The website is one of the most widely accessed information services by internet users in the world. The more widespread the transaction via the internet by utilizing website services, becoming a security factor is an important problem. This thesis entitled building e-commerce with the security of cross-site request forgery attacks (CSRF) arranged with the background of the security level from the use of websites for promotion or for online transactions. The importance of information security of a website will be a priority after data loss or damage occurs. Lack of awareness of the importance of information security makes some website owners unprepared to prevent or minimize the risks that can occur. Researchers conduct research on security specifically when they want to produce web-based systems such as online stores and e-commerce, the goal is the same, namely to provide data security guarantees for system users. This research will produce e-commerce that normally prevents cross site request forgery (CSRF) attacks. Prevention can be done by encrypting the URL because CSRF attacks more often use the weaknesses of the URL to be modified according to the needs of the attacker. This research will produce e-commerce by displaying item details, providing shopping baskets and displaying discount products, new products. Data security discussion only focuses on login authentication by applying the MD5 encryption. Handling SQL Injection problems the author uses an anti SQL injection script.

E-Commerce; E-Commerce Security; online shop; internet; Security; web

Adi Nugroho (2010). Rekayasa Perangkat Lunak Berorientasi Objek dengan Metode USDP (Unifield Software Development Process). Yogyakarta: Penerbit Andi.

Amrullah, Afif (2002). Langkah-langkah penggunaan Unified Modeling Language (UML). Diakses pada 23 Februari 2013 dari: http://www.scribd.com/doc/46215882/Uml

Ade Hendra Putra, D. (2009). APLIKASI E-COMMERCE. Bandung: Politeknik Telkom.

Adi Nugroho (2006) E-commerce Memahami Perdagangan Modern di DuniaMaya. Informatika Bandung.

Bruegge, Bernd and Dutoit, Allen H (2010). Object-Oriented Software Engineering Using UML, Patterns, Java, Third Edition. Pearson Education, Inc., USA.

Connolly, Thomas and Carolyn Begg (2005). Database systems : a practical approach to design, implementation and management. 4th Edition. Addison-Wesley, Massachussets.

Connolly, Thomas dan Begg, Carolyn (2010). Database System : A Practical Approach to Design, Implementation, and Management. Fifth Edition. Addison Wesley, USA

Firdaus, T. R. (2017). Keamanan Aplikasi Web Melalui Penerapan Cross Site Request Forgery (CSRF). ITEj (Information Technology Engineering Journals), 1(2).

Hakim, L. dan Musalini, U. (2004). Cara Mudah Memadukan Web Design dan Web Programming. Jakarta: PT. Elex Media Komputindo