1. Introduction
In this rapidly evolving IT world, scientific communities, local or multinational businesses, and the medical sector rely extensively on computers to store sensitive data. The dispensation of healthcare amenities is being reformed from an archaic hospital-centric model to a more virtual, dispersed service that extensively exploits the most recent technologies such as the 3D printing of tissues and implants, intelligent machines, genomics, data analytics, and robotics. This advancement has transformed the working environment of web applications via myriad innovative techniques to help them carry out their tasks quickly and efficiently. Medical workers are assigned a copious assemblage of responsibilities, and managing them is more intricate and arduous. Plenty of patients’ documentation has to be managed, including tracking inventory, the working schedules of doctors, records for keeping bills, patient reports, etc. [
1]. Due to the ubiquitous use of computers, healthcare web applications (HWAs) are becoming inexorably convoluted and require high levels of security [
2]. The security assessment process gives HWA practitioners the assurance that the presence of any vulnerability will not have a negative impact on their systems and that they can always use mitigation techniques. Hereby, this process maximizes the success of user satisfaction on HWA systems, but in the present scenario, security issues are constantly evolving due to the heterogeneous nature of HWAs. Digital technology is being researched and implemented in all facets of healthcare.
Figure 1 divides the numerous HWAs into several application domains; however, there are thousands of distinct applications [
3].
The security estimation of HWAs focuses on the functional aspects of the application and its ability to endure a malicious attack and recover without data loss or any other abnormality. Security breaches are compromising thousands of health records. Ample statistics have shown data breach instances, and recently, innumerable incidences of the inadvertent loss or theft of sensitive clinical data have been documented [
4,
5] that have affected patients. Moreover, threats from botnets (a network of surreptitiously infected computer systems due to malware) have increased drastically. Cybercriminals purchase access to botnets and use the network of infected computer systems for various crimes, usually financial data thefts, the dissemination of spam, concealing other crimes, or distributed denial of service (DDoS). According to a recent study, every year, almost 25 million compelled authorizations for the disclosure of healthcare records are issued in the United States [
6]. According to the Cyber Crime Website of the Department of Justice, USA [
7], a company has reportedly suffered a loss of more than USD 100,000 as a result of cybercrime. As per a white paper published by Cyber Unit CCIPS, US Department of Justice, many public and private organizations are increasingly adopting vulnerability disclosure programs, which increase their ability to detect security issues, protect sensitive data, and prevent the disruption of services [
8]. A built-in software security framework that includes all security attributes can be a viable and potent solution to numerous security issues [
9,
10]. It can prove to be a boon to the users, organizations, and governments that spend billions of dollars every year on securing their networks.
Consequently, to secure an individual’s data, three major security factors and privacy goals are commonly identified as the CIA (confidentiality, integrity, and availability) triad [
11,
12]. There is a significant necessity to the CIA triad: confidentiality must be included for highly sensitive data; integrity is essential because it may be fatal to provide an inaccurate procedure based on faulty medical data; and availability is also necessary because the data must be available on time for adequate treatment. In the medical field, the security and privacy of individual data are critical, and it is a major challenge to protect healthcare data [
13].
Often, experts in the IT industry have focused on the deployment phase of HWAs to improve security longevity and minimize maintenance costs and time. However, integrating security and unearthing vulnerabilities early in the design phase of web applications can reduce the time and cost of development by minimizing the development team’s work [
14,
15,
16]. This reveals the impact of vulnerabilities that can affect healthcare web applications’ integrity, violate confidentiality and privacy norms, and exploit loopholes in the design phase. Moreover, security flaws in the design may also cause the application to violate its security and result in the unauthorized disclosure, modification, and destruction of data [
17]. The vulnerability may impact exhaustive data theft, malware, and spyware injection that may cause failure in the entire HWA security. In light of this, it has become vitally important in today’s environment to ensure security from the early stages of the software development life cycle (SDLC). In accordance with a recent study, software organizations are contemplating implementing a software security risk in the early phase of development rather than depending on the later phase of the SDLC. This step could improve the situation and reduce losses to a substantial level. In addition, techniques of security optimization can further help security practitioners and researchers reduce the time and cost required for developing an HWA system. Moreover, in-depth identification, analysis, and mitigation will deliver a quality product.
Despite the increasing prevalence of HWAs in contemporary healthcare systems, there is a notable research gap in comprehending certain security issues and risk factors pertaining to these applications. Prior research has predominantly focused on generic web application security with minimal emphasis on the specific risks and vulnerabilities that are unique to HWAs. This study aims to address this research gap by:
Conducting an extensive analysis of the inherent security risks of HWAs, considering factors such as patient data confidentiality, secure data transmission, access control, and authentication.
Examining the impact of these security risks on the availability, confidentiality, and integrity of sensitive healthcare data.
Identifying and prioritizing the most significant security risk factors requiring immediate attention and effective mitigation strategies.
Providing healthcare organizations, developers, and security professionals with actionable recommendations and guidelines to improve the security of HWAs and protect patient data.
This study advances the field of HWA security by addressing these research gaps. The findings provide insights and practical implications for healthcare organizations and security practitioners, allowing them to proactively address the unique security challenges posed by HWAs and safeguard sensitive healthcare data. This research paper contributes significantly to the field of HWA security by introducing the AHP-TOPSIS (Analytic Hierarchy Process–Technique for Order of Preference by Similarity to Ideal Solution) system. Multiple HWAs are scrutinized, and their potential security risks are evaluated using the MCDM approach. The authors conducted an empirical study based on MCDM and have acknowledged numerous studies on the methods of risk management strategies. The proposed methodology is based on risk assessment in HWAs, which identifies, maps, prioritizes, and evaluates the impact of risk factors on various alternatives, as discussed below:
The identification of security risk factors and attributes: It creates a roadmap for security professionals for the development of secure healthcare web applications. The identification aim is to target key risk factors at the design phase to mitigate them at the earlier phase of the development life cycle.
Mapping security risk factors with security attributes: This may be done through an in-depth literature survey and expert points of view. It gives developers an understanding and overview, i.e., whether the security requirements are fulfilled or not.
The prioritization of security risk factors: The authors used fuzzy AHP for the prioritization of security risk factors corresponding to their respective weights and ranks.
The impact of attributes on alternatives: The fuzzy AHP-TOPSIS is used to evaluate the impact of attributes on different alternatives. The identification and prioritization of the risk factors will provide a path to develop a secure healthcare web application.
The paper is organized in the following manner:
Section 2 reviews the existing literature in this domain.
Section 3 discusses the software security risk factors along with their related attributes in healthcare web applications. In
Section 4, the methodology and numerical analysis of the experimental data are described in depth. The paper is concluded in
Section 5 with a succinct analysis and discussion.
2. Related Work
Several studies have been undertaken by researchers using multiple methodologies and symmetrical techniques to analyze the security of healthcare web applications. Along with fuzzy AHP, symmetrical TOPSIS techniques have been utilized in various domains of interest to improve security measures and handle MCDM (multi-criteria decision-making)-based problems. Considerable research on the security of healthcare web applications has previously been conducted utilizing various methodologies and techniques. The following research studies have been reviewed by the authors in this domain:
Abdulaziz et al. (2022) examined big data security by identifying and prioritizing security measures using two hybrid approaches. The approaches include fuzzy AHP and classical AHP. The fuzzy AHP approach quantitatively analyzes as well as prioritizes the different factors based on their weight to enhance overall security. The early identification of vulnerability will heighten the security and durability of big data, which will benefit consumers and enterprises. This study’s findings showed that MCDM approaches, i.e., fuzzy AHP, demonstrated more efficient results than classical AHP. It is helpful in the procedures of decision-making to alleviate the problem of uncertainty [
18]. Alfakeeh et al. (2022) used AHP-TOPSIS with a hesitant fuzzy technique to forecast the risk of different healthcare applications. This approach is used to measure the security and durability that would help in designing secure healthcare applications. The authors selected 10 alternatives to evaluate the efficiency and security of applications. Among the 10, alternative 6 provided the most efficient and long-lasting security. Furthermore, the authors concluded that security breaches could be considerably mitigated if addressed early in their development phase and prioritized security as the topmost concern [
19].
Lotfi et al. (2022) asserted that a strategy called Resilience and Sustainable Health Care Supply Chain (RSHCSC) with VMI, which combines fuzzy and data-driven robust optimization, is suitable for enhancing the inventory management system and addressing unpredictability and disruption. The use of hybrid fuzzy and data-driven robust optimization with a stochastic programming technique was suggested for three RSHCSC models. Essential variables such as fuzzy cut, robustness and resilience coefficient, level of confidence, and size models were subjected to sensitivity analysis. According to the results, as the fuzzy cut, robustification coefficient, confidence level, resiliency coefficient, and CVaR confidence level increase, the number of costs also increases [
20]. To determine which maturity model best adheres to TQM (Total Quality Management) principles for Industry 4.0 maturity models, Zceylan and Elibal (2022) used the linguistically fuzzy TOPSIS (Technique for Order Preference by Similarity to Ideal Solution) method for ranking and the DEMATEL (Decision-Making Trial and Evaluation Laboratory) method for weighting criteria. Seven main criteria and 33 supporting factors were used to assess the maturity of four Industry 4.0 models. Researchers and practitioners can use the study’s findings to compare, create, and improve Industry 4.0 maturity models [
21].
Abushark et al. (2021) defined several taxonomies and created a design hierarchy, incorporating the most prevalent quality evaluation factors, which integrate variables, characteristics, and traits from different Security Requirements Engineering (SRE) methodologies. The fuzzy AHP-TOPSIS model was utilized in this paper as an MCDM (Multiple-Criteria Decision-Making) model. The author defined the STORE technique as a highly consistent and usable approach among all other SRE techniques with a threat-driven approach. In addition, they concluded that STORE elicits security requirements in an efficient and well-organized manner [
22]. Kumar et al. (2021) identified and analyzed the characteristics of security and sustainability. In this study, the fuzzy AHP algorithm was utilized for quantitative assessment, which was verified by four other approaches based on AHP. As a result, the evaluation of security in this study can assist developers in formulating standards that will ensure the development of more secure online applications [
23].
Attaallah et al. (2020) discussed security as a critical aspect in the process of software development that must be considered during its development cycle. Thus, the researcher evaluates the effect of security risks using the integrated approach of TOPSIS and fuzzy AHP. This hybrid approach is ideal for evaluating malware analysis on the basis of its impact. According to the evaluation report, among the 10 institutions, the 8th institutional web application was determined as the most efficient and durable security system among all competing options [
24]. Al-Zahrani (2020) reviewed healthcare applications to ensure software usability and security by using the hybrid technique. The author suggested that security experts must design a healthcare web application with two intents; it ensures usability, given to fulfill the users rather than ensuring the optimum security and efficacy of security as well as usability in the early development phase [
25].
Altowaijri (2020) proposed a framework for the healthcare sector to enhance the healthcare security of cloud computing. The author introduced the concept of master nodes and slave nodes in his architecture to store the data. In this architecture, the master node keeps metadata; on the other side, the responsibility of the slave node is to store data. The sensors can access all consumers’ data and ensure its efficiency as it is in a quasi-structured form, and these data are easily accessible. This architecture stores data in encrypted form. It is based on the RSA (Rivest Shamir Adleman) and PKI (Public Key Infrastructure) algorithms, which provide accessibility to authorized users at a certain time to access the data of particular patients [
26]. Abu-elezz et al. (2020) investigated healthcare blockchain technology’s scoping review with strengths and risks. This research was carried out in three phases: the identification phase, the screening phase, and the eligibility phase. These filtering stages were conducted through a flow diagram of Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA). Researchers have suggested that this analysis will help to obtain a more precise understanding, owing to various constraints. The findings of this analysis must be viewed with caution, and this scoping review provides useful insights, particularly in medical care [
27].
4. Methodology
Web application security is one of the chief concerns that define the application’s reliability, lifespan, and efficiency for both end-users and developers. In order to raise the caliber of a web application, security estimation is essential in the design phase that extends the security lifespan. Apart from technological progress in the development sector, numerous statistics have shown data breach instances that have affected the privacy of patients and the eminence of HMS. This section delineates the MCDM-based fuzzy methodology to evaluate security attributes and their risk factors.
The integrated approach of fuzzy AHP and fuzzy TOPSIS is extremely proficient to scrutinize healthcare web application security from the design tactics viewpoint for gauging HWAs’ rankings and fix their security risks. The current study involves various aspects for designing a security risk estimation framework, such as the identification of factors, the mapping of security risk factors with their corresponding security attributes, the assessment of risk factors, and statistical analysis. The mapping matrix is based on synchronizing the top 10 security risk factors, i.e., ACPVPM, PCF, MESD, UPC, RCT, USP, DCIC, RC, EITV, and ICMD, which are mapped with their security attributes such as CIA, Access Control, and Authentication (see
Figure 2).
For evaluating the risk factors of healthcare web applications, the hierarchical structure is represented graphically. All the classifying factors and sub-factors for the data processing algorithm, in order to generate the research finding were identified using a literature review and a consultation with experts. The researcher of this review discovered that specialists had used fuzzy theory along with AHP to examine the imprecise real-world challenges because they are exceedingly ambiguous [
46]. The precise details of these approaches are discussed in the subsequent section.
4.1. Fuzzy AHP
Fuzzy AHP is a powerful prescript for addressing arduous conclusive problems, and all the complicated problems may be evaluated through various classed levels of objectives. To solve the arduousness of a complex problem, fuzzy AHP divides it into a tree-like structure. In addition, for the estimation of the priority of various alternatives with multiple criteria in a hierarchical structure, it is also utilized as a decision-making technique [
47]. The fuzzy AHP is based on fuzzy interval arithmetic, which uses the TFN to compute the weights of elements. Saaty was the first who proposed the AHP technique [
48]. To deal with imprecision in multi-criteria decision problems, it merely uses the pair-wise comparison matrix [
49]. The triangular fuzzy numbers are used in this model to represent linguistic variables and to conduct fuzzy operations using AHP. To deal with the uncertainty caused by imprecision and vagueness, Zadeh developed the fuzzy set theory [
50].
On the basis of experts’ viewpoints as well as responses via questionnaire or by using brainstorming, the tree structure is prepared, and after that, a triangular fuzzy number (TFN) is fabricated from the hierarchy. In addition, a pair-wise comparison of every cluster of grouped objectives performs a significant contribution to determining the impact of one criterion on the other. The researcher transfigures the linguistic values into the TFN as well as crisp numbers, and in this study, the values of the TFN are between 0 and 1 [
51]. The computational simplicity of triangular fuzzy membership functions, as well as their ability to deal with fuzzy data, is the reason for their widespread acceptance [
52]. Additionally, the classification of linguistic values is equally important, fairly important, strongly important, weakly important, absolutely important, etc., and apart from these, the crisp values are grouped as from {1, 2, ….9}. Furthermore, a fuzzy number TFN
is defined by the triangular membership function
,
, and
are given as limits (i.e., lower limit, middle limit, and upper limit, respectively), as shown in
Figure 3, and the membership functions are depicted in Equations (1) and (2):
(
,
,
) is depicted as a TFN in a quantitative manner, and experts have assigned ratings to the factors affecting the values using the scale shown in
Table 2.
In the conversion of numeric values into TFNs, Equations (3)–(6) are used [
51,
52,
53], which are designated as (
,
,
) where,
is lower,
is middle and
is a higher value. In Equations (3)–(6),
indicates the relative importance of the values between two factors, which is given by security expert
z, where
j and
k signify a pair of factors being decided by security experts.
is evaluated for a specific comparison on the basis of geometric mean, which is given by experts using TFN
, where lower, middle, and upper values are as
. Additionally, TFN[
] is recognized by Equation (3).
Furthermore, with the help of Equation (7), a fuzzy pair-wise comparison matrix in the form of an
matrix is generated after obtaining the TFN values for each pair of comparisons.
where
represents the
decision maker’s preference of the
criteria over the
criteria. When there are multiple decision-makers, Equation (8) is used to calculate the average of each decision-maker’s preferences.
After that, with the help of Equation (9) and based on average preferences, pair-wise comparison matrices are updated for all the factors in the hierarchy.
The fuzzy geometrical mean and fuzzy weights of each factor are then described using the geometrical mean technique, as indicated in Equation (10). After that, with the help of Equation (11), the fuzzy weight of the factor is concluded.
Further, with the help of Equations (12) and (13), the average and normalized weight criteria may be calculated.
Furthermore, to compute the BNP value of the fuzzy weights, the Centre of Area (COA) approach is applied for every measurement with the help of Equation (14).
4.2. Fuzzy TOPSIS
Fuzzy TOPSIS is one of the foremost approaches for determining the ideal solution among analogous alternatives. Besides this, it can be preferred to automate the procedure and eliminate confusion and ambiguity in the selected criteria. This is a linear weighting technique that was first put forth by Chen and Hwang (1992), citing Hwang and Yoon (1981). TOPSIS contemplates the MCDM view with m choices as a geometric arrangement with m points in the n-dimensional space of factors. The method utilized in this study is based on the assumption, i.e., the maximum and minimum ideal solutions, respectively.
To induce an ideal solution, the selected alternative must have the closest and farthest distance from the Fuzzy Positive Ideal Solution (FPIS) and Fuzzy Negative Ideal Solution (FNIS) [
54]. Shadbegian and Gray stated that security experts might encounter some issues with the allocation of specific performance ratings of any alternative on the basis of factors. The relevant phases of the Fuzzy AHP-TOPSIS method are presented in the flow chart below (see
Figure 4).
This procedure allocates fuzzy numbers in place of specific numbers to represent the relative significance of a factor for consistency with real-world fuzzy surroundings. Furthermore, the fuzzy AHP-TOPSIS technique is well suited to solve group decision-making problems in fuzzy contexts.
Figure 4 illustrates the comprehensive procedure for achieving weights as well as the estimation of the viability of the fuzzy AHP-TOPSIS method. Firstly, the researcher determines the weights of the evaluation factors. With the help of Equations (1)–(14), the current research applies the fuzzy AHP process to derive fuzzy weight. In addition, a fuzzy decision matrix is created by researchers with the help of
Table 3 and Equation (15), and relevant linguistic variables are chosen as alternatives for the criterion.
where
, and
is the performance rating of the alternative
with respect to factor
estimated by the
practitioner and
. With the help of Equation (16), the fuzzy decision matrix is normalized and represented by
. After that, with the help of Equation (17), the normalization process can be achieved.
Alternatively, we can set the best-desired level
equal to 1; otherwise, the worst is 0. The normalized
continues to be a TFN. The decision matrix
is normalized by weighted fuzzy numbers and is quantified through Equation (18).
where
, are normalized to the positive TFN, and their ranges belong to the closed interval [0, 1]. Thereafter, FPIS
(aspiration levels) and FNIS
(the worst levels) are computed for each criterion to address maximum benefit criteria while minimizing cost criteria, as shown in Equations (19) and (20).
where
and
For calculating the distance of each alternative from FPIS and FNIS, the distances
) of each alternative from
can be estimated using the area compensation technique, as elucidated in Equations (21) and (22).
In addition, researchers discovered the closeness coefficients (i.e., relative gaps–degree) and generated alternatives for the achievement of aspiration levels in each factor. To improve the alternatives, Chou et al. proposed that
is cleared to evaluate the fuzzy gaps–degree on the basis of the fuzzy closeness coefficients [
51]. The similarity to the ideal solution is determined after evaluating the
of each alternative and is depicted in Equation (23).
4.3. Empirical Data Analysis and Results
Generally, qualitative assessment seems to be suitable for the assessment of long-term security. It is quite difficult to perform a qualitative assessment of healthcare web application security. Security strategy is prepared on the basis of results drawn from global collaborative activities. In recent years, security professionals have amassed a large number of security policies [
52]. Several firms are currently adopting high-end security healthcare web applications. The impact of security attributes on healthcare web applications plays a crucial role in ensuring security [
55,
56,
57,
58,
59,
60]. This study identifies various security attributes and risk factors. For the purpose of assessment, the identified security attributes and risk factors are linked together to establish a relationship among them. For assessment, T11, T12, and T13 are represented as the attributes of confidentiality at level 2 with respect to security. T21, T22, T23, T24, T25, T26, T27, and T28 are represented as the attributes of integrity at level 2 with respect to security. T31 is represented as the attribute of availability at level 2 with respect to security. T41, T42, T43, and T44 are represented as the attributes of access control at level 2 with respect to security. T51 and T52 are represented as the attributes of authentication at level 2 with respect to security. This study uses the opinions of 70 professionals from academia and industry in order to compile the data. The estimation of security via fuzzy AHP-TOPSIS has been assessed by using Equations (1)–(23) as follows:
The researcher converted the linguistic values into numeric values as well as aggregated TFN values by using
Table 2 and Equations (1)–(6). Additionally, Equation (7) was used to create the pair-wise comparison matrixes for level 1 attributes, as shown in
Table 4. Similarly,
Table 5,
Table 6,
Table 7 and
Table 8 show the fuzzy pair-wise comparison matrixes through the hierarchy at level 2.
The researcher calculated the fuzzy weights of factors with the help of Equations (8)–(10), and the weight of each element is calculated using Equations (11)–(13). Additionally, the BNP values (i.e., best non-fuzzy performance) of each attribute are calculated via Equation (14). Thereafter, the weights for the continuing attributes may be determined and shown in
Table 9,
Table 10,
Table 11,
Table 12 and
Table 13, which depict the local and dependent weight of attributes according to
Figure 4.
Table 14 shows the global weight of every attribute of security.
Now, the researcher must figure out the impact of risk factors on altering preferences with respect to criteria. Ten successive healthcare web applications (i.e., HWA1, HWA2, HWA3, HWA4, HWA5, HWA6, HWA7, HWA8, HWA9, and HWA10) from the local hospitals of Uttar Pradesh, India, were taken to estimate the security risk. The researcher gathered input on the technological data with the help of
Table 3 for all 10 alternatives, as depicted in
Table 15. The researcher assessed the normalized fuzzy decision matrix, as shown in
Table 16, by using Equations (15)–(18), and evaluated the weighted normalized fuzzy decision matrix, as shown in
Table 17. Additionally, the researcher assessed the satisfaction degree and gap degree by using Equations (22) and (23), as depicted in
Table 18.
Finally, the obtained global weight of factors from fuzzy AHP is considered as input data for the fuzzy TOPSIS approach, which proliferates a rank for alternatives. Now, the performance may be tested by using fuzzy AHP-TOPSIS. The determined performance of ten healthcare web application alternatives is as follows: HWA1, HWA7, HWA10, HWA4, HWA2, HWA3, HWA5, HWA9, HWA8, and HWA6. According to the findings of this study, HWA1 produced the finest result (see
Table 18 and
Figure 5).
4.4. Sensitivity Analysis
Sensitivity analysis is a threat to the validity procedure that allows security practitioners to validate their results through numerical calculations. Additionally, the threat to validity confers the idea to security experts on how various sources of outcomes may affect the proposed model. This section provides a clear perception of the effectiveness as well as the certainty of the results by altering the crucial criteria. To test the sensitivity analysis, the researcher has chosen 10 alternatives in order to implement a threat to validity. The detail of the analyzed results of the sensitivity analysis is shown in
Table 19. Furthermore, a graphical representation of the sensitivity analysis is depicted in
Figure 6 for easy and detailed information.
The first row of
Table 19 shows the original weights of this study. The calculated results are acceptable, and this is clear from the above table that the deviation in the whole security risk factors is negligible. The results of sensitivity analysis are dependent on the weight of the security risk factors.
4.5. Comparison of the Results
MCDM approaches are used in a number of research initiatives to assess various factors and their impact on various fields. A comparison of results from different approaches may provide a considerable as well as clear perspective on computed results. In addition, comparing the outcomes of the same data through different approaches is a crucial part of scientific calculation. For comparing the results of fuzzy AHP-TOPSIS, the researcher used various techniques, including classical ANP-TOPSIS, classical AHP-TOPSIS, and the Simple Average Method.
This type of comparison illustrates the capabilities and accuracy of the chosen approach. In comparison to the preceding techniques, the results of the fuzzy AHP-TOPSIS can confer a more precise and preferable result, as shown in
Table 20 and
Figure 7.
5. Discussion and Conclusions
The design phase is the backbone of any application irrespective of its nature and area of use. Software development organizations have shown enormous growth that urges highly secured web applications. Recent trends demonstrate that the healthcare industry has turned to deploying web applications rather than conventional forms. This dependency on technology raises security concerns as securing patients’ sensitive data and hospital data becomes a critical priority. IT Industries and researchers are currently paying more attention to security. Developers should strive to develop an end-to-end framework for assessing the security risks associated with healthcare web applications to detect, evaluate, and reduce security risks as a solution to these issues. This paper proposed an integrated approach of fuzzy AHP and fuzzy TOPSIS to evaluate the security risk factors. The aim of this study was to determine the priorities based on the ranking and weighting of security attributes using the MCDM process, which demonstrates the use of an analytical hierarchical approach, through which the application becomes more secure and trustworthy. The fuzzy AHP approach can be used to prioritize the security attributes in terms of well-profiling because no attempts have been made to quantitatively prioritize and rank the security attributes that may affect the functionality of HWA security and their trade-offs. For the estimation of security risk, this combined fuzzy AHP-TOPSIS approach was applied. This proposed model was examined for ten successive healthcare web applications from the local hospitals of Uttar Pradesh, India, to determine the impact of risk factors on altering preferences with respect to criteria.
The weight and priority of risk factors are quantified by fuzzy AHP, whereas the impact of attributes on different alternatives is determined with the help of fuzzy AHP-TOPSIS. The fuzzy TOPSIS approach uses the global weight of components produced from fuzzy AHP as input to generate a rank for alternatives. The performance has now been evaluated with fuzzy AHP-TOPSIS, and with a performance score of 0.6322, HWA1 was deemed to be the best among the 10 alternatives. It provides the finest security system in terms of security methods. The determined performance of the other healthcare web application’s alternatives is, in order, HWA7, HWA10, HWA4, HWA2, HWA3, HWA5, HWA9, HWA8, and HWA6, with performance scores of 0.6138, 0.6130, 0.5748, 0.5224, 0.4851, 0.4679, 0.4667, 0.4638, and 0.3597. The findings of this study corroborate that mitigating risk in the design phase assists the developer in building a more secure web application. As security breaches are becoming more frequent, it is imperative to create security standards that also emphasize security benchmarks. Consequently, prioritizing security attributes would undoubtedly aid web application developers in enhancing security. In addition, the researcher advised that the proposed framework may be used to set the benchmark for any organization. This may also form the basis for the development of new, modified, or refined approaches that may encourage other researchers to undertake the development of other new methods in this area.