<![CDATA[This research aims to identify and mitigate security vulnerabilities in the Hospital Information System (SIMRS) using the OWASP Web Security Testing Guide (WSTG) v4.2 based testing method. With the help of the OWASP ZAP tool, various vulnerabilities were identified, such as SQL Injection, weaknesses in session management, lack of security attributes in cookies, and disclosure of sensitive information through URLs or code comments. SQL Injection was identified as the highest risk vulnerability, as it potentially allows attackers to access, manipulate, or delete sensitive data in the database. In addition, weaknesses in cookie attributes, such as HttpOnly and SameSite, and the absence of an anti-CSRF mechanism, indicate potential threats in the form of Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The implementation of a solution based on WSTG v4.2 involves steps such as the implementation of HTTPS encryption, the use of prepared statements for database interaction, the application of security headers such as Content-Security-Policy (CSP), and input validation to reduce the risk of XSS. In addition, code audits were conducted to remove sensitive comments, while hidden files or unnecessary backups were removed to minimize the potential for information leakage. Test results after the implementation of the solution showed a significant improvement in the security level of the application. This research proves that the WSTG v4.2-based approach can provide comprehensive and systematic guidance in web application security testing. With these results, organizations, particularly in the healthcare sector, can ensure better protection of patient data and comply with applicable information security standards.]]>
Copyrights © 2024
