Security system testing on electronic integrated antenatal care (e-iANC)
Abstract
Electronic Integrated Antenatal Care (e-iANC) was built as a web-based application to assist midwives in recording Antenatal Care (ANC) data including Patient Registration; Anamnesis; Physical Examination; Laboratory Test, Screening of Risk Pregnancy; Communication, Information and Education; Treatment and follow-up; Patient Disposition. To ensure e-iANC becomes a safe system, security system testing was needed. Our goals were to test the security system by using the Open Web Application Security Project (OWASP). It was conducted in computer laboratory at Universitas Esa Unggul Jakarta in August 2017. The OWASP detect include Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Level Access Control, Cross Site Request Forgery (CSRF), Using Known Vulnerable Components, Unvalidated Redirects and Forwards. The results indicated the risk level of e-iANC was the low category in the aspect of Cross-Domain JavaScript Source File Inclusion, Private IP Disclosure, XSS Protection Not Enabled Web Browser.
Keywords
Antenatal Care (ANC); EMR; e-iANC; OWASP
Full Text:
PDFDOI: http://doi.org/10.11591/ijece.v10i1.pp346-352
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
International Journal of Electrical and Computer Engineering (IJECE)
p-ISSN 2088-8708, e-ISSN 2722-2578
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).