AN ASSESSMENT OF SECURITY VULNERABILITIES IN LIBREHEALTH HER

Authors

  • Abubakar Sadiq Yusuf Federal University Dustin-Ma

DOI:

https://doi.org/10.33003/fjs-2025-0912-3163

Keywords:

Web Application Security, Open Source Software, Penetration Testing Tools

Abstract

Vulnerability assessment is an aspect of cyber security that involves investigating a system to discover its security weaknesses and also to provide a measure to protect the system against possible exploit due to its weakness. In this digital age, it is essential for businesses to protect their systems against cyber attack. Open source software is a free to use system provided and maintained by an individual or group of individuals, such system is relied on by some individuals and businesses to carry out their daily operation, LibreHealth EHR is an open source Electronic Health Record with a moderate level of popularity and engagement within the GitHub community. Open source applications such as LibreHealth EHR could also be susceptible to network attack and Such event could be catastrophic to its user. This study explores an instance of LibreHealth EHR  to assess its security vulnerabilities using Zed Attack Proxy and Burp Suite security tools. 48 issues were discovered with these tools. Librehealth EHR was tested against the vulnerabilities identified by the security tools to verify their certainty, the outcome of the test revealed that out of the 48 issues 36 of them were false positives while the remaining 12 were true positives issues. Thereafter a remediation action was taken against the few true positive issues. Hence improving the application security performance.

References

Laksmiati, D. (2023). Vulnerability assessment with network-based scanner method for improving website security. Journal of Computer Networks, Architecture and High Performance Computing, 5(1), 38-45.

Al Anhar, A., & Suryanto, Y. (2021, June). Evaluation of web application vulnerability scanner for modern web application. In 2021 International Conference on Artificial Intelligence and Computer Science Technology (ICAICST) (pp. 200-204). IEEE.

Priyawati, D., Rokhmah, S., & Utomo, I. C. (2022). Website vulnerability testing and analysis of website application using OWASP. International Journal of Computer and Information System (IJCIS), 3(3), 142-147.

Dong, G., Liu, F., & Wu, G. (2022). A Website's Network Attack Analysis and Security Countermeasures. Procedia Computer Science, 208, 577-582.

Ahmad, R. (2021). A critical review of open source software development: freedom or benefit libertarian view versus corporate view. IT Professional, 23(1), 16-26.

Aljebry, A. F., Alqahtani, Y. M., & Sulaiman, N. (2022). Analyzing Security Testing Tools for Web Applications. In International Conference on Innovative Computing and Communications: Proceedings of ICICC 2021, Volume 1 (pp. 411-419). Springer Singapore.

Karayat, R., Jadhav, M., Kondaka, L. S., & Nambiar, A. (2022, March). Web application penetration testing & patch development using Kali Linux. In 2022 8th International Conference on Advanced Computing and Communication Systems (ICACCS) (Vol. 1, pp. 1392-1397). IEEE.

Wibowo, R. M., & Sulaksono, A. (2021). Web vulnerability through Cross Site Scripting (XSS) detection with OWASP security shepherd. Indonesian Journal of Information Systems, 3(2), 149-159.

Onyango, C., & Wang, X. (2024). Enhancing Web Application Security Through Penetration Testing.

Jarupunphol, P., Seatun, S., & Buathong, W. (2023). Measuring Vulnerability Assessment Tools' Performance on the University Web Application. Pertanika Journal of Science & Technology, 31(6).

Riepponen, M. (2024). Selection of open-source web vulnerability scanner as testing tool in continuous software development.

Albahar, M., Alansari, D., & Jurcut, A. (2022). An empirical comparison of pen-testing tools for detecting web app vulnerabilities. Electronics, 11(19), 2991.

Altulaihan, E. A., Alismail, A., & Frikha, M. (2023). A survey on web application penetration testing. Electronics, 12(5), 1229.

Bouafia, R., Benbrahim, H., & Amine, A. (2023, October). Automatic Protection of Web Applications Against SQL Injections: An Approach Based On Acunetix, Burp Suite and SQLMAP. In 2023 9th International Conference on Optimization and Applications (ICOA) (pp. 1-6). IEEE.

Singh, N., Meherhomji, V., & Chandavarkar, B. R. (2020, July). Automated versus manual approach of web application penetration testing. In 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1-6). IEEE.

Rane, N., & Qureshi, A. (2024, April). Comparative Analysis of Automated Scanning and Manual Penetration Testing for Enhanced Cybersecurity. In 2024 12th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1-6). IEEE.

ZAP tool identified vulnerabilities

Downloads

Published

31-12-2025

Issue

Vol. 9 No. 12 (2025): FUDMA Journal of Sciences - Vol. 9 No. 12 (Special Issue)

Section

Research Articles

Categories

License

Copyright (c) 2025 Abubakar Sadiq Yusuf

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Yusuf, A. S. (2025). AN ASSESSMENT OF SECURITY VULNERABILITIES IN LIBREHEALTH HER. FUDMA JOURNAL OF SCIENCES, 9(12), 79-85. https://doi.org/10.33003/fjs-2025-0912-3163

Most read articles by the same author(s)