An Investigation of Health Sector Web Applications In Bangladesh: A Case Study On Cross Site Scripting

Abstract

Extensive use of technology creates a new dimension in health sector. It contributes to endless opportunity for persuading better and more healthcare practices. Technology never been useful without ensuring the exchange of data between the systems and web application is one of the suitable media to manage that information in different stages e.g. process, store and transmission. In this present world, health sector is also started ensuring its services through online for reaching their target audiences easily. To cope up with the current requirement of business in health sector, Bangladesh also started its journey to digitalize its services by using web applications. Unfortunately, the management of health sector in Bangladesh is focusing on services in the web rather than the quality of the application. Due to lack of monitoring and control in web applications development especially, in input validation area resulting compromise of sensitive data from the medical system. Therefore, much sensitive medical information would be manipulated and redirected by exploiting the vulnerabilities like Cross-site Scripting (XSS) and Session Hijacking that are the cause of inadequate input validation. In this paper we will discuss the reason of Cross-site Scripting (XSS) and Session Hijacking vulnerability and their different exploitation types. Also we have shown the impact of those vulnerabilities in medical sector.