Security audit of a pharmacy information system using blackbox testing and CIA triad: A case study

Abstract

Pharmacy information systems are essential for managing drug inventory, sales, financial reports, and user administration, yet they are exposed to security risks like data manipulation, account misuse, and information leakage. This study integrates Blackbox Testing and the CIA Triad (Confidentiality, Integrity, Availability) to audit a pharmacy application. Testing employed 19 security scenarios, supported by tools such as SQLmap, Burp Suite, OWASP ZAP, and Apache JMeter to detect vulnerabilities without accessing source code. Results show that the system meets availability requirements and provides audit logging for user activity monitoring. However, confidentiality and integrity weaknesses were identified: input validation allowed illogical data like negative stock, potential SQL Injection existed on the login page, and password encryption was insufficient. Strengthening input sanitization, adopting strong encryption, and enhancing authentication are necessary to close security gaps and improve system reliability.