Analisis Keamanan Aplikasi Rekam Medis Elektronik Mengunakan Metode Penetration Testing pada UPTD RSD Besemah
DOI:
https://doi.org/10.62951/router.v2i4.268Keywords:
application security, electronic medical records, penetration testing, vulnerability, mitigationAbstract
Security of electronic medical records (EMR) data is very important in maintaining the confidentiality, integrity, and availability of sensitive patient information. This study aims to conduct a security analysis of the EMR application used at UPTD RSD Besemah Pagar Alam City using the Penetration Testing method. This method is carried out to identify, exploit, and provide solutions to potential vulnerabilities in the EMR application system. Penetration Testing is carried out through several stages, namely information collection, scanning, exploitation, and post-exploitation, using tools such as Nmap, and OWASP ZAP. The results of the study showed several vulnerabilities in the application, including SQL Injection, Cross-Site Scripting (XSS), and weaknesses in authentication management that could allow unauthorized access to patient data. In addition, exposure to sensitive data that was not properly protected was also found. Based on the results of this test, several recommendations were made to improve system security, such as updating security patches, implementing encryption on all sensitive data. By implementing the recommended mitigation steps, the security of the EMR system at UPTD RSD Besemah is expected to be significantly improved, so that the risk of data leakage can be minimized. This research provides a real contribution in strengthening the security of electronic medical record applications. and is expected to be a reference in improving security systems in other health care institutions.
Downloads
References
ANS Institute. (2020). “The Top Cyber Security Trends for 2020.” Diakses dari https://www.sans.org/
Arrofi, R. A., Ajie, R., Hersya, D. A., & Sutabri, T. (2024). Metaverse dan implikasinya pada privasi dan keamanan data pengguna. IJM: Indonesian Journal of Multidisciplinary, 2(1), [halaman].
CVE Details. (n.d.). CVE Details. Diambil dari https://www.cvedetails.com/
CWE - Common Weakness Enumeration. (n.d.). Retrieved from https://cwe.mitre.org
Hart, J. (2018). Penetration Testing: A Hands-On Introduction to Hacking. No Starch Press.
Imperva. (n.d.). Understanding Denial of Service Attacks. Diambil dari https://www.imperva.com/learn/application-security/denial-of-service-attacks/
Kaufman, C., Perlman, R., & Speciner, M. (2002). Network Security: Private Communication in a Public World. Prentice Hall.
Open Web Application Security Project (OWASP). (n.d.). OWASP Testing Guide. Diambil dari https://owasp.org/www-project-web-security-testing-guide/
OWASP Foundation. (2021). OWASP Top Ten: The Ten Most Critical Web Application Security Risks. Diakses dari https://owasp.org/www-project-top-ten/
Putra, C. A., Pratama, R., & Sutabri, T. (2023). Analisis Manfaat Machine Learning pada Next-Generation Firewall Sophos XG 330 dalam Mengatasi Serangan SQL Injection. Program Studi Magister Teknik Informatika, Universitas Bina Darma Palembang.
Skoudis, E., & Liston, T. (2006). Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses. Prentice Hall.
Sutabri, T. (2012). Analisis sistem informasi. Andi.
Sutabri, T. (2023). Design of a web-based social network information system. International Journal of Artificial Intelligence Research, 6(1), 310-316. STMIK Dharma Wacana.
Sutabri, T., Wijaya, A.*, Herdiansyah, M. I., & Negara, E. S. (2024). Evaluasi Risiko Celah Keamanan Aplikasi E-Office menggunakan Metode OWASP. Program Studi Teknik Informatika, Universitas Bina Darma, Indonesia.
ZAP (OWASP Zed Attack Proxy). (2022). OWASP ZAP: The World's Most Popular Free Security Tool. Diakses dari https://www.zaproxy.org/
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Router : Jurnal Teknik Informatika dan Terapan
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
