Architectural Design of a Secured Web-Based Healthcare Portal

Web-based healthcare portal refers to the health-related services that are accessed over a network connection using Hyper Text Transfer Protocol (HTTP), rather than existing within a device's memory. However, Web-based healthcare portal also may be clientbased, where a small part of the health-related services are downloaded to a user's desktop, but processing is done over the internet on an external server through which the portal is exposed to a lot of security pitfalls. Therefore, this research work intended to design defense architecture with security check point to detect the Web-request-level attacks by employing request blocker as the security check point. The findings in this research work showed that the Web-based healthcare portal controls the access over its functions by checking session variables indicating the user privilege before its restrictive functions can be executed. If the application is not at the required state, the Web-based healthcare portal will redirect the user to the login page, authorization page or an error page. However, if there exists a path leading to the restrictive function with insufficient or erroneous checking of session variables, the attacker is able to bypass the authentication/authorization.