An Investigation of Health Sector Web Applications in Bangladesh: A Case Study on Cross Site Scripting
Extensive use of technology creates a new dimension in health sector. It contributes to endless opportunity for
persuading better and more healthcare practices. Technology never been useful without ensuring the exchange of data
between the systems and web application is one of the suitable media to manage that information in different stages e.g.
process, store and transmission. In this present world, health sector is also started ensuring its services through online for
reaching their target audiences easily. To cope up with the current requirement of business in health sector, Bangladesh also
started its journey to digitalize its services by using web applications. Unfortunately, the management of health sector in
Bangladesh is focusing on services in the web rather than the quality of the application. Due to lack of monitoring and
control in web applications development especially, in input validation area resulting compromise of sensitive data from the
medical system. Therefore, much sensitive medical information would be manipulated and redirected by exploiting the
vulnerabilities like Cross-site Scripting (XSS) and Session Hijacking that are the cause of inadequate input validation. In this
paper we will discuss the reason of Cross-site Scripting (XSS) and Session Hijacking vulnerability and their different
exploitation types. Also we have shown the impact of those vulnerabilities in medical sector.
Keywords— Web application vulnerability, Cross Site Scripting, Medical Sector.