{"title":"数字健康中的Web应用安全:双重分析和基于上下文感知的owasp工具建议。","authors":"Ylenia Murgia, Jaime Delgado, Mauro Giacomini","doi":"10.3233/SHTI251554","DOIUrl":null,"url":null,"abstract":"<p><p>The adoption of digital technologies in healthcare is growing rapidly, and with it, the associated cybersecurity risks are also increasing. In particular, web applications, which can be used to manage and share sensitive health and personal information, require strong security measures to prevent data breaches and ensure compliance with regulatory standards. This paper investigates the applicability of the Open Web Application Security Project (OWASP) guidelines in the healthcare domain. Through a literature review, we identified the most common security requirements considered and used in Digital Health (DH) technologies and assessed their alignment with OWASP Application Security Verification Standard (ASVS). Furthermore, a questionnaire, involving Italian healthcare facilities and Information Technology (IT) companies operating in the healthcare sector, highlighted a significant gap between the availability of security standards and guidelines, and their actual knowledge and use in practice. Based on these findings, we propose a context-aware tool that guides developers and testers in applying OWASP standards throughout the software development lifecycle. The proposed tool aims to provide tailored security recommendations, structured checklists, and test planning based on application context, offering a practical bridge between frameworks and real-world adoption in clinical environments.</p>","PeriodicalId":94357,"journal":{"name":"Studies in health technology and informatics","volume":"332 ","pages":"320-324"},"PeriodicalIF":0.0000,"publicationDate":"2025-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Web Application Security in Digital Health: A Dual Analysis and a Context-Aware OWASP-Based Tool Proposal.\",\"authors\":\"Ylenia Murgia, Jaime Delgado, Mauro Giacomini\",\"doi\":\"10.3233/SHTI251554\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>The adoption of digital technologies in healthcare is growing rapidly, and with it, the associated cybersecurity risks are also increasing. In particular, web applications, which can be used to manage and share sensitive health and personal information, require strong security measures to prevent data breaches and ensure compliance with regulatory standards. This paper investigates the applicability of the Open Web Application Security Project (OWASP) guidelines in the healthcare domain. Through a literature review, we identified the most common security requirements considered and used in Digital Health (DH) technologies and assessed their alignment with OWASP Application Security Verification Standard (ASVS). Furthermore, a questionnaire, involving Italian healthcare facilities and Information Technology (IT) companies operating in the healthcare sector, highlighted a significant gap between the availability of security standards and guidelines, and their actual knowledge and use in practice. Based on these findings, we propose a context-aware tool that guides developers and testers in applying OWASP standards throughout the software development lifecycle. The proposed tool aims to provide tailored security recommendations, structured checklists, and test planning based on application context, offering a practical bridge between frameworks and real-world adoption in clinical environments.</p>\",\"PeriodicalId\":94357,\"journal\":{\"name\":\"Studies in health technology and informatics\",\"volume\":\"332 \",\"pages\":\"320-324\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2025-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Studies in health technology and informatics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3233/SHTI251554\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Studies in health technology and informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/SHTI251554","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Web Application Security in Digital Health: A Dual Analysis and a Context-Aware OWASP-Based Tool Proposal.
The adoption of digital technologies in healthcare is growing rapidly, and with it, the associated cybersecurity risks are also increasing. In particular, web applications, which can be used to manage and share sensitive health and personal information, require strong security measures to prevent data breaches and ensure compliance with regulatory standards. This paper investigates the applicability of the Open Web Application Security Project (OWASP) guidelines in the healthcare domain. Through a literature review, we identified the most common security requirements considered and used in Digital Health (DH) technologies and assessed their alignment with OWASP Application Security Verification Standard (ASVS). Furthermore, a questionnaire, involving Italian healthcare facilities and Information Technology (IT) companies operating in the healthcare sector, highlighted a significant gap between the availability of security standards and guidelines, and their actual knowledge and use in practice. Based on these findings, we propose a context-aware tool that guides developers and testers in applying OWASP standards throughout the software development lifecycle. The proposed tool aims to provide tailored security recommendations, structured checklists, and test planning based on application context, offering a practical bridge between frameworks and real-world adoption in clinical environments.