Performance Analysis of the Fuzzing Method in Detecting API Vulnerabilities in Mobile Healthcare Application X Based on OWASP API Security Top 10

Telematika
Universitas Amikom Purwokerto

📄 Abstract

Traditional perimeter security measures, such as Web Application Firewalls (WAFs) and static analysis, often fail to detect logic-based vulnerabilities in healthcare Application Programming Interfaces (APIs), creating significant risks for patient data confidentiality. Addressing the scarcity of empirical performance evaluations in this domain, this study employs a grey-box controlled experimental design to assess the effectiveness of automated HTTP fuzzing against a production-grade mobile health application ("Application X"). Using the FFUF tool configured with sequential identifier injection, status-code filtering, and hidden-field probing, the experiment tested 33 endpoints against the OWASP API Security Top 10 2023 benchmarks. To ensure data reliability, a rigorous multi-step validation protocol including replay testing and environmental noise elimination was applied to filter false positives. The results identified 88 distinct vulnerabilities distributed across six categories, with a critical dominance of Security Misconfiguration (API8) and Broken Object Property Level Authorization (API3). Analytically, the high prevalence of API3 reveals a systemic failure in backend serialization, where sensitive fields  including password hashes and internal administrative flags were exposed due to the absence of Data Transfer Objects (DTOs), contradicting the assumption of secure client-side filtering. Limitations of this study include the restriction to a single patient-role perspective and the exclusion of third-party integrations. The study concludes that automated fuzzing is superior to static analysis in detecting runtime data leakage and recommends mandatory Server-Side Output Filtering through explicit DTOs as a critical standard for secure health API development and data privacy compliance.

🔖 Keywords

#API Security; Excessive Data Exposure; Fuzzing; Healthcare Application; OWASP Top 10

ℹ️ Informasi Publikasi

Tanggal Publikasi
19 February 2026
Volume / Nomor / Tahun
Volume 19, Nomor 1, Tahun 2026

📝 HOW TO CITE

Hakim, Muhammad Ikhwanul; Nugroho, Radityo Adi; Nugrahadi, Dodon Turianto; Herteno, Rudy; Saputro, Setyo Wahyu; , "Performance Analysis of the Fuzzing Method in Detecting API Vulnerabilities in Mobile Healthcare Application X Based on OWASP API Security Top 10," Telematika, vol. 19, no. 1, Feb. 2026.

ACM
ACS
APA
ABNT
Chicago
Harvard
IEEE
MLA
Turabian
Vancouver

🔗 Artikel Terkait dari Jurnal yang Sama

A Systematic Analysis of the Impact of Non-Academic Factors on Student Academic Performance Prediction Using Data Mining

Ningsih, Gabriella Caroline Prihayu; Universitas Sebelas Maret; Liantoni, Febri; Sebelas Maret University; Sujana, Yudianto; Sebelas Maret University;

02 Apr 2026

Architecture and Field Evaluation of an IoT-Integrated Village Information System for Public Service

Hartono, Susilo; Universitas Muhammadiyah Pringsewu; Sutikno, Tole; Ahmad Dahlan University; Yudhana, Anton; Ahmad Dahlan University;

09 Mar 2026

Development of a Lightweight CNN Architecture for Multiclass Brain Tumor Detection Based on RGB Images

Fauzi, Ahmad; Pamulang University; Yunial, Agus heri; Pamulang University;

09 Mar 2026

Portfolio Risk Assessment Using VaR and CVaR: A Comparative Study of Variance–Covariance Method and Monte Carlo Simulation

Supandi, Epha Diana; Oktavia, Atika; Sunan Kalijaga State Islamic University Yogyakarta;

05 Mar 2026

Fairness Auditing and Bias Mitigation in Aspect-Based Sentiment Models for Indonesian Public Services

Jondien, Muhammad Shihab Fathurrahman; Magister of Computer Science, Amikom Purwokerto University, Indonesia; Hariguna, Taqwa; Magister of Computer Science, Amikom Purwokerto University, Indonesia; Saputra, Dhanar Intan Surya; Magister of Computer Science, Amikom Purwokerto University, Indonesia;

05 Mar 2026

USB Breakout-Controlled Modular CNC System for Affordable Smart Manufacturing Solutions

Artono, Budi; (Google Scholar ID: Hef9Vq0AAAAJ, Politeknik Negeri Madiun); Winarno, Basuki; State Polytechnic of Madiun; Kusbandono, Hendrik; State Polytechnic of Madiun; Anata, Frian Adi; Gupta, Shashi Kant;

19 Feb 2026

📊 Statistik Sitasi Jurnal