Article Per Year (5 Year)
p-Index From 2021 - 2026
6.079
P-Index
This Author published in this journals
All Journal International Journal of Electrical and Computer Engineering IJCCS (Indonesian Journal of Computing and Cybernetics Systems) Jurnal Ilmu Komputer TELKOMNIKA (Telecommunication Computing Electronics and Control) Jurnal Ilmiah Teknik Elektro Komputer dan Informatika (JITEKI) Jurnal Teknologi Informasi dan Ilmu Komputer Telematika Proceedings Konferensi Nasional Sistem dan Informatika (KNS&I) POSITIF KLIK (Kumpulan jurnaL Ilmu Komputer) (e-Journal) JOIN (Jurnal Online Informatika) Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) Jurnal Komputasi Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control Journal of Electronics, Electromedical Engineering, and Medical Informatics Jurnal Mnemonic Jurnal Teknik Informatika (JUTIF) Journal of Data Science and Software Engineering Jurnal Informatika Polinema (JIP) Jurnal Pengabdian Masyarakat Tekno Indonesian Journal of Electronics, Electromedical Engineering, and Medical Informatics
Radityo Adi Nugroho
Universitas Lambung Mangkurat
Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Education Electrical & Electronics Engineering Energy Engineering Health Professions Languange, Linguistic, Communication & Media Library & Information Science Materials Science & Nanotechnology

Published : 58 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search
Journal : Telematika

 1 
Performance Analysis of the Fuzzing Method in Detecting API Vulnerabilities in Mobile Healthcare Application X Based on OWASP API Security Top 10 Hakim, Muhammad Ikhwanul; Nugroho, Radityo Adi; Nugrahadi, Dodon Turianto; Herteno, Rudy; Saputro, Setyo Wahyu
Telematika Vol 19, No 1: February (2026)
Publisher : Universitas Amikom Purwokerto

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.35671/telematika.v19i1.3149

Abstract

Traditional perimeter security measures, such as Web Application Firewalls (WAFs) and static analysis, often fail to detect logic-based vulnerabilities in healthcare Application Programming Interfaces (APIs), creating significant risks for patient data confidentiality. Addressing the scarcity of empirical performance evaluations in this domain, this study employs a grey-box controlled experimental design to assess the effectiveness of automated HTTP fuzzing against a production-grade mobile health application ("Application X"). Using the FFUF tool configured with sequential identifier injection, status-code filtering, and hidden-field probing, the experiment tested 33 endpoints against the OWASP API Security Top 10 2023 benchmarks. To ensure data reliability, a rigorous multi-step validation protocol including replay testing and environmental noise elimination was applied to filter false positives. The results identified 88 distinct vulnerabilities distributed across six categories, with a critical dominance of Security Misconfiguration (API8) and Broken Object Property Level Authorization (API3). Analytically, the high prevalence of API3 reveals a systemic failure in backend serialization, where sensitive fieldsĀ  including password hashes and internal administrative flags were exposed due to the absence of Data Transfer Objects (DTOs), contradicting the assumption of secure client-side filtering. Limitations of this study include the restriction to a single patient-role perspective and the exclusion of third-party integrations. The study concludes that automated fuzzing is superior to static analysis in detecting runtime data leakage and recommends mandatory Server-Side Output Filtering through explicit DTOs as a critical standard for secure health API development and data privacy compliance.
Co-Authors Abdul Gafur Adi Mu'Ammar, Rifqi Adin Nofiyanto, Adin Ahmad Bahroini Ahmad Juhdi Ahmad Rusadi Aida, Nor Akhtar, Zarif Bin Alamudin, Muhammad Faiq Andi Farmadi Andi Farmadi Andi Farmadi Angga Maulana Akbar Arie Sapta Nugraha Arie Sapta Nugraha Aryanti, Agustia Kuspita Athavale, Vijay Anant Aylwin Al Rasyid Bayu Hadi Sudrajat Dendy Fadhel Adhipratama Dendy Deni Kurnia Dike Bayu Magfira, Dike Bayu Dodon Turianto Nugrahadi Dwi Kartini Dwi Kartini, Dwi Efendi Mohtar Emma Andini Erdi, Muhammad Faisal, Mohammad Reza Fatma Indriani Fauzan Luthfi, Achmad Fenny Winda Rahayu Fhadilla Muhammad Friska Abadi Friska Abadi Hakim, Muhammad Ikhwanul Hanif Rahardian Herteno, Rudy Irwan Budiman Irwan Budiman Itqan Mazdadi, Muhammad Ivan Sitohang Maya Yusida Muhammad Angga Wiratama Muhammad Azmi Adhani Muhammad Fikri Muhammad Itqan Mazdadi Muhammad Latief Saputra Muhammad Noor Muhammad Reza Faisal, Muhammad Reza Muhammad Rizky Adriansyah Muhammad Rusli Muhammad Syahriani Noor Basya Basya Muhammad Zaien Muliadi Muliadi Muliadi Aziz Muliadi Muliadi Muliadi Muliadi Nur Hidayatullah, Wildan Nur Ridha Apriyanti Oni Soesanto Pratama, Muhammad Yoga Adha Putri, Nitami Lestari Rahmat Ramadhani Raidra Zeniananto Reina Alya Rahma Reza Faisal, Mohammad Riadi, Putri Agustina Rinaldi Rizal, Muhammad Nur Rizky Ananda, Muhammad Rozaq, Hasri Akbar Awal Rudy Herteno Rudy Herteno Rudy Herteno Salsha Farahdiba Saputro, Setyo Wahyu Saragih, Triando Hamonangan Sarah Monika Nooralifa Septiadi Marwan Annahar Setyo Wahyu Saputro Siena, Laifansan Suci Permata Sari Suryadi, Mulia Kevin Sutan Takdir Alam Wahyu Caesarendra Wahyu Ramadansyah Wahyu Saputro, Setyo Zaini Abdan