Analysis of Security Vulnerabilities in OSS for Predicting Diabetes Using OWASP ZAP
摘要
The rise of diabetes is a significant global health concern, affecting millions of people worldwide. With the rise of digital health systems, medical records and diabetic patient data are increasingly being stored online, making them vulnerable to cyber-attacks due to inherent security flaws. As the use of Open-Source Software (OSS) in healthcare applications continues to grow, it is crucial to identify and analyze the security vulnerabilities in these systems to safeguard sensitive health information. This research focuses on detecting security vulnerabilities in ten OSS used for prediction of diabetes marking a novel contribution as it is the comprehensive study utilizing the Open Web Application Security Project Zed Attack Proxy (OWASP ZAP) to analyze and evaluate existing OSS in this domain, followed by a severity analysis to prioritize the most critical risks. Our findings contribute to the broader discussion on the challenges in securing AI-driven medical applications. Among the ten analyzed OSS, the Diabetes Prediction software was identified as the most vulnerable, with the most prevalent security vulnerability being the Content Security Policy (CSP) Header Not Set and Strict-Transport-Security Header Not Set with an average percentage of the highest security vulnerabilities recorded at 14.29% which is calculated using the number of instances of the vulnerability reported.