT-03-00022-g013.png" alt="Image" width="800" height="562"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb1osyp9l85td46q79b9t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb1osyp9l85td46q79b9t.png" alt="Image" width="800" height="450"></a></p> <h3> <strong>What It Means</strong> </h3> <p><strong>IoT</strong> = Internet of Things</p> <p>Very simple: take <strong>everyday objects</strong> — lamp, thermostat, door lock, TV — and connect them to the internet.</p> <p><strong>Before IoT</strong>: A lamp is just a lamp. Flip the switch. ON or OFF. That's it.</p> <p><strong>With IoT</strong>: A smart lamp. Control it from your phone. Any color. Any brightness. Scheduled on and off. Responds to voice commands. Turns off automatically when you leave the room.</p> <blockquote> <p>Your phone becomes the <strong>remote control for everything</strong> in your life.</p> </blockquote> <h3> <strong>Simple Example: A Day in a Smart Home (2028)</strong> </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Time</th> <th>What Happens</th> </tr> </thead> <tbody> <tr> <td>⏰ <strong>6:30 AM</strong> </td> <td>Smart alarm detects you're in <strong>light sleep</strong> → wakes you at the perfect moment</td> </tr> <tr> <td>☀️ <strong>6:31 AM</strong> </td> <td>Smart blinds open slowly → natural sunlight fills the room</td> </tr> <tr> <td>☕ <strong>6:32 AM</strong> </td> <td>Coffee machine starts automatically → ready when you reach the kitchen</td> </tr> <tr> <td>🚿 <strong>7:00 AM</strong> </td> <td>Smart mirror shows weather, calendar, news. Shower heats to YOUR temperature</td> </tr> <tr> <td>🚗 <strong>7:30 AM</strong> </td> <td>Smart car pre-cools based on weather. Phone shows fastest route. Door locks automatically</td> </tr> <tr> <td>🏠 <strong>6:00 PM</strong> </td> <td>Phone detects you're 10 min from home → AC turns on, lights turn on</td> </tr> <tr> <td>🌙 <strong>10:00 PM</strong> </td> <td>You say "Good night" → lights off, doors locked, alarm set, temperature adjusted</td> </tr> </tbody> </table></div> <p><strong>One voice command. Everything responds.</strong></p> <h3> <strong>Real-World Illustration: The Numbers</strong> </h3> <p>The scale of IoT is staggering:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Year</th> <th>Connected Devices Worldwide</th> </tr> </thead> <tbody> <tr> <td>2015</td> <td>15 billion</td> </tr> <tr> <td>2020</td> <td>30 billion</td> </tr> <tr> <td>2025</td> <td>75 billion</td> </tr> <tr> <td>2030</td> <td><strong>125 billion</strong></td> </tr> </tbody> </table></div> <p>By 2030, there will be approximately <strong>15 connected devices for every person on Earth</strong>.</p> <p>What does this mean for mobile computing students?</p> <ul> <li>More apps to build</li> <li>More platforms to develop for</li> <li>More problems to solve</li> <li><strong>More job opportunities</strong></li> </ul> <blockquote> <p>The future of mobile is NOT just phones. It's <strong>everything</strong>.</p> </blockquote> <h3> <strong>Design Implication</strong> </h3> <p>IoT changes how we design mobile experiences:</p> <p>✔ <strong>Multi-device orchestration</strong> — your app controls many devices, not just one screen<br> ✔ <strong>Ambient interfaces</strong> — interaction through voice, sensors, automation — not just tapping<br> ✔ <strong>Network reliability</strong> — what happens when one device loses connection?<br> ✔ <strong>Security at scale</strong> — 15 devices per person = 15 potential entry points for hackers<br> ✔ <strong>Interoperability</strong> — devices from different manufacturers must work together (Matter protocol)</p> <h3> <strong>Academic Framing</strong> </h3> <p>This connects to:</p> <ul> <li> <strong>Distributed Systems</strong> — many devices working together</li> <li> <strong>Embedded Systems Programming</strong> — code that runs on small, resource-constrained devices</li> <li> <strong>Network Security</strong> — securing devices with limited processing power</li> <li> <strong>Cyber-Physical Systems (CPS)</strong> — the bridge between digital computing and the physical world</li> <li> <strong>Systems Architecture</strong> — designing systems that scale to billions of connected devices</li> </ul> <h3> <strong>Teaching Hook for Students</strong> </h3> <p>Ask students:</p> <blockquote> <p>"If every object in your room could connect to the internet — your chair, your lamp, your door, your mirror — which ONE would you make smart first? Why?"</p> </blockquote> <p>That question trains <strong>prioritization and user-centered design thinking</strong>.</p> <h2> <strong>Conclusion: The Connected Future</strong> </h2> <p>These five trends do not work <strong>alone</strong>. They work <strong>together</strong>.</p> <p>Consider this scenario:</p> <blockquote> <p>A doctor wears <strong>AR glasses</strong> (Trend 4).<br> The glasses use <strong>AI</strong> (Trend 2) to highlight a tumor during surgery.<br> The surgery data streams over <strong>5G</strong> (Trend 1) to a specialist 1,000 km away.<br> The specialist watches on their <strong>foldable tablet</strong> (Trend 3).<br> All medical instruments are <strong>IoT-connected</strong> (Trend 5), sharing real-time data.</p> <p><strong>All five trends — working together — saving a life.</strong></p> </blockquote> <h3> <strong>What This Means For You As Students</strong> </h3> <p>The mobile developer of the future needs new skills:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Skill</th> <th>Why It Matters</th> </tr> </thead> <tbody> <tr> <td><strong>Cross-platform development</strong></td> <td>Build for phone + watch + glasses + car</td> </tr> <tr> <td><strong>AI/ML integration</strong></td> <td>Make apps intelligent, not just functional</td> </tr> <tr> <td><strong>Responsive &amp; adaptive design</strong></td> <td>Phone → tablet → foldable → watch → glasses</td> </tr> <tr> <td><strong>Privacy &amp; security</strong></td> <td>More devices = more data = more risk</td> </tr> <tr> <td><strong>UX for new interfaces</strong></td> <td>Voice, gesture, gaze — beyond touch</td> </tr> </tbody> </table></div> <blockquote> <p>"The mobile developer of the future is NOT just an app developer.<br> They are a <strong>connected experience designer</strong>."</p> </blockquote> <h3> <strong>The Mobile Designer's Mindset</strong> </h3> <p>Good mobile design — today and in the future — is about:</p> <ul> <li> <strong>Constraints</strong> — every device has limitations; design within them</li> <li> <strong>Empathy</strong> — understand real users in real contexts</li> <li> <strong>Trade-offs</strong> — there's never a perfect solution, only the best balance</li> <li> <strong>Adaptability</strong> — technologies change fast; principles endure</li> </ul> <p>A good mobile designer always asks:</p> <blockquote> <p>"What is the <strong>minimum</strong> needed for the user to succeed?"</p> </blockquote> <h3> <strong>Key Vocabulary Summary</strong> </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Term</th> <th>Simple Explanation</th> </tr> </thead> <tbody> <tr> <td><strong>5G</strong></td> <td>Fifth generation mobile network — very fast, very low delay</td> </tr> <tr> <td><strong>6G</strong></td> <td>Sixth generation (expected ~2030) — holographic, AI-native</td> </tr> <tr> <td><strong>Latency</strong></td> <td>The delay between an action and its response</td> </tr> <tr> <td><strong>NPU</strong></td> <td>Neural Processing Unit — AI chip inside your phone</td> </tr> <tr> <td><strong>On-Device AI</strong></td> <td>AI that runs on your phone, not on a distant server</td> </tr> <tr> <td><strong>Proactive AI</strong></td> <td>AI that acts without you asking</td> </tr> <tr> <td><strong>Foldable Phone</strong></td> <td>Phone with a flexible screen that bends to become larger</td> </tr> <tr> <td><strong>Wearable</strong></td> <td>Computing device you wear on your body</td> </tr> <tr> <td><strong>AR</strong></td> <td>Augmented Reality — real world + digital objects added</td> </tr> <tr> <td><strong>VR</strong></td> <td>Virtual Reality — completely digital, immersive world</td> </tr> <tr> <td><strong>IoT</strong></td> <td>Internet of Things — everyday objects connected to internet</td> </tr> <tr> <td><strong>Cloud Gaming</strong></td> <td>Games running on remote servers, streamed to your phone</td> </tr> <tr> <td><strong>Smart Home</strong></td> <td>House with IoT-connected, automated devices</td> </tr> <tr> <td><strong>Edge Computing</strong></td> <td>Processing data near the user instead of in distant data centers</td> </tr> </tbody> </table></div> computerscience learning mobile softwareengineering ahmadasroni38 Sun, 01 Feb 2026 23:31:47 +0000 https://forem.com/ahmadasroni38/challenges-for-design-in-mobile-computing-236e https://forem.com/ahmadasroni38/challenges-for-design-in-mobile-computing-236e <h3> <em>Bridging Theory, Practice, and Real-World Constraints</em> </h3> <h2> <strong>Introduction: Why Mobile Design Is Different (and Harder)</strong> </h2> <p>Designing for mobile computing is <strong>not simply shrinking desktop applications</strong> into smaller screens. Mobile devices live in a world of <strong>constraints</strong>—physical, technical, contextual, and human.</p> <p>As practitioners, we deal with <strong>real users</strong>, <strong>real devices</strong>, and <strong>real limitations</strong>.<br> As academics, we seek <strong>general principles</strong>, <strong>design frameworks</strong>, and <strong>repeatable knowledge</strong>.</p> <p>Mobile computing sits at the intersection of both worlds.</p> <p>In this session, we will explore <strong>five fundamental challenges in mobile design</strong>, supported by <strong>simple, relatable examples</strong> and <strong>strong visual imagination</strong>, so students can <em>feel</em> the problem—not just memorize it.</p> <h2> <strong>1. Limited Screen Real Estate</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0rlrdmkemz4t7870ph2v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0rlrdmkemz4t7870ph2v.png" alt="Image" width="647" height="392"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyfmo92op0f3fgwc69gmy.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyfmo92op0f3fgwc69gmy.jpg" alt="Image" width="800" height="682"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyfkdqfrcdpznfbgpqdvu.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyfkdqfrcdpznfbgpqdvu.jpg" alt="Image" width="800" height="2000"></a></p> <h3> <strong>What It Means</strong> </h3> <p>Mobile screens are <strong>small, narrow, and vertically constrained</strong>.<br> Unlike desktops, <strong>every pixel matters</strong>.</p> <blockquote> <p>On mobile, design is not about adding features.<br> It’s about <strong>deciding what to remove</strong>.</p> </blockquote> <h3> <strong>Simple Example</strong> </h3> <p>Imagine you want to design:</p> <ul> <li>A <strong>hospital information system</strong> </li> <li>Or a <strong>campus asset management app</strong> </li> </ul> <p>On desktop, you might show:</p> <ul> <li>Name</li> <li>ID</li> <li>Location</li> <li>Status</li> <li>Last Update</li> <li>Action Buttons</li> </ul> <p>On mobile?</p> <p>If you show everything:</p> <ul> <li>Text becomes tiny</li> <li>Buttons overlap</li> <li>Users misclick</li> </ul> <p>Result: <strong>bad usability, frustrated users</strong></p> <h3> <strong>Real-World Illustration</strong> </h3> <p>Think of <strong>Google Maps</strong> on mobile:</p> <ul> <li>It does <strong>not</strong> show all controls at once</li> <li>Buttons appear <strong>only when needed</strong> </li> <li>Information is layered, not dumped</li> </ul> <p>This is called:<br> 👉 <strong>Progressive Disclosure</strong></p> <h3> <strong>Design Principles</strong> </h3> <p>✔ Prioritize <strong>primary tasks</strong><br> ✔ Hide secondary information<br> ✔ Use:</p> <ul> <li>Cards</li> <li>Bottom sheets</li> <li>Tabs</li> <li>Collapsible sections</li> </ul> <h3> <strong>Teaching Hook for Students</strong> </h3> <p>Ask students:</p> <blockquote> <p>“If your app had only <strong>one screen</strong>, what MUST be there?”</p> </blockquote> <p>That question trains <strong>design discipline</strong>.</p> <h2> <strong>2. Varied Input Modalities</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fizhug0pfn3s63g5s9lvi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fizhug0pfn3s63g5s9lvi.png" alt="Image" width="800" height="800"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3fq0kw9slf5npfc20kk3.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3fq0kw9slf5npfc20kk3.jpeg" alt="Image" width="800" height="570"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcl18c7vmopy4frzt7h2s.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcl18c7vmopy4frzt7h2s.gif" alt="Image" width="615" height="346"></a></p> <h3> <strong>What It Means</strong> </h3> <p>Mobile users interact through:</p> <ul> <li>Touch (tap, swipe, long press)</li> <li>Voice</li> <li>Motion (tilt, shake)</li> <li>Sensors (camera, GPS, fingerprint)</li> </ul> <p>Unlike desktop:<br> ❌ No mouse<br> ❌ No physical keyboard (most of the time)</p> <h3> <strong>Simple Example</strong> </h3> <p>Login form on desktop:</p> <ul> <li>Username</li> <li>Password</li> <li>Captcha</li> <li>Submit</li> </ul> <p>On mobile:</p> <ul> <li>Keyboard covers half the screen</li> <li>Typing is slow</li> <li>Users make more errors</li> </ul> <p>That’s why modern mobile apps use:</p> <ul> <li>Face ID / Fingerprint</li> <li>OTP auto-fill</li> <li>“Continue with Google”</li> </ul> <h3> <strong>Everyday Illustration</strong> </h3> <p>Why does WhatsApp:</p> <ul> <li>Support <strong>voice messages</strong> </li> <li>Support <strong>swipe to reply</strong> </li> <li>Support <strong>hold-to-record</strong> </li> </ul> <p>Because <strong>typing is not always convenient</strong>:</p> <ul> <li>Walking</li> <li>Riding a motorbike (dangerous, but real)</li> <li>Holding groceries</li> </ul> <h3> <strong>Design Insight</strong> </h3> <p>Mobile input is:</p> <ul> <li>Imprecise</li> <li>Context-dependent</li> <li>Error-prone</li> </ul> <p>So good mobile design:<br> ✔ Minimizes typing<br> ✔ Uses gestures carefully<br> ✔ Provides large touch targets</p> <h3> <strong>Academic Framing</strong> </h3> <p>This aligns with:</p> <ul> <li><strong>Human-Computer Interaction (HCI)</strong></li> <li><strong>Fitts’s Law</strong></li> <li><strong>Cognitive Load Theory</strong></li> </ul> <h2> <strong>3. Diverse Usage Contexts</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fen.horus-x.com%2Fcdn%2Fshop%2Farticles%2FFemme_utilisant_un_telephone_portable_femme_portant_des_lunettes_de_soleil_Horus_X_b62ca2b5-d4ba-4bea-ba26-f5527b125450.jpg%3Fv%3D1710831567%26width%3D1200" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fen.horus-x.com%2Fcdn%2Fshop%2Farticles%2FFemme_utilisant_un_telephone_portable_femme_portant_des_lunettes_de_soleil_Horus_X_b62ca2b5-d4ba-4bea-ba26-f5527b125450.jpg%3Fv%3D1710831567%26width%3D1200" alt="Image" width="1200" height="675"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7dxcok1sqdg3s2yvgnof.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7dxcok1sqdg3s2yvgnof.jpg" alt="Image" width="800" height="450"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flmjg76sl86jm8darqjxp.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flmjg76sl86jm8darqjxp.jpg" alt="Image" width="612" height="408"></a></p> <h3> <strong>What It Means</strong> </h3> <p>Mobile apps are used:</p> <ul> <li>Indoors</li> <li>Outdoors</li> <li>While moving</li> <li>Under sunlight</li> <li>In noisy environments</li> </ul> <p>Unlike desktop apps:<br> ❌ No controlled environment</p> <h3> <strong>Simple Example</strong> </h3> <p>An app with:</p> <ul> <li>Light gray text</li> <li>Thin fonts</li> <li>Small icons</li> </ul> <p>Looks beautiful in:<br> ✔ Office<br> ✔ Night</p> <p>But becomes <strong>unusable</strong> under:<br> ☀️ Sunlight</p> <h3> <strong>Real-Life Illustration</strong> </h3> <p>Why does <strong>Gojek / Grab</strong> use:</p> <ul> <li>High contrast colors</li> <li>Big buttons</li> <li>Simple layouts</li> </ul> <p>Because drivers:</p> <ul> <li>Are moving</li> <li>Need quick interaction</li> <li>Cannot focus long</li> </ul> <h3> <strong>Design Implication</strong> </h3> <p>Mobile design must consider:<br> ✔ Lighting<br> ✔ Movement<br> ✔ Interruptions<br> ✔ One-handed use</p> <p>Good design answers:</p> <blockquote> <p>“What if the user is distracted?”</p> </blockquote> <h3> <strong>Teaching Moment</strong> </h3> <p>Ask students:</p> <blockquote> <p>“Where will this app be used? Sitting? Standing? Moving?”</p> </blockquote> <p>That question separates <strong>academic design</strong> from <strong>real-world design</strong>.</p> <h2> <strong>4. Limited Resources</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpc1iwmfw8b1297popbep.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpc1iwmfw8b1297popbep.jpg" alt="Image" width="756" height="1008"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.sftcdn.net%2Fimages%2Ft_app-cover-s%252Cf_auto%2Fp%2F23eb54bc-72ba-415e-bdaf-4025818e26dc%2F275525339%2Fcpu-throttling-test-screenshot" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.sftcdn.net%2Fimages%2Ft_app-cover-s%252Cf_auto%2Fp%2F23eb54bc-72ba-415e-bdaf-4025818e26dc%2F275525339%2Fcpu-throttling-test-screenshot" alt="Image" width="340" height="604"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fji8h53wca7ll8yqrlrpg.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fji8h53wca7ll8yqrlrpg.jpg" alt="Image" width="800" height="600"></a></p> <h3> <strong>What It Means</strong> </h3> <p>Mobile devices have limited:</p> <ul> <li>Battery</li> <li>CPU</li> <li>Memory</li> <li>Network stability</li> </ul> <p>Even flagship phones are <strong>resource-sensitive</strong>.</p> <h3> <strong>Simple Example</strong> </h3> <p>An app that:</p> <ul> <li>Continuously tracks GPS</li> <li>Auto-refreshes every second</li> <li>Loads large images</li> </ul> <p>Result:<br> 🔋 Battery drains fast<br> 🔥 Phone heats up<br> ❌ App uninstalled</p> <h3> <strong>Real-World Illustration</strong> </h3> <p>Why does Google:</p> <ul> <li>Delay background sync</li> <li>Batch network requests</li> <li>Use caching aggressively</li> </ul> <p>Because <strong>battery is user trust</strong>.</p> <p>If your app kills battery:<br> 👉 Users delete it.</p> <h3> <strong>Design Best Practices</strong> </h3> <p>✔ Optimize background tasks<br> ✔ Use lazy loading<br> ✔ Respect OS lifecycle<br> ✔ Design for offline-first when possible</p> <h3> <strong>Academic Tie-In</strong> </h3> <p>This relates to:</p> <ul> <li>Mobile Operating Systems</li> <li>Energy-aware computing</li> <li>Systems optimization</li> </ul> <h2> <strong>5. Fragmented Device Landscape</strong> </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ciqgrm8ubmy7moet64b.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ciqgrm8ubmy7moet64b.jpeg" alt="Image" width="800" height="570"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fassets.newatlas.com%2Fdims4%2Fdefault%2Fc55c199%2F2147483647%2Fstrip%2Ftrue%2Fcrop%2F1275x1080%252B0%252B0%2Fresize%2F1133x960%2521%2Fformat%2Fwebp%2Fquality%2F90%2F%3Furl%3Dhttps%253A%252F%252Fnewatlas-brightspot.s3.amazonaws.com%252Farchive%252F2017-best-smartphones-specs-features-comparison-38.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fassets.newatlas.com%2Fdims4%2Fdefault%2Fc55c199%2F2147483647%2Fstrip%2Ftrue%2Fcrop%2F1275x1080%252B0%252B0%2Fresize%2F1133x960%2521%2Fformat%2Fwebp%2Fquality%2F90%2F%3Furl%3Dhttps%253A%252F%252Fnewatlas-brightspot.s3.amazonaws.com%252Farchive%252F2017-best-smartphones-specs-features-comparison-38.jpg" alt="Image" width="800" height="677"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimagedelivery.net%2FPVooPtpJE-25QaNkbEuXvw%2F4c268491-a003-4f31-a077-bdde10206900%2Fgamma%253D0" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimagedelivery.net%2FPVooPtpJE-25QaNkbEuXvw%2F4c268491-a003-4f31-a077-bdde10206900%2Fgamma%253D0" alt="Image" width="800" height="400"></a></p> <h3> <strong>What It Means</strong> </h3> <p>Mobile ecosystem is fragmented:</p> <ul> <li>Different screen sizes</li> <li>Different OS versions</li> <li>Different hardware capabilities</li> <li>Different manufacturers</li> </ul> <p>One app ≠ one device</p> <h3> <strong>Simple Example</strong> </h3> <p>Your app works perfectly on:<br> ✔ Your phone</p> <p>But crashes on:<br> ❌ Older Android<br> ❌ Smaller screen<br> ❌ Low RAM device</p> <h3> <strong>Practical Illustration</strong> </h3> <p>Android developers must consider:</p> <ul> <li>API level differences</li> <li>Permission changes</li> <li>Manufacturer customizations</li> </ul> <p>That’s why:</p> <blockquote> <p>“It works on my phone”<br> is <strong>not an acceptable conclusion</strong>.</p> </blockquote> <h3> <strong>Design Strategy</strong> </h3> <p>✔ Responsive layouts<br> ✔ Flexible UI components<br> ✔ Graceful degradation<br> ✔ Extensive testing</p> <h2> <strong>Conclusion: The Mobile Designer’s Mindset</strong> </h2> <p>Mobile computing design is about:</p> <ul> <li>Constraints</li> <li>Empathy</li> <li>Trade-offs</li> </ul> <p>A good mobile designer asks:</p> <blockquote> <p>“What is the <strong>minimum</strong> needed for the user to succeed?”</p> </blockquote> design mobile ui ux ahmadasroni38 Mon, 29 Dec 2025 09:16:25 +0000 https://forem.com/ahmadasroni38/unlocking-the-future-emerging-trends-in-system-evaluation-and-analysis-3inb https://forem.com/ahmadasroni38/unlocking-the-future-emerging-trends-in-system-evaluation-and-analysis-3inb <p>Selamat datang di bab paling menginspirasi dari buku ini: <strong>Tren Masa Depan</strong>. Di tahun 2025 ini, evaluasi sistem informasi bukan lagi tugas rutin – ia menjadi katalisator inovasi, didorong oleh AI, cloud, dan keberlanjutan. Sebagai praktisi yang telah memimpin evaluasi di proyek cutting-edge dan akademisi yang meneliti tren disruptif, saya percaya masa depan evaluasi adalah adaptif, cerdas, dan bertanggung jawab – membantu kita membangun sistem yang tidak hanya efisien, tapi juga etis dan hijau.</p> <p>Bab ini dirancang mudah dipahami, dengan contoh sederhana sehari-hari, analogi menyenangkan, dan ilustrasi visual keren agar kamu cepat paham dan terinspirasi. Yuk kita jelajahi tren yang akan bentuk karirmu besok – siap jadi pioneer? 🚀</p> <h3> 10.1 Evaluasi Sistem Adaptif </h3> <p>Sistem adaptif adalah "sistem hidup" yang belajar dan berubah sendiri, seperti aplikasi cuaca yang update prediksi berdasarkan data real-time.</p> <h4> 10.1.1 Konsep Sistem Adaptif </h4> <ul> <li> <strong>10.1.1.1 Definisi Sistem Adaptif</strong>: Sistem yang menyesuaikan perilaku secara otomatis terhadap perubahan lingkungan.</li> <li> <strong>10.1.1.2 Karakteristik Sistem Adaptif</strong>: Dinamis, resilient, self-optimizing – seperti pohon yang tumbuh menyesuaikan cahaya matahari.</li> <li> <strong>10.1.1.3 Contoh Sistem Adaptif</strong>: Sistem rekomendasi e-commerce yang berubah berdasarkan tren belanja pengguna.</li> </ul> <h4> 10.1.2 Tantangan Evaluasi Sistem Adaptif </h4> <ul> <li> <strong>10.1.2.1 Sifat Dinamis Sistem</strong>: Evaluasi statis nggak cukup karena sistem terus evolusi.</li> <li> <strong>10.1.2.2 Perubahan Konteks</strong>: Data lama bisa irrelevant seiring waktu.</li> <li> <strong>10.1.2.3 Evolusi Sistem</strong>: Butuh evaluasi yang ikut beradaptasi.</li> </ul> <h4> 10.1.3 Metodologi Evaluasi untuk Sistem Adaptif </h4> <ul> <li> <strong>10.1.3.1 Continuous Evaluation</strong>: Evaluasi berjalan non-stop, seperti monitor detak jantung.</li> <li> <strong>10.1.3.2 Real-time Monitoring</strong>: Gunakan dashboard untuk lihat performa saat ini.</li> <li> <strong>10.1.3.3 Feedback Loops</strong>: Sistem koreksi diri dari hasil evaluasi.</li> <li> <strong>10.1.3.4 Self-healing Systems Evaluation</strong>: Evaluasi sistem yang otomatis fix masalah.</li> </ul> <p>Contoh sederhana: Aplikasi navigasi seperti Waze – evaluasi continuous cek apakah rute baru lebih cepat 10% dari sebelumnya.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwytvsglj9dkb47udq3sy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwytvsglj9dkb47udq3sy.png" alt=" " width="696" height="490"></a></p> <p>Simplified diagram depicting forests as complex adaptive systems ... – gambarin feedback loop adaptif seperti ekosistem hutan yang menyesuaikan!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvy5bqsotozpk5ls7iwkb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvy5bqsotozpk5ls7iwkb.png" alt=" " width="251" height="201"></a></p> <p>How complex adaptive systems change – diagram loop yang dinamis dan engaging!</p> <h4> 10.1.4 Studi Kasus: Evaluasi Sistem Adaptif </h4> <ul> <li> <strong>10.1.4.1 Evaluasi Sistem Rekomendasi Adaptif</strong>: Amazon – adaptasi real-time tingkatkan konversi 35%.</li> <li> <strong>10.1.4.2 Evaluasi Sistem Keamanan Adaptif</strong>: Intrusion detection yang belajar ancaman baru.</li> <li> <strong>10.1.4.3 Pembelajaran dari Implementasi</strong>: Pelajaran: Integrasikan ML untuk prediksi adaptasi.</li> </ul> <h3> 10.2 Penggunaan AI dan Machine Learning dalam Evaluasi Sistem </h3> <p>AI/ML ubah evaluasi jadi "prediktif" – bukan cuma ukur, tapi ramal masalah!</p> <h4> 10.2.1 Aplikasi AI/ML untuk Evaluasi </h4> <ul> <li> <strong>10.2.1.1 Prediksi Kinerja Sistem</strong>: ML ramal downtime server.</li> <li> <strong>10.2.1.2 Deteksi Anomali Otomatis</strong>: Spot lonjakan traffic jahat.</li> <li> <strong>10.2.1.3 Klasifikasi Kualitas Sistem</strong>: Label sistem "baik/cukup/buruk" dari metrik.</li> <li> <strong>10.2.1.4 Natural Language Processing untuk Analisis Feedback</strong>: Sentiment dari review pengguna.</li> </ul> <p>Contoh: Sistem HR pakai NLP evaluasi feedback karyawan – deteksi isu moral sebelum jadi masalah besar.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlo0w1hvq5oa0aw1ll4n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhlo0w1hvq5oa0aw1ll4n.png" alt=" " width="800" height="450"></a></p> <p>Master AI Anomaly Detection: The Definitive Guide – flowchart deteksi anomali yang detail!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fii3x4gqqf18xdt06fvv6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fii3x4gqqf18xdt06fvv6.png" alt=" " width="560" height="315"></a></p> <p>Cloud Computing And Ai Powered Anomaly Detection – guide visual yang komprehensif!</p> <h4> 10.2.2 Teknik Machine Learning untuk Evaluasi </h4> <ul> <li> <strong>10.2.2.1 Supervised Learning untuk Evaluasi</strong>: Regresi prediksi waktu load.</li> <li> <strong>10.2.2.2 Unsupervised Learning untuk Evaluasi</strong>: Clustering error log.</li> <li> <strong>10.2.2.3 Reinforcement Learning untuk Evaluasi</strong>: Optimasi parameter sistem.</li> <li> <strong>10.2.2.4 Deep Learning Applications</strong>: CNN analisis performa image-based.</li> </ul> <h4> 10.2.3 Implementasi ML dalam Evaluasi </h4> <ul> <li> <strong>10.2.3.1 Data Preparation untuk ML</strong>: Clean log data.</li> <li> <strong>10.2.3.2 Model Training dan Validation</strong>: Pakai cross-validation.</li> <li> <strong>10.2.3.3 Deployment dan Monitoring</strong>: Di Kubernetes dengan MLflow.</li> <li> <strong>10.2.3.4 Model Drift Detection</strong>: Deteksi kalau model ML evaluasi outdated.</li> </ul> <h4> 10.2.4 Automated Evaluation Systems </h4> <ul> <li> <strong>10.2.4.1 AutoML untuk Evaluasi</strong>: Google AutoML buat model evaluasi otomatis.</li> <li> <strong>10.2.4.2 Intelligent Monitoring Systems</strong>: Splunk dengan AI.</li> <li> <strong>10.2.4.3 Predictive Maintenance</strong>: Ramal kegagalan hardware.</li> </ul> <h4> 10.2.5 Studi Kasus: ML dalam Evaluasi Sistem </h4> <ul> <li> <strong>10.2.5.1 Evaluasi Sistem dengan Predictive Analytics</strong>: Bank ramal fraud.</li> <li> <strong>10.2.5.2 Evaluasi Otomatis dengan ML</strong>: Grading tugas mahasiswa.</li> <li> <strong>10.2.5.3 Pembelajaran dari Implementasi</strong>: Kasus predictive maintenance di manufaktur.</li> </ul> <h3> 10.3 Integrasi Framework DevOps dan SRE dalam Evaluasi </h3> <p>DevOps &amp; SRE bikin evaluasi "agile dan reliable" seperti tim olimpiade yang latihan terus.</p> <h4> 10.3.1 Konsep DevOps dan Site Reliability Engineering (SRE) </h4> <ul> <li> <strong>10.3.1.1 Prinsip DevOps</strong>: Collaboration, automation, continuous delivery.</li> <li> <strong>10.3.1.2 SRE Practices</strong>: SLO (Service Level Objectives), error budgets.</li> <li> <strong>10.3.1.3 Peran Evaluasi dalam DevOps/SRE</strong>: Integrasi monitoring di pipeline.</li> </ul> <h4> 10.3.2 Praktik Evaluasi dalam DevOps </h4> <ul> <li> <strong>10.3.2.1 Automated Testing</strong>: Unit/integration di CI/CD.</li> <li> <strong>10.3.2.2 Continuous Monitoring</strong>: Alerting untuk metrik kritis.</li> <li> <strong>10.3.2.3 Feedback Loops</strong>: User metrics feed back ke dev team.</li> <li> <strong>10.3.2.4 Chaos Engineering</strong>: Test kegagalan sengaja untuk evaluasi resilience.</li> </ul> <p>Contoh: Amazon DevOps – evaluasi continuous kurangi downtime 75%.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F13l4r5d9q4gxijh1rfgs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F13l4r5d9q4gxijh1rfgs.png" alt=" " width="800" height="490"></a></p> <p>What is Devops lifecycle? 8 phases of devops – diagram infinity loop klasik!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm12oecrq323qc75xnfw3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm12oecrq323qc75xnfw3.png" alt=" " width="768" height="576"></a></p> <p>Blue DevOps Infinity Loop Diagram – visual optimasi proses!</p> <h4> 10.3.3 Tools untuk Evaluasi dalam DevOps </h4> <ul> <li> <strong>10.3.3.1 Monitoring Tools (Prometheus, Grafana)</strong>: Dashboard metrik real-time.</li> <li> <strong>10.3.3.2 Testing Automation Tools</strong>: Selenium, JUnit.</li> <li> <strong>10.3.3.3 Analytics Platforms</strong>: ELK Stack.</li> <li> <strong>10.3.3.4 Observability Tools</strong>: Jaeger untuk tracing.</li> </ul> <h4> 10.3.4 Studi Kasus: Integrasi DevOps dalam Evaluasi </h4> <ul> <li> <strong>10.3.4.1 Implementasi Continuous Evaluation</strong>: Google SRE model.</li> <li> <strong>10.3.4.2 Evaluasi dalam CI/CD Pipeline</strong>: GitLab pipelines.</li> <li> <strong>10.3.4.3 Pembelajaran dari Implementasi</strong>: Agility tingkatkan time-to-market.</li> </ul> <h3> 10.4 Tren Teknologi dalam Evaluasi Sistem </h3> <p>Teknologi baru ubah evaluasi jadi "sci-fi"!</p> <h4> 10.4.1 Evaluasi Sistem Berbasis Cloud </h4> <ul> <li> <strong>10.4.1.1 Tantangan Evaluasi Cloud Systems</strong>: Variabilitas skalabilitas.</li> <li> <strong>10.4.1.2 Metodologi Evaluasi Cloud</strong>: Benchmark multi-provider.</li> <li> <strong>10.4.1.3 Tools untuk Evaluasi Cloud</strong>: AWS CloudWatch.</li> <li> <strong>10.4.1.4 Multi-cloud Evaluation Strategies</strong>: Hybrid monitoring tools.</li> </ul> <h4> 10.4.2 Evaluasi Sistem Terdistribusi </h4> <ul> <li> <strong>10.4.2.1 Tantangan</strong>: Konsistensi data antar node.</li> <li> <strong>10.4.2.2 Metodologi</strong>: Distributed logging.</li> <li> <strong>10.4.2.3 Tools</strong>: Apache Kafka.</li> <li> <strong>10.4.2.4 Microservices Evaluation</strong>: Istio service mesh.</li> </ul> <h4> 10.4.3 Evaluasi Sistem Real-time </h4> <ul> <li> <strong>10.4.3.1 Tantangan</strong>: Low latency requirement.</li> <li> <strong>10.4.3.2 Metodologi</strong>: Time-series metrics.</li> <li> <strong>10.4.3.3 Tools</strong>: InfluxDB.</li> <li> <strong>10.4.3.4 Stream Processing Evaluation</strong>: Apache Flink.</li> </ul> <h4> 10.4.4 Evaluasi Emerging Technologies </h4> <ul> <li> <strong>10.4.4.1 Blockchain Systems Evaluation</strong>: TPS (transactions per second).</li> <li> <strong>10.4.4.2 Quantum Computing Systems Evaluation</strong>: Qubit error rates.</li> <li> <strong>10.4.4.3 Edge Computing Evaluation</strong>: Latency vs cloud.</li> <li> <strong>10.4.4.4 5G Network Systems Evaluation</strong>: Bandwidth throughput.</li> </ul> <p>Contoh: Evaluasi blockchain untuk fintech – metrik security vs speed.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fncmsc7egliym2gcu02i0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fncmsc7egliym2gcu02i0.png" alt=" " width="800" height="450"></a></p> <p>4 Trends in Emerging Tech That Will Transform Value Creation – infographic tren 2025!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fltnwouv4ommvqzpzwfux.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fltnwouv4ommvqzpzwfux.png" alt=" " width="800" height="450"></a></p> <p>Gartner Hype Cycle™ for Emerging Technologies – prediksi teknologi masa depan!</p> <h4> 10.4.5 Studi Kasus: Evaluasi Sistem dengan Teknologi Terkini </h4> <ul> <li> <strong>10.4.5.1 Evaluasi Sistem Blockchain</strong>: Supply chain transparency.</li> <li> <strong>10.4.5.2 Evaluasi Quantum Computing</strong>: Simulasi molekul.</li> <li> <strong>10.4.5.3 Pembelajaran dari Implementasi</strong>: Hybrid cloud-quantum approach.</li> </ul> <h3> 10.5 Sustainable IT dan Green Computing Evaluation </h3> <p>Evaluasi masa depan harus ukur "jejak karbon" sistem!</p> <h4> 10.5.1 Konsep Sustainable IT </h4> <ul> <li> <strong>10.5.1.1 Environmental Impact of IT Systems</strong>: Data center konsumsi listrik seperti kota.</li> <li> <strong>10.5.1.2 Carbon Footprint Measurement</strong>: Hitung emisi CO2 dari server.</li> <li> <strong>10.5.1.3 Green IT Principles</strong>: Efisiensi energi, recycle hardware.</li> </ul> <h4> 10.5.2 Evaluasi Green Computing </h4> <ul> <li> <strong>10.5.2.1 Energy Efficiency Metrics</strong>: PUE (Power Usage Effectiveness).</li> <li> <strong>10.5.2.2 E-waste Management Evaluation</strong>: Recycling metrics.</li> <li> <strong>10.5.2.3 Sustainable Software Engineering</strong>: Code hemat energi.</li> </ul> <h4> 10.5.3 ESG (Environmental, Social, Governance) Compliance </h4> <ul> <li> <strong>10.5.3.1 ESG Reporting for IT Systems</strong>: Annual green report.</li> <li> <strong>10.5.3.2 Sustainability KPIs</strong>: Carbon reduction target.</li> <li> <strong>10.5.3.3 Green IT Certifications</strong>: LEED for data centers.</li> </ul> <h4> 10.5.4 Studi Kasus: Sustainable IT Evaluation </h4> <p>Kasus Microsoft Azure – evaluasi zero-carbon data center.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3pfjtmp9r175to999mje.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3pfjtmp9r175to999mje.png" alt=" " width="800" height="404"></a></p> <p>Green computing / green IT vector illustration – konsep hijau dengan ikon sustainable!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpsvi5bhdxi50pbjoaf96.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpsvi5bhdxi50pbjoaf96.png" alt=" " width="800" height="418"></a></p> <p>Green Computing: Paving the Way for A Sustainable Tech Future – ilustrasi praktik hijau!</p> <h3> 10.6 Masa Depan Profesi Evaluasi Sistem </h3> <p>Evaluator masa depan adalah "strategist AI"!</p> <h4> 10.6.1 Evolusi Peran Evaluator </h4> <ul> <li> <strong>10.6.1.1 Dari Teknis ke Strategis</strong>: Advisor C-level.</li> <li> <strong>10.6.1.2 Integrasi dengan Disiplin Lain</strong>: Kolaborasi dengan ethicist.</li> <li> <strong>10.6.1.3 Keterampilan Masa Depan</strong>: Quantum literacy, AI ethics.</li> <li> <strong>10.6.1.4 New Job Roles dalam Evaluasi</strong>: Sustainability Evaluator.</li> </ul> <h4> 10.6.2 Pendidikan dan Pelatihan Evaluasi Sistem </h4> <ul> <li> <strong>10.6.2.1 Kurikulum Evaluasi Sistem</strong>: Sertakan VR dan AI sim.</li> <li> <strong>10.6.2.2 Metode Pembelajaran Inovatif</strong>: Gamification.</li> <li> <strong>10.6.2.3 Sertifikasi dan Akreditasi</strong>: Certified AI Evaluator.</li> <li> <strong>10.6.2.4 Lifelong Learning Pathways</strong>: MOOCs seperti Coursera.</li> </ul> <h4> 10.6.3 Komunitas dan Kolaborasi </h4> <ul> <li> <strong>10.6.3.1 Jaringan Profesional</strong>: IEEE groups.</li> <li> <strong>10.6.3.2 Kolaborasi Internasional</strong>: Konferensi ICIS.</li> <li> <strong>10.6.3.3 Open Source dan Pengetahuan Bersama</strong>: GitHub evaluasi tools.</li> <li> <strong>10.6.3.4 Research and Innovation Networks</strong>: ResearchGate.</li> </ul> <h4> 10.6.4 Visi Masa Depan Evaluasi Sistem </h4> <ul> <li> <strong>10.6.4.1 Prediksi untuk 10 Tahun Mendatang</strong>: Evaluasi metaverse.</li> <li> <strong>10.6.4.2 Dampak pada Industri dan Masyarakat</strong>: Lebih inklusif.</li> <li> <strong>10.6.4.3 Etika dan Tanggung Jawab Sosial</strong>: Fokus fairness.</li> <li> <strong>10.6.4.4 Preparing for the Future</strong>: Upskilling continuous.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8vz4pj07gtykm5fl65lf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8vz4pj07gtykm5fl65lf.png" alt=" " width="800" height="581"></a></p> <p>Competencies for post-normal evaluation – diagram skill vital masa depan!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F78he0deytzlj2s4ta0l9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F78he0deytzlj2s4ta0l9.png" alt=" " width="800" height="450"></a></p> <p>What is Kirkpatrick's Training Evaluation Model? – model evolusi skill!</p> <h3> 10.7 Rangkuman dan Refleksi </h3> <p><strong>10.7.1 Rangkuman bab</strong>: Tren masa depan: Adaptif, AI-driven, DevOps-integrated, tech-emerging, sustainable, evolusi profesi.<br> <strong>10.7.2 Pertanyaan refleksi</strong>: Bagaimana kamu siapkan diri untuk evaluasi quantum?<br> <strong>10.7.3 Tugas: Visi masa depan evaluasi sistem</strong>: Buat roadmap 10 tahun untuk karirmu.</p> <p>Selamat berefleksi, teman-teman! Tren masa depan ini peluang emas – dengan pemahaman ini, kamu siap jadi leader inovasi SI. Terus kolaborasi dan adaptasi! 🌟</p> <p><strong>Akhir Buku: Implementasi dan Case Study Lanjutan</strong></p> <p>— Ahmad Asroni, Praktisi &amp; Akademisi Sistem Informasi<br><br> Fokus: Tren Masa Depan, Etika, dan Inovasi Bertanggung Jawab</p> ahmadasroni38 Mon, 22 Dec 2025 09:35:35 +0000 https://forem.com/ahmadasroni38/etika-dan-tantangan-evaluasi-sistem-1l71 https://forem.com/ahmadasroni38/etika-dan-tantangan-evaluasi-sistem-1l71 <p>Halo, rekan-rekan praktisi, akademisi, dosen, dan mahasiswa yang sedang mendalami Sistem Informasi!<br><br> Selamat datang di bab paling "manusiawi" dari buku ini: <strong>Etika dan Tantangan Evaluasi</strong>. Evaluasi sistem bukan hanya soal angka dan metrik – tapi juga soal tanggung jawab moral, keadilan, dan dampak sosial. Sebagai praktisi yang telah memimpin evaluasi di proyek besar dan akademisi yang mengajar etika SI, saya selalu bilang: "Sistem hebat tanpa etika bisa jadi bencana."</p> <p>Bab ini dirancang mudah dipahami, dengan contoh sederhana sehari-hari, analogi seru, dan ilustrasi visual keren agar kamu cepat paham dan enjoy belajarnya. Yuk kita bahas etika yang bikin evaluasi tidak hanya akurat, tapi juga bertanggung jawab! 😊</p> <h3> 9.1 Bias Data dalam Evaluasi Sistem </h3> <p>Bias data adalah "kesalahan sistematis" yang bikin evaluasi tidak adil – seperti timbangan yang miring.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzy5l7wqj9ehh0h13nqt4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzy5l7wqj9ehh0h13nqt4.png" alt=" " width="612" height="326"></a></p> <p>Ilustrasi statistical bias ini nunjukin gimana data biased bikin hasil analisis melenceng – mirip timbangan rusak!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F03ne8rmm24jw3pteq8eo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F03ne8rmm24jw3pteq8eo.png" alt=" " width="800" height="452"></a></p> <p>Diagram cycle bias ini gambarin gimana bias masuk dari data training sampai output AI.</p> <h4> 9.1.1 Jenis-jenis Bias Data </h4> <ul> <li> <strong>Sampling Bias</strong>: Data sampel tidak representatif. Contoh: Evaluasi sistem rekrutmen hanya pakai data dari kota besar → Diskriminasi kandidat dari desa.</li> <li> <strong>Confirmation Bias</strong>: Evaluator hanya cari bukti yang dukung hipotesisnya. Contoh: "Sistem ini bagus!" → Abaikan feedback negatif.</li> <li> <strong>Anchoring Bias</strong>: Terpaku pada informasi pertama. Contoh: Nilai sistem tinggi karena demo awal bagus, abaikan performa jangka panjang.</li> <li> <strong>Availability Bias</strong>: Terpengaruh data yang mudah diingat. Contoh: Fokus pada kasus gagal spektakuler, abaikan ribuan sukses.</li> <li> <strong>Algorithmic Bias</strong>: Algoritma memperkuat bias data. Contoh: Sistem kredit AI tolak pinjaman perempuan karena data historis didominasi laki-laki.</li> </ul> <h4> 9.1.2 Deteksi Bias dalam Evaluasi </h4> <ul> <li>Teknik: Bandingkan performa antar kelompok (gender, usia, lokasi).</li> <li>Alat: Fairlearn (Python), AIF360 (IBM).</li> <li>Validasi: Cross-check dengan data eksternal.</li> </ul> <h4> 9.1.3 Mitigasi Bias Data </h4> <ul> <li>Diversifikasi data, randomisasi, bias correction (reweighting).</li> <li>Desain evaluasi adil: Pakai multiple evaluator independen.</li> </ul> <h4> 9.1.4 Studi Kasus: Bias dalam Evaluasi Sistem </h4> <p>Kasus nyata: Sistem pengenalan wajah yang akurat 99% untuk kulit terang, tapi hanya 70% untuk kulit gelap → Diskriminasi rasial.</p> <h3> 9.2 Privasi Informasi dalam Evaluasi </h3> <p>Privasi adalah hak dasar – jangan sampai evaluasi malah bocorkan data sensitif!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fym66l0zsmfixvbaxnhvh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fym66l0zsmfixvbaxnhvh.png" alt=" " width="800" height="416"></a></p> <p>Infografis GDPR principles ini jelasin 6 prinsip utama privasi data – mudah diingat!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fakp9ydsxor21waxx56i3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fakp9ydsxor21waxx56i3.png" alt=" " width="390" height="280"></a></p> <p>Ilustrasi isometric GDPR ini gambarin proteksi data secara visual.</p> <h4> 9.2.1 Konsep Privasi Data </h4> <ul> <li>Definisi: Kontrol individu atas data pribadinya.</li> <li>Regulasi: GDPR (Eropa), PDPA (Indonesia), CCPA (California).</li> <li>Hak: Akses, koreksi, hapus data.</li> </ul> <h4> 9.2.2 Perlindungan Data dalam Evaluasi </h4> <ul> <li>Anonimisasi (hapus identifier), pseudonimisasi (ganti nama dengan kode).</li> <li>Enkripsi, access control (role-based).</li> </ul> <h4> 9.2.3 Etika Pengumpulan Data </h4> <ul> <li>Informed consent: Jelaskan tujuan evaluasi.</li> <li>Minimisasi: Kumpul data secukupnya saja.</li> </ul> <h4> 9.2.4 Studi Kasus: Pelanggaran Privasi dalam Evaluasi </h4> <p>Kasus Cambridge Analytica: Evaluasi data Facebook tanpa consent → Manipulasi pemilu.</p> <h3> 9.3 Isu Etika dalam Pengambilan Keputusan </h3> <p>Evaluasi sering hadapi dilema: Akurat vs etis?</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2cxn3opltf8sjukj7i1x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2cxn3opltf8sjukj7i1x.png" alt=" " width="800" height="492"></a></p> <p>Trolley problem self-driving car ini klasik dilema etika – pilih mana?</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh1bz9jpy4t97skwqebr0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh1bz9jpy4t97skwqebr0.png" alt=" " width="800" height="490"></a></p> <p>Storyboard ethical dilemmas ini gambarin contoh dari literatur – relatable!</p> <h4> 9.3.1 Dilema Etika dalam Evaluasi </h4> <ul> <li>Konflik kepentingan: Evaluator dibayar sponsor → Tekan hasil positif.</li> <li>Transparansi vs kerahasiaan: Publikasi hasil vs lindungi data rahasia.</li> </ul> <h4> 9.3.2 Prinsip Etika Evaluasi </h4> <ul> <li>Beneficence (bermanfaat), Non-maleficence (jangan merugikan), Justice (adil), Autonomy (hormati pilihan).</li> </ul> <h4> 9.3.3 Kerangka Kerja Pengambilan Keputusan Etis </h4> <ul> <li>Model: Identify issue → Options → Evaluate → Decide → Document.</li> </ul> <h4> 9.3.4 Studi Kasus: Keputusan Etis dalam Evaluasi </h4> <p>Kasus: Evaluasi sistem surveillance – Efisien tapi langgar privasi?</p> <h3> 9.4 Fairness dan Inclusivity dalam Evaluasi </h3> <p>Evaluasi harus inklusif – jangan diskriminasi!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl7kr3wfgrs4o6u6r9qg4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl7kr3wfgrs4o6u6r9qg4.png" alt=" " width="800" height="490"></a></p> <p>Cycle bias and fairness ini gambarin gimana fairness jadi bagian integral AI.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fupkzdy5ipcbmpxjc9jzx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fupkzdy5ipcbmpxjc9jzx.png" alt=" " width="800" height="450"></a></p> <p>Diagram understanding bias ini jelasin sumber bias dan fairness.</p> <h4> 9.4.1 Evaluasi yang Inklusif </h4> <ul> <li>Universal design: Aksesibel untuk disabilitas.</li> <li>Cultural sensitivity: Tes dengan pengguna beragam budaya.</li> </ul> <h4> 9.4.2 Fairness Metrics </h4> <ul> <li>Demographic Parity: Hasil sama antar kelompok.</li> <li>Equal Opportunity: Kesempatan benar sama.</li> </ul> <h4> 9.4.3 Addressing Discrimination in Systems </h4> <ul> <li>Identifikasi pattern diskriminatif → Remediasi dengan re-training.</li> </ul> <h3> 9.5 Tantangan Implementasi Evaluasi </h3> <p>Evaluasi nggak selalu mulus – ada rintangan!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkgpezzjh6s16ctwnqhw1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkgpezzjh6s16ctwnqhw1.png" alt=" " width="288" height="175"></a></p> <p>Diagram challenges in prognostics ini gambarin obstacles teknis.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbtkxnfnw8s7k9uapqjcg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbtkxnfnw8s7k9uapqjcg.png" alt=" " width="765" height="420"></a></p> <p>Obstacles in adaptive management ini visualisasikan hambatan.</p> <h4> 9.5.1 Tantangan Teknis </h4> <ul> <li>Kompleksitas sistem, keterbatasan data.</li> </ul> <h4> 9.5.2 Tantangan Organisasi </h4> <ul> <li>Resistensi perubahan, budget.</li> </ul> <h4> 9.5.3 Tantangan Sosial </h4> <ul> <li>Trust building dengan pengguna.</li> </ul> <h4> 9.5.4 Strategi Mengatasi </h4> <ul> <li>Change management, stakeholder engagement.</li> </ul> <h3> 9.6 Kode Etik Profesional Evaluasi Sistem </h3> <p>Evaluator harus punya integritas tinggi.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn9jqbqbot336cdo8ddg8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn9jqbqbot336cdo8ddg8.png" alt=" " width="800" height="456"></a></p> <p>Ilustrasi purpose of code of ethics ini gambarin prinsip-prinsip utama.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp992iekwuwny0ns4ulvw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp992iekwuwny0ns4ulvw.png" alt=" " width="720" height="540"></a></p> <p>Professional ethics template ini visual dan mudah dipahami.</p> <h4> 9.6.1 Standar Profesional </h4> <ul> <li>Kompetensi, integritas, tanggung jawab sosial.</li> </ul> <h4> 9.6.2 Praktik Etis </h4> <ul> <li>Objektivitas, akuntabilitas.</li> </ul> <h4> 9.6.3 Pengembangan Profesi </h4> <ul> <li>Sertifikasi, komunitas.</li> </ul> <h4> 9.6.4 Studi Kasus: Etika Profesional dalam Aksi </h4> <p>Kasus whistleblower yang laporkan bias di sistem.</p> <h3> 9.7 Rangkuman dan Latihan </h3> <p><strong>Rangkuman</strong>: Etika evaluasi adalah kompas moral – bias, privasi, fairness, dan integritas harus jadi prioritas.</p> <p><strong>Pertanyaan Diskusi</strong>:</p> <ol> <li>Apa dilema etika terbesar di evaluasi AI hari ini?</li> <li>Bagaimana mitigasi bias di proyekmu?</li> </ol> <p><strong>Case Study</strong>: Analisis kasus COMPAS (sistem prediksi kriminalitas yang biased rasial).</p> <p>Selamat berefleksi, teman-teman! Etika bukan beban, tapi fondasi sistem informasi yang bertanggung jawab. Terus praktik etis – dunia butuh evaluator seperti kalian! ⚖️✨</p> beginners datascience discuss ahmadasroni38 Fri, 19 Dec 2025 08:05:14 +0000 https://forem.com/ahmadasroni38/analisis-kualitas-dan-keamanan-sistem-informasi-435g https://forem.com/ahmadasroni38/analisis-kualitas-dan-keamanan-sistem-informasi-435g <p>Halo, rekan-rekan praktisi, akademisi, dosen, dan mahasiswa yang sedang mendalami Sistem Informasi!<br><br> Selamat datang di bab yang menjadi pondasi kuat dalam membangun sistem informasi berkualitas tinggi: <strong>Analisis Kualitas dan Keamanan</strong>. Sebagai praktisi yang telah mengimplementasikan puluhan proyek SI di perusahaan multinasional dan sebagai akademisi yang mengajar ribuan mahasiswa, saya selalu menekankan bahwa sistem informasi yang hebat bukan hanya yang "berfungsi", tapi yang <strong>handal, aman, dan memberikan nilai bisnis nyata</strong>.</p> <p>Bayangkan kamu membangun aplikasi banking online. Kalau kualitas buruk (bug banyak, lambat), pengguna kabur. Kalau keamanan lemah (mudah dihack), perusahaan rugi miliaran. Analisis kualitas dan keamanan adalah "perisai" yang melindungi investasi kita. Bab ini dirancang mudah dipahami, dengan contoh sederhana sehari-hari, analogi menyenangkan, dan ilustrasi visual keren agar kamu cepat grasp dan langsung bisa terapkan di proyek nyata.</p> <p>Yuk kita eksplor bareng – praktis untuk industri, mendalam untuk penelitian! 😊</p> <h3> 1. Analisis Kualitas Sistem Informasi: Membuat Sistem yang Handal dan Efisien </h3> <p>Kualitas sistem informasi diukur dari seberapa baik sistem memenuhi standar ISO 25010: Functionality, Reliability, Usability, Efficiency, Maintainability, dan Portability.</p> <p>Analogi: Kayak mobil. Bukan hanya bisa jalan (functionality), tapi aman nyetir (reliability), nyaman (usability), irit bensin (efficiency), dan mudah servis (maintainability).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F77yjnuaqc5yp8trmtfvw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F77yjnuaqc5yp8trmtfvw.png" alt=" " width="800" height="571"></a></p> <p>Diagram Software Quality Assurance ini nunjukin elemen-elemen utama: planning, testing, review – cycle berkelanjutan untuk kualitas tinggi!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fby1m7w3dpsl2qqzp0hme.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fby1m7w3dpsl2qqzp0hme.png" alt=" " width="800" height="449"></a></p> <p>Versi lain yang fokus pada proses SQA – dari review hingga auditing.</p> <h4> Contoh Sederhana 1: Testing Pyramid untuk Kualitas Kode </h4> <p>Di proyek aplikasi inventory, kita pakai <strong>Testing Pyramid</strong>: Banyak unit test (dasar), sedikit integration test, lebih sedikit lagi UI test.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq1wpy9dbrdefzuh1eie7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq1wpy9dbrdefzuh1eie7.png" alt=" " width="800" height="480"></a></p> <p>Testing Pyramid ini ikonik: Unit test cepat &amp; murah, UI test lambat tapi cover user experience – balance yang pas!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnm2hw2xx12up21jxh6u8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnm2hw2xx12up21jxh6u8.png" alt=" " width="800" height="450"></a></p> <p>Versi modern dengan trophy shape – lebih realistis untuk agile.</p> <p>Manfaat: Deteksi bug dini, hemat biaya perbaikan (bug di production bisa 100x lebih mahal).</p> <h4> Contoh Sederhana 2: Usability Testing </h4> <p>Sistem absensi karyawan: Test dengan 10 pengguna nyata. Mereka kesulitan cari tombol "clock out"? Skor SUS (System Usability Scale) rendah → Redesign UI.</p> <p>Hasil: Kepuasan naik dari 60% ke 90%.</p> <h3> 2. Analisis Keamanan Sistem Informasi: Melindungi dari Ancaman </h3> <p>Keamanan berdasarkan <strong>CIA Triad</strong>: Confidentiality (rahasia), Integrity (integritas data), Availability (selalu tersedia).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmdteon5ykpwbitjxqoei.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmdteon5ykpwbitjxqoei.png" alt=" " width="800" height="450"></a></p> <p>CIA Triad illustration ini klasik: Tiga pilar keamanan informasi – kalau satu rubuh, sistem rentan!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9oybbofgdium24ku213t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9oybbofgdium24ku213t.png" alt=" " width="800" height="509"></a></p> <p>Versi artistik dengan ikon lock, shield, clock – mudah diingat.</p> <p>Pendekatan <strong>Defense in Depth</strong> (lapisan bawang): Physical, Network, Host, Application, Data.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4b31uo3n28e7p6g1wfwu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4b31uo3n28e7p6g1wfwu.png" alt=" " width="800" height="613"></a></p> <p>Onion Security Model ini gambarin lapisan-lapisan proteksi – hacker harus tembus semua!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4u0k20e3qcrlazkmdztc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4u0k20e3qcrlazkmdztc.png" alt=" " width="297" height="170"></a></p> <p>Versi layered seperti bawang – semakin dalam, semakin kritis.</p> <h4> Contoh Sederhana 1: OWASP Top 10 di Aplikasi Web </h4> <p>Di proyek e-commerce, ancaman teratas: Injection, Broken Authentication, Sensitive Data Exposure.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqhjpxi9er8ieyxskn4qn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqhjpxi9er8ieyxskn4qn.png" alt=" " width="800" height="516"></a></p> <p>Chart OWASP Top 10 ini update – prioritas risiko di web app!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fepoo0kcgemrfahr2bp3v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fepoo0kcgemrfahr2bp3v.png" alt=" " width="800" height="532"></a></p> <p>Versi 2025 guide – fokus pada broken access control dll.</p> <p>Mitigasi: Pakai prepared statements, HTTPS, authentication modern (OAuth).</p> <h4> Contoh Sederhana 2: Risk Matrix untuk Penilaian Ancaman </h4> <p>Identifikasi risiko: SQL Injection (likelihood high, impact high) → Prioritas utama.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqct8j898cc44uvp3pm0w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqct8j898cc44uvp3pm0w.png" alt=" " width="800" height="466"></a></p> <p>Risk Matrix ini 5x5 grid: Likelihood vs Impact – warna merah tinggi risiko!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F39ioi00ycaog6iozluoz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F39ioi00ycaog6iozluoz.png" alt=" " width="800" height="421"></a></p> <p>Versi IT risk register – praktis untuk dokumentasi.</p> <h3> Integrasi Kualitas &amp; Keamanan: Pendekatan Holistik </h3> <p>Kualitas dan keamanan saling terkait – sistem berkualitas tinggi otomatis lebih aman (Secure by Design).</p> <p>Di praktik saya: Selalu integrasikan Security Testing di Testing Pyramid.</p> <h3> Latihan Praktikum yang Menyenangkan! 💪 </h3> <ol> <li>Analisis kualitas aplikasi favoritmu pakai ISO 25010.</li> <li>Buat risk matrix untuk proyek SI sederhana (misal sistem presensi).</li> <li>Diskusi: Bagaimana CIA Triad diterapkan di cloud computing?</li> </ol> <p>Selamat bereksplorasi, rekan-rekan! Analisis kualitas dan keamanan adalah seni membangun sistem informasi yang tidak hanya berfungsi, tapi juga <strong>trusted dan sustainable</strong>. Dengan pemahaman ini, kamu siap menghadapi tantangan industri nyata.</p> <p>— Ahmad Asroni, Praktisi &amp; Akademisi Sistem Informasi<br><br> Spesialisasi: Evaluasi, Keamanan, dan Transformasi Digital</p> learning security softwareengineering ahmadasroni38 Thu, 18 Dec 2025 08:36:19 +0000 https://forem.com/ahmadasroni38/praktikum-keamanan-web-open-redirect-vulnerability-j5e https://forem.com/ahmadasroni38/praktikum-keamanan-web-open-redirect-vulnerability-j5e <p>Halo, teman-teman mahasiswa! Selamat datang di praktikum licik tapi seru tentang <strong>Open Redirect Vulnerability</strong> – celah yang kayak "pintu jebakan" di website! Bayangkan setelah login sukses, aplikasi redirect kamu ke halaman dashboard. Tapi kalau developer lupa validasi, hacker bisa suntikkan URL jahat, dan kamu langsung dikirim ke situs phishing palsu yang mirip banget. Kamu masukin password lagi → Akun jebol! Ini sering dipakai buat phishing karena user percaya redirect dari situs resmi. </p> <p>Open redirect nggak langsung curi data, tapi bikin phishing jauh lebih kredibel. Yuk kita bahas santai, dengan contoh gampang di Laravel/PHP, dan ilustrasi keren biar langsung ngerti!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fudlhqd0dswn9qxlakkkn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fudlhqd0dswn9qxlakkkn.png" alt=" " width="797" height="450"></a></p> <p>Kartun "cat-phishing" ini lucu tapi nunjukin gimana open redirect dipakai buat jebak user – hacker senyum lebar! 😂</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb1svqci1i6v8bseap23t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb1svqci1i6v8bseap23t.png" alt=" " width="800" height="533"></a></p> <p>Gambar cartoon hacker ini gambarin serangan phishing lewat open redirect – user tergoda!</p> <h3> Apa Itu Open Redirect? 🤔🔀 </h3> <p>Open redirect terjadi saat aplikasi redirect user ke URL yang dikontrol dari input (parameter GET/POST) tanpa validasi ketat. Hacker manfaatin buat kirim user ke situs jahat, sambil keliatan dari situs asli.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9opx8mfhcjd2f97xoyp3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9opx8mfhcjd2f97xoyp3.png" alt=" " width="800" height="447"></a></p> <p>Attack flow phishing ini jelas banget: User klik link trusted → Redirect ke fake site → Masukin credential!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F90ap2mu5xj9ic47zhd0e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F90ap2mu5xj9ic47zhd0e.png" alt=" " width="800" height="480"></a></p> <p>Scheme open redirection ini simpel tapi efektif – dari situs legit ke evil.com!</p> <h3> Contoh 1: Redirect Setelah Login (Klasik Banget!) </h3> <p>Kode rentan:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">login</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ... login logic</span> <span class="nv">$redirect</span> <span class="o">=</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">input</span><span class="p">(</span><span class="s1">'return_url'</span><span class="p">,</span> <span class="s1">'/dashboard'</span><span class="p">);</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="nv">$redirect</span><span class="p">);</span> <span class="c1">// Langsung redirect tanpa cek!</span> <span class="p">}</span> </code></pre> </div> <p>URL normal: /login?return_url=/dashboard → Aman.</p> <p>URL jahat: /login?return_url=<a href="https://fakebank.com" rel="noopener noreferrer">https://fakebank.com</a> → Setelah login, user dikirim ke phishing site!</p> <h3> Contoh 2: Logout atau OAuth Redirect </h3> <p>/logout?next=<a href="https://evil.com" rel="noopener noreferrer">https://evil.com</a> → User logout, langsung ke situs jahat.</p> <p>Atau di OAuth: /oauth/callback?redirect_uri=<a href="https://attacker.com" rel="noopener noreferrer">https://attacker.com</a> → Curi code/token.</p> <h3> Contoh 3: Share Link atau Email Confirmation </h3> <p>Link email: <a href="https://situs.com/confirm?redirect=https://malicious.com" rel="noopener noreferrer">https://situs.com/confirm?redirect=https://malicious.com</a></p> <p>User klik, confirm, terus redirect ke jahat – percaya banget karena dari email resmi!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdx5rljzjt39utpo46fop.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdx5rljzjt39utpo46fop.png" alt=" " width="800" height="533"></a></p> <p>Diagram complete guide ini detail nunjukin gimana open redirect dipakai buat phishing &amp; token theft!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb3hdgmbm55czmfp8tk55.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb3hdgmbm55czmfp8tk55.png" alt=" " width="800" height="418"></a></p> <p>Understanding Open Redirection Attack ini gambarin proses lengkap – user nggak sadar!</p> <h3> Contoh 4: Kombinasi dengan XSS atau Open Redirect Chain </h3> <p>Kalau ada XSS, hacker suntik link open redirect → Lebih berbahaya.</p> <h3> Cara Mencegah Open Redirect (Mudah &amp; Efektif!) 🛡️✨ </h3> <ol> <li> <strong>Whitelist URL yang Diizinkan</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="nv">$allowed</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'/dashboard'</span><span class="p">,</span> <span class="s1">'/profile'</span><span class="p">,</span> <span class="nf">url</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">previous</span><span class="p">()];</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">in_array</span><span class="p">(</span><span class="nv">$redirect</span><span class="p">,</span> <span class="nv">$allowed</span><span class="p">))</span> <span class="nv">$redirect</span> <span class="o">=</span> <span class="s1">'/dashboard'</span><span class="p">;</span> </code></pre> </div> <ol> <li><p><strong>Cek Domain Sama (Relative Path Only)</strong><br> Pakai <code>url()-&gt;previous()</code> atau force internal.</p></li> <li><p><strong>Pakai Signed Redirect (Laravel punya!)</strong><br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">return</span> <span class="nf">redirect</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">signedRoute</span><span class="p">(</span><span class="s1">'dashboard'</span><span class="p">);</span> <span class="c1">// Otomatis validasi signature</span> </code></pre> </div> <ol> <li> <strong>Validasi Strict</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nc">Str</span><span class="o">::</span><span class="nf">startsWith</span><span class="p">(</span><span class="nv">$url</span><span class="p">,</span> <span class="nf">url</span><span class="p">(</span><span class="s1">'/'</span><span class="p">)))</span> <span class="nf">abort</span><span class="p">(</span><span class="mi">400</span><span class="p">);</span> <span class="c1">// Harus mulai dari domain sendiri</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7ijyicbcwzvi1nwknqbb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7ijyicbcwzvi1nwknqbb.png" alt=" " width="800" height="654"></a></p> <p>Diagram prevention dari Microsoft ini nunjukin proses secure redirect – validasi dulu baru redirect!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ip3744pwgdal4tcjqx3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ip3744pwgdal4tcjqx3.png" alt=" " width="800" height="417"></a></p> <p>Identifying Open Redirection ini bagian dari best practices – whitelist &amp; check!</p> <h3> Latihan Seru Buat Kamu! 💪🔥 </h3> <ol> <li>Buat login dengan redirect rentan, test phishing link.</li> <li>Kirim link jahat ke temen (di lab ya!), lihat dia percaya nggak.</li> <li>Tambahin whitelist/signed route, test lagi (harusnya aman!).</li> <li>Coba di labs seperti PortSwigger Open Redirect.</li> </ol> <p>Selamat praktikum, guys! Open Redirect ini vulnerability "sederhana tapi jahat" yang bikin phishing sukses besar, tapi dengan validasi &amp; whitelist, website kamu anti-phishing total 🎣🔒 Jadi developer yang bikin user aman dari jebakan! Ingat: <strong>Selalu validasi redirect URL!</strong> Keep coding safely and have fun! 🎉🔀</p> tutorial security laravel php ahmadasroni38 Thu, 18 Dec 2025 08:30:41 +0000 https://forem.com/ahmadasroni38/praktikum-keamanan-web-brute-force-attack-rate-limiting-5ejm https://forem.com/ahmadasroni38/praktikum-keamanan-web-brute-force-attack-rate-limiting-5ejm <p>Halo, teman-teman mahasiswa! Selamat datang di praktikum seru tentang <strong>Brute Force Attack</strong> – serangan klasik yang kayak "coba-coba semua kunci sampai pintu kebuka"! Hacker pakai script otomatis buat tebak password ribuan kali per detik di form login. Kalau password lemah (misal "123456"), akun langsung jebol. Tapi tenang, kita punya senjata ampuh: <strong>Rate Limiting</strong> – kayak satpam yang bilang "Cukup! Tunggu dulu kalau terlalu sering salah!" </p> <p>Ini vulnerability umum banget di login, API, atau form sensitif. Yuk kita pelajari bareng, santai tapi powerful, dengan contoh gampang di Laravel!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj45qgnkiovk6tredwc3h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj45qgnkiovk6tredwc3h.png" alt=" " width="800" height="501"></a></p> <p>Ilustrasi hacker lagi brute force ini nunjukin ribuan percobaan password – capek banget kalau manual! 😂</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpas9mcb960qlcuu0mijp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpas9mcb960qlcuu0mijp.png" alt=" " width="800" height="432"></a></p> <p>Gambar robot AI cracking password ini mind-blowing – brute force modern pakai AI!</p> <h3> Apa Itu Brute Force Attack? 🤖🔓 </h3> <p>Brute force adalah serangan "kasar" yang coba semua kombinasi password sampai benar.</p> <p>Jenisnya:</p> <ol> <li> <strong>Pure Brute Force</strong>: Coba semua karakter (aaaa, aaab, ... zzzz) – lambat banget!</li> <li> <strong>Dictionary Attack</strong>: Pakai daftar kata umum (password123, admin, dll) – cepat kalau password lemah.</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw6gxw5033e0m8k3chs5k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw6gxw5033e0m8k3chs5k.png" alt=" " width="739" height="569"></a></p> <p>Visual dictionary attack ini jelas banget: Hacker pakai list kata umum buat tebak cepat!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fakkfcn2io2wjoct8uagj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fakkfcn2io2wjoct8uagj.png" alt=" " width="800" height="527"></a></p> <p>Tabel password cracking time 2025 ini serem – password pendek jebol dalam detik!</p> <h3> Contoh 1: Brute Force Login Sederhana </h3> <p>Kode login rentan (tanpa limit):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">if</span> <span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="n">password</span> <span class="o">===</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="n">password</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Login sukses</span> <span class="p">}</span> </code></pre> </div> <p>Hacker pakai tool seperti Hydra atau script Python:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">for</span> <span class="n">password</span> <span class="ow">in</span> <span class="n">dictionary</span><span class="p">:</span> <span class="nf">post</span><span class="p">(</span><span class="sh">'</span><span class="s">/login</span><span class="sh">'</span><span class="p">,</span> <span class="p">{</span><span class="sh">'</span><span class="s">email</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">victim@email.com</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">:</span> <span class="n">password</span><span class="p">})</span> </code></pre> </div> <p>Kalau dictionary punya 10.000 kata, coba semua dalam detik!</p> <h3> Contoh 2: Credential Stuffing </h3> <p>Pakai username:password bocoran dari breach lain (misal dari LinkedIn hack).</p> <h3> Contoh 3: API Endpoint Tanpa Limit </h3> <p>Hacker flood request ke /api/login – server down (DoS bonus).</p> <h3> Rate Limiting: Si Penjaga Pintu! 🛡️⏱️ </h3> <p>Rate limiting batasi berapa kali request dari satu IP/user dalam waktu tertentu.</p> <p>Contoh: Maksimal 5 attempt login per menit per IP.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdn1moqjtxjpgw3he5x19.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdn1moqjtxjpgw3he5x19.png" alt=" " width="800" height="418"></a></p> <p>Diagram sliding window rate limiting ini keren – batas request bergeser waktu!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5gzmhhlgwmtk4zlbulkx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5gzmhhlgwmtk4zlbulkx.png" alt=" " width="800" height="480"></a></p> <p>Ilustrasi API rate limiting ini nunjukin barrier yang blokir flood request!</p> <h3> Cara Implementasi di Laravel (Super Gampang!) </h3> <p>Laravel punya <strong>Throttle Middleware</strong> built-in!</p> <p>Di Route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/login'</span><span class="p">,</span> <span class="p">[</span><span class="nc">LoginController</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="s1">'login'</span><span class="p">])</span> <span class="o">-&gt;</span><span class="nf">middleware</span><span class="p">(</span><span class="s1">'throttle:5,1'</span><span class="p">);</span> <span class="c1">// 5 attempt per 1 menit</span> </code></pre> </div> <p>Atau custom:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="o">-&gt;</span><span class="nf">middleware</span><span class="p">(</span><span class="s1">'throttle:60,1'</span><span class="p">);</span> <span class="c1">// 60 request per menit (buat API)</span> </code></pre> </div> <p>Kalau exceed: "Too Many Attempts" otomatis!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3c63wgcvmmyutp9ahgw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3c63wgcvmmyutp9ahgw.png" alt=" " width="800" height="603"></a></p> <p>Contoh Laravel throttle message ini persis yang muncul kalau kebanyakan attempt!</p> <h3> Bonus: Kombinasi dengan Pencegahan Lain </h3> <ul> <li>Hash password kuat (bcrypt/argon2).</li> <li>CAPTCHA setelah 3 gagal.</li> <li>Account lockout sementara.</li> <li>Monitor login failed.</li> </ul> <h3> Latihan Seru Buat Kamu! 💪🔥 </h3> <ol> <li>Buat login rentan, brute force pakai script sederhana (curl loop).</li> <li>Tambahin throttle middleware, test lagi (harusnya blokir!).</li> <li>Custom rate limit beda buat login vs API.</li> <li>Coba di labs seperti PortSwigger Brute Force.</li> </ol> <p>Selamat praktikum, guys! Brute Force ini serangan "bodoh tapi efektif" kalau nggak dicegah, tapi dengan Rate Limiting Laravel, akun kamu aman kayak brankas bank 💰🔒 Jadi developer yang anti-brute dari awal! Ingat: <strong>Batasi attempt, selamatkan password!</strong> Keep coding safely and have fun! 🎉🚫</p> tutorial security laravel php ahmadasroni38 Thu, 18 Dec 2025 08:23:02 +0000 https://forem.com/ahmadasroni38/praktikum-keamanan-web-server-side-request-forgery-ssrf-1077 https://forem.com/ahmadasroni38/praktikum-keamanan-web-server-side-request-forgery-ssrf-1077 <p>Halo, teman-teman mahasiswa! Selamat datang di praktikum super misterius tentang <strong>Server-Side Request Forgery</strong> atau <strong>SSRF</strong> – vulnerability yang bikin hacker kayak detektif siluman! Bayangkan aplikasi web kamu punya fitur fetch data dari URL lain (misal preview link, import gambar, atau cek webhook). Kalau nggak dijaga, hacker bisa "paksa" server kamu request ke tempat terlarang: internal network, metadata cloud (AWS/GCP/Azure), atau bahkan localhost! Hasilnya? Baca file rahasia, scan port internal, atau ambil credential cloud. Kayak server kamu jadi boneka hacker tanpa sadar. </p> <p>SSRF sering dipakai buat serangan advanced di cloud environment. Yuk kita eksplor bareng, santai tapi mind-blowing, dengan contoh sederhana di PHP/Laravel!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc58w6v04p86mlm82ky8r.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc58w6v04p86mlm82ky8r.png" alt=" " width="800" height="567"></a></p> <p>Kartun hacker lagi manfaatin SSRF ini lucu tapi nunjukin betapa liciknya – server dipaksa request ke internal! 😂</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9e6do0j0we5w3swr4fbd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9e6do0j0we5w3swr4fbd.png" alt=" " width="299" height="168"></a></p> <p>Diagram klasik dari PortSwigger ini gambarin alur SSRF secara jelas – attacker → server → target terlarang!</p> <h3> Apa Itu SSRF? 🤔🔍 </h3> <p>SSRF terjadi saat server melakukan request ke URL yang dikontrol user tanpa validasi ketat. Server "percaya" input user dan fetch ke mana saja, termasuk:</p> <ul> <li>Internal IP (127.0.0.1, 192.168.x.x, 10.x.x.x)</li> <li>Metadata service cloud (<a href="http://169.254.169.254" rel="noopener noreferrer">http://169.254.169.254</a> di AWS)</li> <li>Local files (file:///etc/passwd)</li> </ul> <p>Dampak: Port scanning, data leakage, RCE kalau chain dengan vuln lain.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3sva5ya5vo62zjcoi9ed.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3sva5ya5vo62zjcoi9ed.png" alt=" " width="800" height="510"></a></p> <p>Ilustrasi update ini detail banget: Hacker paksa server request ke internal services!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2xlwye7wbdi55q60zgr8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2xlwye7wbdi55q60zgr8.png" alt=" " width="800" height="539"></a></p> <p>Flowchart exploit SSRF ini step-by-step – dari input user sampai akses internal!</p> <h3> Contoh 1: Preview Link atau Gambar (Klasik SSRF!) </h3> <p>Kode rentan:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$url</span> <span class="o">=</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">input</span><span class="p">(</span><span class="s1">'url'</span><span class="p">);</span> <span class="nv">$content</span> <span class="o">=</span> <span class="nb">file_get_contents</span><span class="p">(</span><span class="nv">$url</span><span class="p">);</span> <span class="c1">// Langsung fetch tanpa cek!</span> <span class="k">echo</span> <span class="nv">$content</span><span class="p">;</span> </code></pre> </div> <p>Input normal: <a href="https://example.com/image.jpg" rel="noopener noreferrer">https://example.com/image.jpg</a> → Tampil gambar.</p> <p>Input jahat: <a href="http://127.0.0.1:8080/admin" rel="noopener noreferrer">http://127.0.0.1:8080/admin</a> → Tampil halaman admin internal!</p> <p>Atau <a href="http://localhost/server-status" rel="noopener noreferrer">http://localhost/server-status</a> → Lihat info Apache internal.</p> <h3> Contoh 2: Akses Metadata Cloud (Bahaya di AWS/Azure/GCP!) </h3> <p>URL jahat: <a href="http://169.254.169.254/latest/meta-data/iam/security-credentials/role-name" rel="noopener noreferrer">http://169.254.169.254/latest/meta-data/iam/security-credentials/role-name</a></p> <p>Server fetch → Dapat AWS credentials temporary! Hacker ambil alih akun cloud.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F98rmr4h5gjdhz81djyry.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F98rmr4h5gjdhz81djyry.png" alt=" " width="695" height="461"></a></p> <p>Contoh real di Azure services – SSRF buat akses internal!</p> <h3> Contoh 3: Port Scanning Internal </h3> <p>Input: <a href="http://192.168.1.1:22" rel="noopener noreferrer">http://192.168.1.1:22</a> → Kalau response beda (timeout vs connected), hacker tahu port open!</p> <p>Atau bypass filter dengan: <a href="http://2130706433:80" rel="noopener noreferrer">http://2130706433:80</a> (IP decimal untuk 127.0.0.1)</p> <h3> Contoh 4: Baca File Local </h3> <p>Kalau allow file:// protocol: file:///etc/passwd → Tampil isi file server!</p> <h3> Cara Mencegah SSRF (Best Practices Keren!) 🛡️✨ </h3> <ol> <li> <strong>Whitelist Domain yang Diizinkan</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="nv">$allowed</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'example.com'</span><span class="p">,</span> <span class="s1">'api.public.com'</span><span class="p">];</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">in_array</span><span class="p">(</span><span class="nb">parse_url</span><span class="p">(</span><span class="nv">$url</span><span class="p">,</span> <span class="kc">PHP_URL_HOST</span><span class="p">),</span> <span class="nv">$allowed</span><span class="p">))</span> <span class="nf">abort</span><span class="p">(</span><span class="mi">403</span><span class="p">);</span> </code></pre> </div> <ol> <li><p><strong>Blacklist Internal IP</strong><br> Cek kalau IP private (127.<em>, 10.</em>, 192.168.<em>, 172.16-31.</em>) → Blokir!</p></li> <li><p><strong>Disable Redirect &amp; Non-HTTP Protocol</strong><br> Pakai Guzzle dengan opsi:<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="nv">$client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">\GuzzleHttp\Client</span><span class="p">([</span><span class="s1">'allow_redirects'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="s1">'protocols'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'http'</span><span class="p">,</span> <span class="s1">'https'</span><span class="p">]]);</span> </code></pre> </div> <ol> <li> <strong>Validasi &amp; Sanitasi URL Ketat</strong> Pakai library seperti <code>league/uri</code> untuk parse aman.</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3iuupekkgeitl5ydx2dv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3iuupekkgeitl5ydx2dv.png" alt=" " width="575" height="471"></a></p> <p>OWASP common flow prevention – whitelist &amp; blacklist adalah kunci!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fau4xc3hvd1meg16eg4cl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fau4xc3hvd1meg16eg4cl.png" alt=" " width="800" height="450"></a></p> <p>Infografis Akamai ini nunjukin cara cegah SSRF secara visual!</p> <h3> Latihan Seru Buat Kamu! 💪🔥 </h3> <ol> <li>Buat fitur preview URL rentan, test akses localhost.</li> <li>Coba metadata AWS (di lab seperti PortSwigger).</li> <li>Tambahin whitelist, test bypass (decimal IP, dll).</li> <li>Implementasikan secure fetch dengan Guzzle.</li> </ol> <p>Selamat praktikum, guys! SSRF ini vulnerability "ninja" yang diam-diam kuat, terutama di cloud – tapi dengan whitelist &amp; validasi, server kamu aman kayak benteng tak terlihat 🔒🌐 Jadi developer yang aware cloud security dari sekarang! Ingat: <strong>Never trust user-provided URLs!</strong> Keep coding safely and have fun! 🎉🕵️‍♂️</p> tutorial webdev security php ahmadasroni38 Thu, 18 Dec 2025 08:17:28 +0000 https://forem.com/ahmadasroni38/praktikum-keamanan-web-file-upload-vulnerability-37aa https://forem.com/ahmadasroni38/praktikum-keamanan-web-file-upload-vulnerability-37aa <p>Halo, teman-teman mahasiswa! Selamat datang di praktikum super seru dan penting tentang <strong>File Upload Vulnerability</strong> – salah satu celah keamanan yang paling sering dieksploitasi hacker untuk ambil alih server! Bayangkan kamu punya fitur upload foto profil atau dokumen di website. Kalau nggak dijaga ketat, hacker bisa upload file jahat seperti <strong>web shell</strong> (script PHP nakal) yang bisa jalankan command di server: baca file rahasia (.env), hapus data, atau bahkan kontrol total server. Kayak kasih remote control ke orang asing! </p> <p>Ini sering masuk OWASP Top 10 karena gampang banget dieksploitasi. Yuk kita bahas santai, dengan contoh sederhana di PHP/Laravel, kode mudah dicoba di localhost, dan ilustrasi keren biar langsung paham. Siap jadi hacker etis? 😎</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhs298zoa5cahesd676u8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhs298zoa5cahesd676u8.png" alt=" " width="768" height="549"></a></p> <p>Ilustrasi hacker lagi upload malicious file ini nunjukin bahayanya – dari form biasa jadi web shell!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7hdekmizd58ym1cepppo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7hdekmizd58ym1cepppo.png" alt=" " width="800" height="450"></a></p> <p>Gambar Intigriti ini keren banget gambarin proses file upload vulnerabilities!</p> <h3> Apa Itu File Upload Vulnerability? 🤔 </h3> <p>Ini terjadi saat aplikasi nggak validasi file upload dengan benar: tipe file, ukuran, nama, isi, atau lokasi penyimpanan. Hacker manfaatin buat upload executable file (PHP, JSP, dll) yang bisa dieksekusi server.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq47c4w20nhdpvdqmcz6q.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq47c4w20nhdpvdqmcz6q.png" alt=" " width="800" height="480"></a></p> <p>Diagram step-by-step ini jelasin alur serangan: upload → bypass → execute shell!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F24a3nr4x1f17h522u1a0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F24a3nr4x1f17h522u1a0.png" alt=" " width="800" height="480"></a></p> <p>Visual lain yang detail banget nunjukin variasi exploit!</p> <h3> Contoh 1: Upload Web Shell Sederhana (Klasik!) 🐚 </h3> <p>Kode rentan (PHP sederhana):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">if</span><span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$_FILES</span><span class="p">[</span><span class="s1">'file'</span><span class="p">]))</span> <span class="p">{</span> <span class="nv">$file</span> <span class="o">=</span> <span class="nv">$_FILES</span><span class="p">[</span><span class="s1">'file'</span><span class="p">];</span> <span class="nb">move_uploaded_file</span><span class="p">(</span><span class="nv">$file</span><span class="p">[</span><span class="s1">'tmp_name'</span><span class="p">],</span> <span class="s1">'uploads/'</span> <span class="mf">.</span> <span class="nv">$file</span><span class="p">[</span><span class="s1">'name'</span><span class="p">]);</span> <span class="c1">// Langsung simpan nama asli!</span> <span class="p">}</span> </code></pre> </div> <p>Hacker upload file <code>shell.php</code> dengan isi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nb">system</span><span class="p">(</span><span class="nv">$_GET</span><span class="p">[</span><span class="s1">'cmd'</span><span class="p">]);</span> <span class="cp">?&gt;</span> // Jalankan command dari URL </code></pre> </div> <p>Akses: <code>uploads/shell.php?cmd=whoami</code> → Dapat info server!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmf9qd57czxqfvo2up5l1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmf9qd57czxqfvo2up5l1.png" alt=" " width="800" height="450"></a></p> <p>Contoh web shell upload – hacker eksekusi command seenaknya!</p> <h3> Contoh 2: Bypass Extension (Tricky!) </h3> <p>Validasi lemah: Cek hanya extension <code>.jpg</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">if</span><span class="p">(</span><span class="nb">pathinfo</span><span class="p">(</span><span class="nv">$filename</span><span class="p">,</span> <span class="no">PATHINFO_EXTENSION</span><span class="p">)</span> <span class="o">!==</span> <span class="s1">'jpg'</span><span class="p">)</span> <span class="k">die</span><span class="p">(</span><span class="s1">'Invalid!'</span><span class="p">);</span> </code></pre> </div> <p>Hacker upload <code>shell.php.jpg</code> atau <code>shell.jpg.php</code> (kalau Apache config salah).</p> <p>Atau polyglot file: File valid image tapi isi PHP di awal (GIF89a; &lt;?php ... ?&gt;).</p> <h3> Contoh 3: Null Byte Injection (Old but Gold) </h3> <p>Di PHP lama: <code>shell.php%00.jpg</code> → %00 potong string, jadi simpan sebagai <code>shell.php</code>.</p> <h3> Contoh 4: Overwrite File Penting </h3> <p>Simpan dengan nama asli → Upload <code>.htaccess</code> atau overwrite config.</p> <h3> Cara Mencegah File Upload (Best Practices Keren!) 🛡️✨ </h3> <ol> <li> <strong>Validasi Ketat MIME Type &amp; Extension Whitelist</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">validate</span><span class="p">([</span> <span class="s1">'file'</span> <span class="o">=&gt;</span> <span class="s1">'required|mimes:jpg,png,pdf|max:2048'</span> <span class="c1">// Max 2MB</span> <span class="p">]);</span> </code></pre> </div> <ol> <li> <strong>Rename File Unik</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="nv">$filename</span> <span class="o">=</span> <span class="nc">Str</span><span class="o">::</span><span class="nf">uuid</span><span class="p">()</span> <span class="mf">.</span> <span class="s1">'.'</span> <span class="mf">.</span> <span class="nv">$file</span><span class="o">-&gt;</span><span class="nf">getClientOriginalExtension</span><span class="p">();</span> </code></pre> </div> <ol> <li><p><strong>Simpan di Private Storage, Bukan Public</strong><br> Pakai <code>storage/app/private</code>, serve lewat controller (cek auth).</p></li> <li><p><strong>Verifikasi Isi File (Bukan Cuma Extension)</strong><br> Pakai library seperti Intervention Image untuk cek benar image.</p></li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F68fjreppx9yrqu7ptmiy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F68fjreppx9yrqu7ptmiy.png" alt=" " width="800" height="418"></a></p> <p>Infografis best practices ini lengkap: validation, unique name, private storage!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0qvj87a7f0a76cmvt3mv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0qvj87a7f0a76cmvt3mv.png" alt=" " width="800" height="418"></a></p> <p>Checklist prevention ini dari expert – wajib diikuti!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fohc3usliigmdudfbt9rh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fohc3usliigmdudfbt9rh.png" alt=" " width="750" height="422"></a></p> <p>Contoh secure upload flow – aman total!</p> <h3> Latihan Seru Buat Kamu! 💪🔥 </h3> <ol> <li>Buat form upload rentan, upload shell.php, eksekusi command.</li> <li>Tambahin bypass extension, test polyglot.</li> <li>Perbaiki dengan validasi Laravel, rename, private storage.</li> <li>Coba di labs seperti PortSwigger File Upload.</li> </ol> <p>Selamat praktikum, guys! File Upload Vulnerability ini pintu masuk favorit hacker buat RCE, tapi dengan validasi ketat &amp; storage aman, website kamu jadi anti-bullet 🔒💪 Jadi developer yang secure minded dari sekarang! Ingat: <strong>Never trust uploaded files!</strong> Keep coding safely and have fun! 🎉📁</p> tutorial security laravel php ahmadasroni38 Thu, 18 Dec 2025 08:12:07 +0000 https://forem.com/ahmadasroni38/praktikum-keamanan-web-broken-access-control-insecure-direct-object-reference-idor-51i4 https://forem.com/ahmadasroni38/praktikum-keamanan-web-broken-access-control-insecure-direct-object-reference-idor-51i4 <p>Halo, teman-teman mahasiswa! Selamat datang di praktikum super penting tentang <strong>Broken Access Control</strong> – vulnerability nomor 1 di OWASP Top 10 tahun 2025! Ini termasuk <strong>Insecure Direct Object Reference (IDOR)</strong>, yang kayak pintu samping rumah yang lupa dikunci. Bayangkan kamu login sebagai user biasa, tapi cuma ganti angka di URL (misal /profile/123 jadi /profile/456), terus langsung bisa lihat atau edit data orang lain: profile, invoice, foto pribadi, bahkan delete akun! Serem banget kan? Hacker bisa curi data massal tanpa perlu password.</p> <p>Ini beda dari authentication (yang cek "siapa kamu"), tapi authorization (yang cek "boleh nggak kamu akses ini?"). Yuk kita pelajari bareng, santai tapi seru, dengan contoh Laravel gampang dicoba di localhost!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F40ipk248zf2v4jf12iqc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F40ipk248zf2v4jf12iqc.png" alt=" " width="800" height="420"></a></p> <p>Kartun hacker lagi eksploitasi IDOR ini lucu tapi nunjukin bahayanya – ganti ID doang, data orang lain kebuka! 😂</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foepuaj0nampp5n8a687p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foepuaj0nampp5n8a687p.png" alt=" " width="781" height="461"></a></p> <p>Ilustrasi SVG keren ini gambarin konsep Broken Access Control secara visual – user biasa nyelonong ke area terlarang!</p> <h3> Apa Itu Broken Access Control &amp; IDOR? 🤔 </h3> <p>Broken Access Control terjadi saat aplikasi nggak cek hak akses dengan benar. IDOR adalah jenis paling umum: Aplikasi pakai reference langsung (seperti ID di database) tanpa verifikasi ownership.</p> <p>Contoh sederhana: URL <code>/user/5/edit</code> → Kalau nggak dicek, user ID 10 bisa edit user ID 5.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fngggmw535ouur9pj0w40.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fngggmw535ouur9pj0w40.png" alt=" " width="800" height="456"></a></p> <p>Diagram attack IDOR ini jelas banget: Attacker ganti reference object langsung, bypass authorization!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvnwhtx6ke8uwvljb0z03.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvnwhtx6ke8uwvljb0z03.png" alt=" " width="800" height="450"></a></p> <p>Flowchart serangan IDOR ini step-by-step – dari request normal sampai exploit ganti ID!</p> <h3> Contoh 1: Lihat Profile Orang Lain (Klasik IDOR!) 👀 </h3> <p>Controller rentan:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">show</span><span class="p">(</span><span class="nv">$id</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nc">User</span><span class="o">::</span><span class="nf">findOrFail</span><span class="p">(</span><span class="nv">$id</span><span class="p">);</span> <span class="c1">// Ambil user berdasarkan ID tanpa cek!</span> <span class="k">return</span> <span class="nf">view</span><span class="p">(</span><span class="s1">'profile.show'</span><span class="p">,</span> <span class="nb">compact</span><span class="p">(</span><span class="s1">'user'</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p>Route: <code>Route::get('/profile/{id}', [ProfileController::class, 'show']);</code></p> <p>Kamu login sebagai user ID 10, buka <code>/profile/10</code> → Aman.</p> <p>Hacker ganti jadi <code>/profile/11</code> → Langsung lihat data user lain: email, nomor HP, alamat!</p> <h3> Contoh 2: Edit atau Delete Data Orang Lain 🖊️🗑️ </h3> <p>Controller rentan:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">update</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">,</span> <span class="nv">$id</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nc">User</span><span class="o">::</span><span class="nf">findOrFail</span><span class="p">(</span><span class="nv">$id</span><span class="p">);</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">update</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">all</span><span class="p">());</span> <span class="c1">// Update tanpa cek ownership</span> <span class="p">}</span> </code></pre> </div> <p>Hacker kirim POST ke <code>/user/999/update</code> dengan data jahat → Ubah email/password user lain.</p> <p>Atau delete: <code>User::findOrFail($id)-&gt;delete();</code> → Hapus akun orang!</p> <h3> Contoh 3: Akses Invoice atau Order di E-Commerce 🧾 </h3> <p>URL: <code>/invoice/12345</code></p> <p>User biasa ganti angka sequentially (12345, 12346, ...) → Download semua invoice customer lain. Bisa curi data kartu kredit atau alamat!</p> <h3> Contoh 4: Admin Panel Tanpa Cek Role 👑 </h3> <p>Controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">dashboard</span><span class="p">()</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nf">auth</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">check</span><span class="p">())</span> <span class="nf">abort</span><span class="p">(</span><span class="mi">403</span><span class="p">);</span> <span class="c1">// Hanya cek login, nggak cek role!</span> <span class="k">return</span> <span class="nf">view</span><span class="p">(</span><span class="s1">'admin.dashboard'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>User biasa akses <code>/admin/dashboard</code> → Lihat semua data sensitif.</p> <h3> Cara Mencegah di Laravel (Super Mudah &amp; Keren!) 🛡️✨ </h3> <p>Laravel punya tools pro: <strong>Policy</strong>, <strong>Gate</strong>, <strong>Middleware</strong>, dan <code>$this-&gt;authorize()</code>.</p> <ol> <li> <strong>Pakai Policy (Rekomendasi untuk Model!)</strong> Buat policy: <code>php artisan make:policy UserPolicy --model=User</code> </li> </ol> <p>Di UserPolicy.php:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">public</span> <span class="k">function</span> <span class="n">view</span><span class="p">(</span><span class="kt">User</span> <span class="nv">$authUser</span><span class="p">,</span> <span class="kt">User</span> <span class="nv">$targetUser</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$authUser</span><span class="o">-&gt;</span><span class="n">id</span> <span class="o">===</span> <span class="nv">$targetUser</span><span class="o">-&gt;</span><span class="n">id</span><span class="p">;</span> <span class="c1">// Hanya boleh lihat milik sendiri</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">update</span><span class="p">(</span><span class="kt">User</span> <span class="nv">$authUser</span><span class="p">,</span> <span class="kt">User</span> <span class="nv">$targetUser</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$authUser</span><span class="o">-&gt;</span><span class="n">id</span> <span class="o">===</span> <span class="nv">$targetUser</span><span class="o">-&gt;</span><span class="n">id</span> <span class="o">||</span> <span class="nv">$authUser</span><span class="o">-&gt;</span><span class="n">is_admin</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Di Controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">public</span> <span class="k">function</span> <span class="n">show</span><span class="p">(</span><span class="kt">User</span> <span class="nv">$user</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Route Model Binding</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">authorize</span><span class="p">(</span><span class="s1">'view'</span><span class="p">,</span> <span class="nv">$user</span><span class="p">);</span> <span class="c1">// Otomatis cek policy!</span> <span class="k">return</span> <span class="nf">view</span><span class="p">(</span><span class="s1">'profile.show'</span><span class="p">,</span> <span class="nb">compact</span><span class="p">(</span><span class="s1">'user'</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fak6nr7susva62mp4g1j1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fak6nr7susva62mp4g1j1.png" alt=" " width="512" height="375"></a></p> <p>Gambar ini nunjukin cara prevent Broken Access Control di Laravel – pakai policy &amp; gate!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7wj7s9guq460ti987etd.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7wj7s9guq460ti987etd.png" alt=" " width="549" height="358"></a></p> <p>Contoh kode Laravel secure dengan authorization – langsung aman!</p> <ol> <li> <strong>Manual Check (Simple)</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="k">if</span> <span class="p">(</span><span class="nf">auth</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">id</span><span class="p">()</span> <span class="o">!==</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="n">id</span><span class="p">)</span> <span class="nf">abort</span><span class="p">(</span><span class="mi">403</span><span class="p">);</span> </code></pre> </div> <ol> <li> <strong>Middleware untuk Admin</strong> Buat middleware <code>admin</code>, apply ke route group.</li> </ol> <h3> Latihan Seru Buat Kamu! 💪🔥 </h3> <ol> <li>Buat profile viewer rentan, test IDOR dengan ganti ID di URL.</li> <li>Tambahin policy, test lagi (harusnya 403 Forbidden!).</li> <li>Buat fitur invoice, exploit sequential ID.</li> <li>Implementasikan Gate untuk admin-only feature.</li> </ol> <p>Selamat praktikum, guys! Broken Access Control/IDOR ini vulnerability "pintu samping" yang sering terlupakan, tapi dengan Laravel Policy &amp; authorize, aplikasi kamu aman kayak benteng kerajaan 👑🔒 Jadi developer yang pro security dari sekarang! Ingat: <strong>Selalu cek ownership &amp; role sebelum akses data!</strong> Keep coding safely and have fun! 🎉🐘</p> tutorial security laravel php ahmadasroni38 Thu, 18 Dec 2025 07:55:52 +0000 https://forem.com/ahmadasroni38/praktikum-keamanan-web-mass-assignment-vulnerability-fmh https://forem.com/ahmadasroni38/praktikum-keamanan-web-mass-assignment-vulnerability-fmh <p>Halo, teman-teman mahasiswa! Selamat datang di praktikum seru tentang <strong>Mass Assignment</strong> – vulnerability yang sering disebut "silent killer" di aplikasi modern, terutama yang pakai framework seperti Laravel, Ruby on Rails, atau Node.js. Bayangkan kamu lagi isi form registrasi biasa: nama, email, password. Tapi kalau developer lupa proteksi, hacker bisa "nyelipkan" field rahasia seperti "is_admin = true" dan langsung jadi admin! Kayak kasih kunci rumah ke orang asing tanpa sadar. </p> <p>Ini bukan serangan rumit kayak SQLi atau XSS, tapi super berbahaya karena gampang dieksploitasi lewat form atau API. Yuk kita bahas santai, dengan contoh Laravel (paling populer di PHP), kode mudah dicoba, dan ilustrasi keren biar langsung paham! 🚀</p> <p>Ilustrasi klasik ini nunjukin gimana mass assignment "mengisi massal" field yang seharusnya dilindungi – hacker senang banget!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ti944ld1lwlh0sphsl8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ti944ld1lwlh0sphsl8.png" alt=" " width="800" height="450"></a></p> <p>Kartun hacker lagi eksploitasi mass assignment – jangan ditiru, ini buat belajar aja! 😂</p> <h3> Apa Itu Mass Assignment? 🤔 </h3> <p>Mass Assignment adalah fitur keren di ORM (Object-Relational Mapping) seperti Eloquent di Laravel yang memungkinkan isi banyak field model sekaligus dari array input (misal dari form atau request API).</p> <p>Contoh normal &amp; berguna:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">User</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">all</span><span class="p">());</span> <span class="c1">// Isi semua field dari input</span> </code></pre> </div> <p>Tapi kalau nggak ada proteksi, semua field di tabel database bisa diisi user – termasuk yang sensitif seperti <code>is_admin</code>, <code>role</code>, <code>balance</code>, dll.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ikr2nteyt5smmdno8wc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ikr2nteyt5smmdno8wc.png" alt=" " width="664" height="450"></a></p> <p>Diagram sederhana ini gambarin proses mass assignment – dari request sampai database keisi data tak terduga!</p> <h3> Contoh 1: Registrasi User Jadi Admin Gratis! 👑 </h3> <p>Model User tanpa proteksi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kd">class</span> <span class="nc">User</span> <span class="kd">extends</span> <span class="nc">Model</span> <span class="p">{</span> <span class="c1">// Kosong! Semua field boleh diisi massal</span> <span class="p">}</span> </code></pre> </div> <p>Controller rentan:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">register</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="nc">User</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">all</span><span class="p">());</span> <span class="k">return</span> <span class="s2">"Registrasi sukses!"</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Form normal: name, email, password.</p> <p>Hacker tambahin di request (pakai Burp Suite atau Postman):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Hacker"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"hack@evil.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"123"</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_admin"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Boom! User baru langsung jadi admin. Bisa hapus data, ubah apa saja!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg608od7e8v39v9l0z064.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg608od7e8v39v9l0z064.png" alt=" " width="800" height="450"></a></p> <p>Visual in-depth ini nunjukin serangan mass assignment di Laravel – hacker ubah role seenaknya!</p> <h3> Contoh 2: Ubah Role di Update Profile </h3> <p>Controller update rentan:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">update</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">,</span> <span class="kt">User</span> <span class="nv">$user</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">update</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">all</span><span class="p">());</span> <span class="p">}</span> </code></pre> </div> <p>Hacker kirim: "role" =&gt; "superadmin" → Akun biasa jadi superadmin.</p> <h3> Contoh 3: Kasus Nyata (GitHub 2012) </h3> <p>Dulu Ruby on Rails kena mass assignment, hacker bisa buat akun admin di GitHub. Untung cepet ditambal!</p> <h3> Cara Mencegah Mass Assignment di Laravel (Wajib!) 🛡️✨ </h3> <p>Laravel punya dua cara keren:</p> <ol> <li> <strong>$fillable</strong> (Whitelist – Rekomendasi!) </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="kd">class</span> <span class="nc">User</span> <span class="kd">extends</span> <span class="nc">Model</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$fillable</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'name'</span><span class="p">,</span> <span class="s1">'email'</span><span class="p">,</span> <span class="s1">'password'</span><span class="p">];</span> <span class="c1">// Hanya ini boleh diisi massal</span> <span class="p">}</span> </code></pre> </div> <ol> <li> <strong>$guarded</strong> (Blacklist) </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="kd">class</span> <span class="nc">User</span> <span class="kd">extends</span> <span class="nc">Model</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$guarded</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'is_admin'</span><span class="p">,</span> <span class="s1">'role'</span><span class="p">];</span> <span class="c1">// Ini dilarang diisi massal</span> <span class="c1">// Atau $guarded = []; // Larang semua (paling aman, isi manual)</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6lbj1n7e34ch1q1fjpns.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6lbj1n7e34ch1q1fjpns.png" alt=" " width="720" height="540"></a></p> <p>Ilustrasi fillable vs guarded ini bikin langsung paham perbedaannya – pakai fillable biar aman!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhk3m2nlmbbb9drbyce24.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhk3m2nlmbbb9drbyce24.png" alt=" " width="686" height="386"></a></p> <p>Visual lain yang jelasin proteksi di Laravel – bookmark ya!</p> <h3> Bonus: Best Practices </h3> <ul> <li>Selalu pakai <code>$fillable</code> atau <code>$guarded</code>.</li> <li>Validasi input terpisah (<code>$request-&gt;validate()</code>).</li> <li>Untuk API, cek field manual kalau perlu.</li> <li>Jangan pernah biarin model kosong tanpa proteksi!</li> </ul> <h3> Latihan Seru Buat Kamu! 💪🔥 </h3> <ol> <li>Buat project Laravel sederhana dengan registrasi rentan, test jadi admin pakai Postman.</li> <li>Tambahin <code>$fillable</code>, test lagi (harusnya gagal!).</li> <li>Coba update profile dengan field sensitif.</li> <li>Diskusi: Kenapa mass assignment sering terlupakan pemula?</li> </ol> <p>Selamat praktikum, guys! Mass Assignment ini vulnerability "diam" tapi fatal, tapi dengan <code>$fillable</code> atau <code>$guarded</code>, aplikasi Laravel kamu aman kayak benteng 🔥 Jadi developer yang aware security dari awal! Ingat: <strong>Selalu kontrol apa yang boleh diisi massal!</strong> Keep coding safely and have fun! 🎉🔐🐘</p> tutorial security laravel php ahmadasroni38 Thu, 18 Dec 2025 07:45:20 +0000 https://forem.com/ahmadasroni38/praktikum-keamanan-web-cross-site-request-forgery-csrf-10jb https://forem.com/ahmadasroni38/praktikum-keamanan-web-cross-site-request-forgery-csrf-10jb <p>Halo, teman-teman mahasiswa! Selamat datang di praktikum keren tentang <strong>Cross-Site Request Forgery</strong> atau <strong>CSRF</strong> – salah satu serangan web yang licik banget! Bayangkan kamu lagi login di bank online, terus buka tab lain ke situs jahat. Tanpa sadar, situs jahat itu bisa "paksa" browser kamu kirim request ke bank buat transfer uang ke hacker – padahal kamu nggak klik apa-apa! Serem kan? Ini karena browser otomatis kirim cookie autentikasi kalau request dari situs lain.</p> <p>CSRF kayak "pemalsuan permintaan" dari situs lain, manfaatin kepercayaan browser ke cookie session. Yuk kita pelajari bareng, santai tapi seru, dengan contoh gampang dan ilustrasi visual!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy071cl0cvkt8ey9efwsk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy071cl0cvkt8ey9efwsk.png" alt=" " width="800" height="472"></a></p> <p>Ilustrasi klasik ini nunjukin alur serangan CSRF – victim tergoda klik atau buka situs jahat, terus request jahat dikirim otomatis!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn1yeebo4rzio20g0xel4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn1yeebo4rzio20g0xel4.png" alt=" " width="656" height="448"></a></p> <p>Diagram sederhana ini gambarin gimana hacker "nyamar" pakai session victim – super jelas!</p> <h3> Apa Itu CSRF? 🤔 </h3> <p>CSRF adalah serangan di mana situs jahat memaksa browser user yang sudah login ke situs target untuk melakukan aksi tidak diinginkan (transfer uang, ubah password, delete akun, dll).</p> <p>Syarat utama:</p> <ul> <li>User sudah login (ada cookie session valid).</li> <li>Aksi penting pakai method GET atau POST tanpa proteksi.</li> <li>Browser otomatis kirim cookie ke domain asal.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F08zofpl0d6zq3gt8ueoa.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F08zofpl0d6zq3gt8ueoa.png" alt=" " width="299" height="168"></a></p> <p>Flowchart detail ini dari PortSwigger – langkah demi langkah serangan CSRF, langsung paham!</p> <h3> Contoh 1: Transfer Uang di Bank Online (Klasik Banget!) 💸 </h3> <p>Situs bank rentan: Form transfer pakai GET.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://bank.com/transfer?jumlah=1000000&amp;rekening_tujuan=12345678 </code></pre> </div> <p>Hacker buat situs jahat:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;img</span> <span class="na">src=</span><span class="s">"http://bank.com/transfer?jumlah=5000000&amp;rekening_tujuan=hacker123"</span> <span class="na">width=</span><span class="s">"1"</span> <span class="na">height=</span><span class="s">"1"</span><span class="nt">&gt;</span> </code></pre> </div> <p>Victim yang sudah login bank buka situs jahat → Browser load gambar, otomatis kirim request transfer ke hacker! Uang hilang tanpa victim sadar.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ryn6xf1x29lyo41f3sc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ryn6xf1x29lyo41f3sc.png" alt=" " width="800" height="472"></a></p> <p>Contoh bank transfer ini persis gambarin bahaya CSRF – duit lenyap diam-diam!</p> <h3> Contoh 2: Ubah Email di Profile (POST Attack) </h3> <p>Form rentan (POST tanpa proteksi):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;form</span> <span class="na">action=</span><span class="s">"/ubah-email"</span> <span class="na">method=</span><span class="s">"POST"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">name=</span><span class="s">"email"</span> <span class="na">value=</span><span class="s">"baru@email.com"</span><span class="nt">&gt;</span> <span class="nt">&lt;button&gt;</span>Simpan<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/form&gt;</span> </code></pre> </div> <p>Situs jahat:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;form</span> <span class="na">action=</span><span class="s">"http://situs.com/ubah-email"</span> <span class="na">method=</span><span class="s">"POST"</span> <span class="na">id=</span><span class="s">"jahat"</span><span class="nt">&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"hidden"</span> <span class="na">name=</span><span class="s">"email"</span> <span class="na">value=</span><span class="s">"hacker@evil.com"</span><span class="nt">&gt;</span> <span class="nt">&lt;/form&gt;</span> <span class="nt">&lt;script&gt;</span><span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">jahat</span><span class="dl">'</span><span class="p">).</span><span class="nf">submit</span><span class="p">();</span><span class="nt">&lt;/script&gt;</span> </code></pre> </div> <p>Victim buka → Form otomatis submit, email diganti jadi milik hacker!</p> <h3> Contoh 3: Like atau Delete Post di Sosmed </h3> <p>Kalau like pakai GET: ?post_id=123&amp;action=like → Hacker bisa buat img tag buat auto-like atau delete.</p> <h3> Cara Mencegah CSRF (Super Efektif!) 🔐✨ </h3> <ol> <li> <strong>Gunakan CSRF Token</strong> (Yang Paling Umum &amp; Kuat) <ul> <li>Server generate token unik per session/form.</li> <li>Token dikirim di form (hidden input) atau header.</li> <li>Server cek token sebelum proses request.</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn3esh8vdbdal1szh3jcf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn3esh8vdbdal1szh3jcf.png" alt=" " width="800" height="418"></a></p> <p>Diagram ini nunjukin gimana CSRF token blokir serangan – situs jahat nggak punya token valid!</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7zhc92gbbe9vg4mmmvx0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7zhc92gbbe9vg4mmmvx0.png" alt=" " width="800" height="589"></a></p> <p>Visual proteksi token ini bikin langsung ngerti kenapa aman!</p> <ol> <li><p><strong>SameSite Cookie</strong>: Set cookie dengan SameSite=Lax atau Strict → Browser nggak kirim cookie ke request cross-site.</p></li> <li><p><strong>Gunakan POST untuk aksi penting</strong>, bukan GET.</p></li> <li><p><strong>Double Submit Cookie</strong> atau framework built-in (Laravel, Django otomatis proteksi).</p></li> </ol> <h3> Bonus: CSRF vs XSS 🆚 </h3> <p>CSRF manfaatin kepercayaan ke cookie, XSS suntik script.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F71wcjrk9c7w3n4wo2uqn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F71wcjrk9c7w3n4wo2uqn.png" alt=" " width="778" height="585"></a></p> <p>Comparison ini jelasin bedanya – dua musuh berbeda tapi sama bahayanya!</p> <h3> Latihan Seru Buat Kamu! 💪🔥 </h3> <ol> <li>Buat form transfer rentan di PHP, test CSRF pakai img tag.</li> <li>Tambahin CSRF token manual, test lagi (harusnya gagal!).</li> <li>Coba di labs seperti PortSwigger Web Security Academy (ada lab CSRF gratis).</li> <li>Diskusi: Kenapa banyak bank pakai token + OTP ekstra?</li> </ol> <p>Selamat praktikum, guys! CSRF ini serangan "diam-diam" yang licik, tapi dengan token, website kamu aman kayak brankas bank 💰 Jadi developer yang aware security dari sekarang! Ingat: <strong>Selalu proteksi aksi state-changing!</strong> Keep coding safely and have fun! 🎉🔐</p> tutorial beginners webdev security