Jejak Tani
Jejak Tani is a web application for managing land ownership and harvest yields. Built as part of a Network Security course, the project focuses on security at both the application (backend) and server infrastructure levels.
Application-Level Security (Backend)
The backend is built with HonoJS and implements multiple layers of defense to mitigate common vulnerabilities:
- Password Hashing: Uses Bcrypt to encrypt user credentials before database insertion.
- Input Validation: Employs Zod middleware to validate data types and structures for incoming requests.
- Rate Limiting: Restricts the number of requests per IP to prevent brute-force and low-scale DoS attacks.
- CORS Policy: Limits API access exclusively to official frontend domains to mitigate CSRF attacks.
- JWT & Role-Based Access Control: Implements stateless session management via JWT, restricting routes based on user access levels (e.g., admin and farmer).
- Secure File Upload: Directs media uploads to external object storage and randomizes filenames (UUID) to prevent Remote Code Execution (RCE).
Server & Network-Level Security
PM2 runs the application in the background, handling uptime and logging. Cloudflare Tunnels route all inbound traffic, so the server exposes no public ports. UFW rules permit only 127.0.0.1 (localhost). Cloudflare Zero Trust Access gates administrative web paths behind identity-aware authentication.
Throughout the course, I also applied Linux server management and hardening techniques, including:
- Enforcing strict UFW policies and configuring Fail2ban to automatically block suspicious IP addresses.
- Utilizing Tailscale for secure internal peer-to-peer VPN access.
- Deploying Squid Proxy to control and monitor outbound network traffic.
- Conducting independent port and network vulnerability assessments using tools like Nmap and Xray.
PM2 pipes application logs to the local syslog, where the Wazuh SIEM agent analyzes them in real-time. Wazuh detects security anomalies (aggressive port scanning, brute-force login attempts) and dispatches incident alerts to a Telegram Security Bot.
Project Links
- GitHub Repository: Isann22/EAS-KEMJAR



