Identification and Mitigation of Web Application Vulnerabilities in Healthcare Systems
Keywords:
Application Security, Cross-Site Scripting, Healthcare Systems, SQL Injection, Token ReuseAbstract
The rapid adoption of web-based applications in healthcare systems has increased exposure to security threats, particularly at the application layer. Despite the implementation of various security mechanisms, many systems remain vulnerable due to improper input validation, weak authentication controls, and insecure database interactions. This study aims to identify, validate, and mitigate critical web application vulnerabilities in a healthcare system, focusing on nonce reuse vulnerabilities in token-based authentication mechanisms, stored cross-site scripting (XSS), and SQL injection. The research employs an empirical approach through controlled security testing, including vulnerability identification, exploitation validation, and mitigation evaluation. The results demonstrate that all identified vulnerabilities are actively exploitable, affecting authentication integrity, data confidentiality, and system reliability. Furthermore, the implementation of targeted mitigation strategies, such as token validation, input sanitization, and parameterized queries, substantially reduced the observed exploitability of the identified vulnerabilities within the tested scenarios. These findings highlight that application-layer security weaknesses remain a significant risk in healthcare systems and require systematic and integrated mitigation approaches. The study suggests that adopting secure-by-design principles and continuous security testing may improve system resilience against application-layer attacks. The implications of this research emphasize the need for proactive security practices in web-based healthcare applications to prevent exploitation and protect sensitive data from evolving cyber threats.
Downloads
References
[1] C. M. Mejía-Granda, J. L. Fernández-Alemán, J. M. Carrillo-de-Gea, and J. A. García-Berná, “Security vulnerabilities in healthcare: an analysis of medical devices and software,” Med. Biol. Eng. Comput., vol. 62, no. 1, pp. 257–273, 2024.
[2] P. Ewoh and T. Vartiainen, “Vulnerability to cyberattacks and sociotechnical solutions for health care systems: systematic review,” J. Med. Internet Res., vol. 26, p. e46904, 2024.
[3] K. Kandasamy, S. Srinivas, K. Achuthan, and V. P. Rangan, “Digital healthcare-cyberattacks in asian organizations: an analysis of vulnerabilities, risks, nist perspectives, and recommendations,” IEEE access, vol. 10, pp. 12345–12364, 2022.
[4] M. A. Khatun, S. F. Memon, C. Eising, and L. L. Dhirani, “Machine learning for healthcare-IoT security: A review and risk mitigation,” IEEE access, vol. 11, pp. 145869–145896, 2023.
[5] B. O. Owolabi, “Exploring systemic vulnerabilities in healthcare digital ecosystems through risk modeling, threat intelligence, and adaptive security control mechanisms,” Int J Comput Appl Technol Res, vol. 11, no. 12, pp. 687–699, 2022.
[6] A. C. Ikegwu, U. R. Alo, and H. F. Nweke, “Cyber threats in mobile healthcare applications: systematic review of enabling technologies, threat models, detection approaches, and future directions,” Discover Computing, vol. 28, no. 1, p. 152, 2025.
[7] T. Fernandes, J. P. Magalhães, and W. Alves, “Cybersecurity in Smart Railways: Exploring risks, vulnerabilities and mitigation in the data communication services,” Green Energy and Intelligent Transportation, vol. 4, no. 4, p. 100305, Aug. 2025, doi: 10.1016/j.geits.2025.100305.
[8] G. Rahman, M.-K. Jung, T.-W. Kim, and H.-H. Kwon, “Drought impact, vulnerability, risk assessment, management and mitigation under climate change: A comprehensive review,” KSCE Journal of Civil Engineering, vol. 29, no. 1, p. 100120, Jan. 2025, doi: 10.1016/j.kscej.2024.100120.
[9] L. Nemec Zlatolas, T. Welzer, and L. Lhotska, “Data breaches in healthcare: security mechanisms for attack mitigation,” Cluster Comput., vol. 27, no. 7, pp. 8639–8654, 2024.
[10] İ. AVCI and E. DOĞAN, “WEB APPLICATION SECURITY: DETECTION AND MITIGATION OF VULNERABILITIES,” in 10th INTERNATIONAL NEW YORK CONFERENCE ON EVOLVING TRENDS IN INTERDISCIPLINARY RESEARCH & PRACTICES, 2024, pp. 491–508.
[11] F. F. Fadlalla and H. T. Elshoush, “Input validation vulnerabilities in web applications: Systematic review, classification, and analysis of the current state-of-the-art,” IEEE Access, vol. 11, pp. 40128–40161, 2023.
[12] O. Erukayenure, H. A. Bashir, A. Adekunbi, S. E. Abere, O. Okpan, and A. A. Guwa, “Human factor vulnerabilities in healthcare cybersecurity: Mitigating insider threats in medical facilities,” Int. J. Sci. Res. Arch, vol. 17, pp. 24–31, 2025.
[13] A. D. E. Berini et al., “Security and privacy in LLMs: A comprehensive survey of threats and mitigation strategies,” Information Fusion, vol. 132, p. 104241, Aug. 2026, doi: 10.1016/j.inffus.2026.104241.
[14] A. E. Hafez and M. M. Almustafa, “Detecting Security Vulnerabilities in Web Applications: A Proposed System.,” International Journal of Safety & Security Engineering, vol. 14, no. 6, 2024.
[15] B. Riskhan, M. A. U. Sheikh, M. S. Hossain, K. Hussain, Z. Zainol, and N. Z. Jhanjh, “Major vulnerabilities of web application in real world scenarios and their prevention,” in 2025 International Conference on Intelligent and Cloud Computing (ICoICC), IEEE, 2025, pp. 1–6.
[16] C. Mehra and A. K. Sharma, “Safeguarding the Landscape of Mental Wellness: Analyzing Cyber Threats and Mitigation Strategies in Digital Healthcare,” Procedia Comput. Sci., vol. 260, pp. 22–31, 2025, doi: 10.1016/j.procs.2025.03.173.
[17] M. deVries et al., “A conceptual framework for identifying and managing system vulnerabilities for diversion of controlled substances in healthcare,” Research in Social and Administrative Pharmacy, vol. 21, no. 4, pp. 228–238, Apr. 2025, doi: 10.1016/j.sapharm.2025.01.001.
[18] S. Silvestri, S. Islam, S. Papastergiou, C. Tzagkarakis, and M. Ciampi, “A machine learning approach for the NLP-based analysis of cyber threats and vulnerabilities of the healthcare ecosystem,” Sensors, vol. 23, no. 2, p. 651, 2023.
[19] M. Almaiah, L. Saqr, L. Al-Rawwash, L. Altellawi, R. Al-Ali, and O. Almomani, “Classification of cybersecurity threats, vulnerabilities and countermeasures in database systems,” Computers, Materials, & Continua, vol. 81, no. 2, p. 3189, 2024.
[20] I. Bala, I. Pindoo, M. M. Mijwil, M. Abotaleb, and W. Yundong, “Ensuring security and privacy in healthcare systems: a review exploring challenges, solutions, future trends, and the practical applications of artificial intelligence,” Jordan Med. J., vol. 58, no. 3, 2024.
[21] H. Riggs et al., “Impact, vulnerabilities, and mitigation strategies for cyber-secure critical infrastructure,” Sensors, vol. 23, no. 8, p. 4060, 2023.
[22] V. Bharathi, “Vulnerability detection in cyber-physical system using machine learning,” Scalable Computing: Practice and Experience, vol. 25, no. 1, pp. 577–591, 2024.
[23] M. F. Hady and H. P. Pratama, “Implementing Defense-in-Depth Framework on Orange Pi NAS Using Host-Based Security and ZFS,” Journal of Applied Informatics and Computing, vol. 10, no. 1, pp. 889–899, 2026.
[24] R. F. A. Bakar and M. Rahardi, “Analysis of Gradient Boosting Algorithms with Optuna Optimization and SHAP Interpretation for Phishing Website Detection,” Journal of Applied Informatics and Computing, vol. 10, no. 1, pp. 664–672, 2026.
[25] N. K. Hamzidah et al., “AI-YOLO Based Smart Laboratory Security for Automated Face Recognition and Suspicious Activity Detection,” Journal of Applied Informatics and Computing, vol. 10, no. 1, pp. 440–450, 2026.
[26] C. M. Okafor et al., “Mitigating cybersecurity risks in the US healthcare sector,” International Journal of Research and Scientific Innovation (IJRSI), vol. 10, no. 9, pp. 177–193, 2023.
[27] M. K. Hasan et al., “A review on security threats, vulnerabilities, and counter measures of 5G enabled Internet‐of‐Medical‐Things,” IET communications, vol. 16, no. 5, pp. 421–432, 2022.
[28] S. Erniwati, B. Imran, Z. Muahidin, Z. Zaeniah, and J. Juhartini, “SemetonBug: Next-Generation Machine Learning-Powered Code Analyzer for Precision Bug Detection and Dynamic Error Localization,” Journal of Applied Informatics and Computing, vol. 10, no. 1, pp. 224–231, 2026.
[29] A. A. Slameto and B. R. Kahmas, “Implementation of the Random Forest Algorithm for Anomaly Detection of Phishing Attacks on Computer Networks,” Journal of Applied Informatics and Computing, vol. 10, no. 1, pp. 204–211, 2026.
[30] O. Panahi, “Secure IoT for healthcare,” European Journal of Innovative Studies and Sustainability, vol. 1, no. 1, pp. 17–23, 2025.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Saeful Diyan Pratama, Aris Tri Joko Harjanto, Bambang Agus Herlambang
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) ) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
