Analysis of the OWASP V4.2 Method in Hospital Information System Security Testing

Analysis of the OWASP V4.2 Method in Hospital Information System Security Testing

Authors

  • Bajeng Nurul Widyaningrum Politeknik Bina Trada Semarang
  • Destri Maya Rani Politeknik Bina Trada Semarang
  • Lingga Kurnia Ramadhani Universitas IVET Semarang

DOI:

https://doi.org/10.59485/jtemp.v5i2.99

Keywords:

OWASP 4.2, Penetration Testing, Website Security, Hospital Information System, Cyber Security

Abstract

This research aims to identify and mitigate security vulnerabilities in the Hospital Information System (SIMRS) using the OWASP Web Security Testing Guide (WSTG) v4.2 based testing method. With the help of the OWASP ZAP tool, various vulnerabilities were identified, such as SQL Injection, weaknesses in session management, lack of security attributes in cookies, and disclosure of sensitive information through URLs or code comments. SQL Injection was identified as the highest risk vulnerability, as it potentially allows attackers to access, manipulate, or delete sensitive data in the database. In addition, weaknesses in cookie attributes, such as HttpOnly and SameSite, and the absence of an anti-CSRF mechanism, indicate potential threats in the form of Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The implementation of a solution based on WSTG v4.2 involves steps such as the implementation of HTTPS encryption, the use of prepared statements for database interaction, the application of security headers such as Content-Security-Policy (CSP), and input validation to reduce the risk of XSS. In addition, code audits were conducted to remove sensitive comments, while hidden files or unnecessary backups were removed to minimize the potential for information leakage. Test results after the implementation of the solution showed a significant improvement in the security level of the application. This research proves that the WSTG v4.2-based approach can provide comprehensive and systematic guidance in web application security testing. With these results, organizations, particularly in the healthcare sector, can ensure better protection of patient data and comply with applicable information security standards.

Downloads

Download data is not yet available.

References

Nurulita F, Sofiana S. Perancangan Sistem Informasi Rekam Medis Berbasis Web (Studi Kasus: Klinik CAS Medica). Bul Ilm Ilmu Komput dan … [Internet]. 2023;1(2):227–36. Available from: http://jurnalmahasiswa.com/index.php/biikma/article/view/379%0Ahttp://jurnalmahasiswa.com/index.php/biikma/article/download/379/261

Rani P, Chakraborty MK, Sah RPRPRP, Subhashi A, Disna R, UIP P, et al. No Titleالأنا والآخر ودوي زالغرب. Range Manag Agrofor [Internet]. 2020;4(1):1–15. Available from: http://dx.doi.org/10.1016/j.asw.2013.04.001%5Cnhttp://journals.cambridge.org/abstract_S0140525X00005756%5CnLib scanned%5Cnhttp://www.br-ie.org/pub/index.php/rbie/article/view/1293%5Cnhttp://www-psych.nmsu.edu/~pfoltz/reprints/Edmedia99.html%5Cnhttp://urd.

Prabowo DWS, Triono J. Rancang Bangun Sistem Informasi Konsultasi Medis Berbasis Web. Pilar Teknol. 2021;6(1):8–14.

Dharmawangsa IDGG, Sasmita GMA, Pratama IPAE. Penetration Testing Berbasis OWASP Testing Guide Versi 4.2 (Studi Kasus: X Website). JITTER J Ilm Teknol dan Komput. 2023;4(1):1613.

Anelia SS, Jayanta, Hananto B. Uji Penetrasi Server Universitas PQR Menggunakan Metode National Institute Of Standards And Technology (NIST SP 800-115). J Ilmu Tek dan Komput. 2023;7(1):35–43.

Syafaat A. Identifikasi Kerentanan Keamanan Pada Website Fakultas Ilmu Komputer Universitas Subang Menggunakan Metodologi Owasp. E-Journal [Internet]. 2024;11(1):84–99. Available from: http://ejournal.unsub.ac.id/index.php/Fasilkom

Shanley A, Johnstone MN. Selection of penetration testing methodologies: A comparison and evaluation. Aust Inf Secur Manag Conf AISM 2015. 2015;2015:65–72.

Hidayatulloh S, Saptadiaji D. Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP). J Algoritm. 2021;18(1):77–86.

Zahra NA, Zidane FH, Kuslaila NR. Analisis Keamanan Sistem Informasi Pada Website Pt Sentra Vidya Utama (Sevima) Menggunakan Metode Owasp. Pros Semin Nas Teknol dan Sist Inf. 2023;3(1):384–93.

V. Drake. OWASP Web Security Testing Guide v4.2 released [Internet]. 2020. Available from: https://medium.com/@victoriadotdev/owasp-web- security-testing-guide-v4-2-released-7910ea1d7e47

Riandhanu IO. Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi. J Inf dan Teknol. 2022;4(3):160–5.

Priambodo DF, Rifansyah AD, Hasbi M. Penetration Testing Web XYZ Berdasarkan OWASP Risk Rating. Teknika. 2023;12(1):33–46.

Abdan MK. Pengujian Keamanan Sistem Informasi Berbasis Web Berdasarkan Framework Owasp Wstg V4.2 (Studi Kasus: Sistem Sekawan V1 Universitas Islam Indonesia). Univ Islam Indones [Internet]. 2022;2:1–95. Available from: https://dspace.uii.ac.id/handle/123456789/40200

Rafeli AI, Seta HB, Widi IW. Pengujian Celah Keamanan Menggunakan Metode OWASP Web Security Testing Guide (WSTG) pada Website XYZ. Inform J Ilmu Komput. 2022;18(2):97.

Kuncoro AW, Rahma F. Analisis Metode Open Web Application Security Project (OWASP) pada Pengujian Keamanan Website: Literature Review. Automata [Internet]. 2021;3(1):1–5. Available from: https://www.sciencedirect.com

Downloads

Published

2024-12-31

How to Cite

Widyaningrum, B. N., Maya Rani, D., & Kurnia Ramadhani, L. (2024). Analysis of the OWASP V4.2 Method in Hospital Information System Security Testing. MEDIKA TRADA, 5(2), 87–97. https://doi.org/10.59485/jtemp.v5i2.99

Issue

Vol. 5 No. 2 (2024): MEDIKA TRADA (JTEMP) Vol 5 No 2 (2024)

Section

Article

License

Copyright (c) 2025 MEDIKA TRADA

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.