Dies ist eine Übersichtsseite mit Metadaten zu dieser wissenschaftlichen Arbeit. Der vollständige Artikel ist beim Verlag verfügbar.
Towards the design of a secure and compliant framework for OpenEMR
2
Zitationen
3
Autoren
2017
Jahr
Abstract
The purpose of this research is to explore and identify the vulnerabilities in OpenEMR 5.0.0, which is a free and open source medical practice management application. We are to provide recommendations/suggestions to OpenEMR developers on identifying the vulnerabilities. We chose to use vulnerabilities scanning tools to manually explore the demo site of OpenEMR 5.0.0. The targeted vulnerabilities belong to the following three types, namely, SQL Injection, Cross-Site Scripting (XSS) including persistent XSS and reflected XSS and Arbitrary File Upload. We have inducted a qualitative based risk assessment to determine the risk levels for the vulnerabilities identified. The results of risk assessment include two kinds of risk levels, which are high risk and medium risk, and two kinds of priorities, which are priority 1 (high) and priority 2 (medium). In addition, we provided recommendations and best practices about how to prevent the identified vulnerabilities. Furthermore, the research also presents an exploit automation program written in Python to test and exploit the vulnerabilities including SQL Injection and reflected XSS on the demo server of OpenEMR.
Ähnliche Arbeiten
Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI
2019 · 8.231 Zit.
Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead
2019 · 8.084 Zit.
High-performance medicine: the convergence of human and artificial intelligence
2018 · 7.444 Zit.
Proceedings of the 19th International Joint Conference on Artificial Intelligence
2005 · 5.776 Zit.
Peeking Inside the Black-Box: A Survey on Explainable Artificial Intelligence (XAI)
2018 · 5.423 Zit.