数字健康中的Web应用安全:双重分析和基于上下文感知的owasp工具建议。

Ylenia Murgia, Jaime Delgado, Mauro Giacomini
{"title":"数字健康中的Web应用安全:双重分析和基于上下文感知的owasp工具建议。","authors":"Ylenia Murgia, Jaime Delgado, Mauro Giacomini","doi":"10.3233/SHTI251554","DOIUrl":null,"url":null,"abstract":"<p><p>The adoption of digital technologies in healthcare is growing rapidly, and with it, the associated cybersecurity risks are also increasing. In particular, web applications, which can be used to manage and share sensitive health and personal information, require strong security measures to prevent data breaches and ensure compliance with regulatory standards. This paper investigates the applicability of the Open Web Application Security Project (OWASP) guidelines in the healthcare domain. Through a literature review, we identified the most common security requirements considered and used in Digital Health (DH) technologies and assessed their alignment with OWASP Application Security Verification Standard (ASVS). Furthermore, a questionnaire, involving Italian healthcare facilities and Information Technology (IT) companies operating in the healthcare sector, highlighted a significant gap between the availability of security standards and guidelines, and their actual knowledge and use in practice. Based on these findings, we propose a context-aware tool that guides developers and testers in applying OWASP standards throughout the software development lifecycle. The proposed tool aims to provide tailored security recommendations, structured checklists, and test planning based on application context, offering a practical bridge between frameworks and real-world adoption in clinical environments.</p>","PeriodicalId":94357,"journal":{"name":"Studies in health technology and informatics","volume":"332 ","pages":"320-324"},"PeriodicalIF":0.0000,"publicationDate":"2025-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Web Application Security in Digital Health: A Dual Analysis and a Context-Aware OWASP-Based Tool Proposal.\",\"authors\":\"Ylenia Murgia, Jaime Delgado, Mauro Giacomini\",\"doi\":\"10.3233/SHTI251554\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>The adoption of digital technologies in healthcare is growing rapidly, and with it, the associated cybersecurity risks are also increasing. In particular, web applications, which can be used to manage and share sensitive health and personal information, require strong security measures to prevent data breaches and ensure compliance with regulatory standards. This paper investigates the applicability of the Open Web Application Security Project (OWASP) guidelines in the healthcare domain. Through a literature review, we identified the most common security requirements considered and used in Digital Health (DH) technologies and assessed their alignment with OWASP Application Security Verification Standard (ASVS). Furthermore, a questionnaire, involving Italian healthcare facilities and Information Technology (IT) companies operating in the healthcare sector, highlighted a significant gap between the availability of security standards and guidelines, and their actual knowledge and use in practice. Based on these findings, we propose a context-aware tool that guides developers and testers in applying OWASP standards throughout the software development lifecycle. The proposed tool aims to provide tailored security recommendations, structured checklists, and test planning based on application context, offering a practical bridge between frameworks and real-world adoption in clinical environments.</p>\",\"PeriodicalId\":94357,\"journal\":{\"name\":\"Studies in health technology and informatics\",\"volume\":\"332 \",\"pages\":\"320-324\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2025-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Studies in health technology and informatics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3233/SHTI251554\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Studies in health technology and informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/SHTI251554","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

数字技术在医疗保健领域的应用正在迅速增长,与此同时,相关的网络安全风险也在增加。特别是可用于管理和共享敏感健康和个人信息的web应用程序,需要强有力的安全措施来防止数据泄露并确保符合监管标准。本文研究了开放Web应用程序安全项目(OWASP)指南在医疗保健领域的适用性。通过文献回顾,我们确定了数字健康(DH)技术中考虑和使用的最常见的安全需求,并评估了它们与OWASP应用程序安全验证标准(ASVS)的一致性。此外,一份涉及意大利医疗保健设施和在医疗保健部门运营的信息技术(IT)公司的问卷调查显示,安全标准和准则的可用性与它们在实践中的实际知识和使用之间存在重大差距。基于这些发现,我们提出了一个上下文感知工具,指导开发人员和测试人员在整个软件开发生命周期中应用OWASP标准。建议的工具旨在提供定制的安全建议、结构化的检查表和基于应用程序上下文的测试计划,在框架和临床环境中的实际采用之间提供一个实用的桥梁。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Web Application Security in Digital Health: A Dual Analysis and a Context-Aware OWASP-Based Tool Proposal.

The adoption of digital technologies in healthcare is growing rapidly, and with it, the associated cybersecurity risks are also increasing. In particular, web applications, which can be used to manage and share sensitive health and personal information, require strong security measures to prevent data breaches and ensure compliance with regulatory standards. This paper investigates the applicability of the Open Web Application Security Project (OWASP) guidelines in the healthcare domain. Through a literature review, we identified the most common security requirements considered and used in Digital Health (DH) technologies and assessed their alignment with OWASP Application Security Verification Standard (ASVS). Furthermore, a questionnaire, involving Italian healthcare facilities and Information Technology (IT) companies operating in the healthcare sector, highlighted a significant gap between the availability of security standards and guidelines, and their actual knowledge and use in practice. Based on these findings, we propose a context-aware tool that guides developers and testers in applying OWASP standards throughout the software development lifecycle. The proposed tool aims to provide tailored security recommendations, structured checklists, and test planning based on application context, offering a practical bridge between frameworks and real-world adoption in clinical environments.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信