Nowadays, web applications are fundamental in the healthcare sector. However, with the widespread use of this technology, risks related to cybersecurity attacks also increase. To mitigate this phenomenon, every 3-4 years, the nonprofit foundation Open Worldwide Application Security Project (OWASP) compiles a top 10 ranking of the most critical web application security risks. Along with the top 10 Web Application Security Risks, OWASP also provides the Web Security Testing Guide, which offers comprehensive guidelines for conducting security tests. This guide includes suggestions for specific tools to use when performing different tests, among other valuable insights. However, the use of these recommended tools can be costly and can require advanced technical skills and a deep understanding of security best practices and web technologies. In addition, since the OWASP work on web security is generic, it would be useful to restrict and adapt it to the healthcare area. This would help in reducing the overhead when dealing with the needed tools. The goal of this study is to make web application security assessment in healthcare more accessible by developing tools that simplify the process and makes it user-friendly. Before developing such tools, an in-depth feasibility study must be conducted to verify the existence of open-source libraries to carry out the necessary testing procedures. It will be also necessary to identify how tools could be simplified and enhanced when focusing on healthcare.
Developing an Open-Source, User-Friendly, OWASP-Compliant Architecture for Healthcare Web Application Testing
Murgia Y.;Giacomini M.
2024-01-01
Abstract
Nowadays, web applications are fundamental in the healthcare sector. However, with the widespread use of this technology, risks related to cybersecurity attacks also increase. To mitigate this phenomenon, every 3-4 years, the nonprofit foundation Open Worldwide Application Security Project (OWASP) compiles a top 10 ranking of the most critical web application security risks. Along with the top 10 Web Application Security Risks, OWASP also provides the Web Security Testing Guide, which offers comprehensive guidelines for conducting security tests. This guide includes suggestions for specific tools to use when performing different tests, among other valuable insights. However, the use of these recommended tools can be costly and can require advanced technical skills and a deep understanding of security best practices and web technologies. In addition, since the OWASP work on web security is generic, it would be useful to restrict and adapt it to the healthcare area. This would help in reducing the overhead when dealing with the needed tools. The goal of this study is to make web application security assessment in healthcare more accessible by developing tools that simplify the process and makes it user-friendly. Before developing such tools, an in-depth feasibility study must be conducted to verify the existence of open-source libraries to carry out the necessary testing procedures. It will be also necessary to identify how tools could be simplified and enhanced when focusing on healthcare.File | Dimensione | Formato | |
---|---|---|---|
Murgia_et_al_MIE24_OWASP.pdf
accesso aperto
Tipologia:
Documento in Post-print
Dimensione
275.37 kB
Formato
Adobe PDF
|
275.37 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.