Kevin Santiago Rey Rodriguez, Julián David Avellaneda Galindo, Josep Tárrega Juan, Juan Ramón Bermejo Higuera^*, Javier Bermejo Higuera, Juan Antonio Sicilia Montalvo

CMC-Computers, Materials & Continua, Vol.85, No.1, pp. 1807-1858, 2025, DOI:10.32604/cmc.2025.067127 - 29 August 2025

Abstract In today’s rapidly evolving digital landscape, web application security has become paramount as organizations face increasingly sophisticated cyber threats. This work presents a comprehensive methodology for implementing robust security measures in modern web applications and the proof of the Methodology applied to Vue.js, Spring Boot, and MySQL architecture. The proposed approach addresses critical security challenges through a multi-layered framework that encompasses essential security dimensions including multi-factor authentication, fine-grained authorization controls, sophisticated session management, data confidentiality and integrity protection, secure logging mechanisms, comprehensive error handling, high availability strategies, advanced input validation, and security headers implementation. Significant… More >

Stefan Ćirković¹, Vladimir Mladenović¹, Siniša Tomić², Dalibor Drljača², Olga Ristić^1,*

CMC-Computers, Materials & Continua, Vol.82, No.3, pp. 4409-4430, 2025, DOI:10.32604/cmc.2025.059696 - 06 March 2025

Abstract With the increasing use of web applications, challenges in the field of cybersecurity are becoming more complex. This paper explores the application of fine-tuned large language models (LLMs) for the automatic generation of synthetic attacks, including XSS (Cross-Site Scripting), SQL Injections, and Command Injections. A web application has been developed that allows penetration testers to quickly generate high-quality payloads without the need for in-depth knowledge of artificial intelligence. The fine-tuned language model demonstrates the capability to produce synthetic payloads that closely resemble real-world attacks. This approach not only improves the model’s precision and dependability but… More >

Hassan Saeed¹, Imran Shafi¹, Jamil Ahmad², Adnan Ahmed Khan³, Tahir Khurshaid^4,*, Imran Ashraf^5,*

CMC-Computers, Materials & Continua, Vol.82, No.1, pp. 139-172, 2025, DOI:10.32604/cmc.2024.057587 - 03 January 2025

Abstract Software-related security aspects are a growing and legitimate concern, especially with 5G data available just at our palms. To conduct research in this field, periodic comparative analysis is needed with the new techniques coming up rapidly. The purpose of this study is to review the recent developments in the field of security integration in the software development lifecycle (SDLC) by analyzing the articles published in the last two decades and to propose a way forward. This review follows Kitchenham’s review protocol. The review has been divided into three main stages including planning, execution, and analysis.… More >

Sameh Zarif^1,2,*, Hadier Moawad², Khalid Amin², Abdullah Alharbi³, Wail S. Elkilani⁴, Shouze Tang⁵, Marian Wagdy⁶

Computer Systems Science and Engineering, Vol.49, pp. 79-98, 2025, DOI:10.32604/csse.2024.057439 - 03 January 2025

Abstract Authentication is the most crucial aspect of security and a predominant measure employed in cybersecurity. Cloud computing provides a shared electronic device resource for users via the internet, and the authentication techniques used must protect data from attacks. Previous approaches failed to resolve the challenge of making passwords secure, memorable, usable, and time-saving. Graphical Password (GP) is still not widely utilized in reality because consumers suffer from multiple login stages. This paper proposes an Indexed Choice-Based Graphical Password (ICGP) scheme for improving the authentication part. ICGP consists of two stages: registration and authentication. At the… More >

Yanmei Shi¹, Wei Yu^2,*, Yanxia Zhao^3,*, Yungang Jia⁴

CMES-Computer Modeling in Engineering & Sciences, Vol.140, No.1, pp. 887-906, 2024, DOI:10.32604/cmes.2024.046140 - 16 April 2024

Abstract Web application fingerprint recognition is an effective security technology designed to identify and classify web applications, thereby enhancing the detection of potential threats and attacks. Traditional fingerprint recognition methods, which rely on preannotated feature matching, face inherent limitations due to the ever-evolving nature and diverse landscape of web applications. In response to these challenges, this work proposes an innovative web application fingerprint recognition method founded on clustering techniques. The method involves extensive data collection from the Tranco List, employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction. The core… More >

Seog Chung Seo¹, HeeSeok Kim^2,*

Computer Systems Science and Engineering, Vol.46, No.2, pp. 2091-2107, 2023, DOI:10.32604/csse.2023.035064 - 09 February 2023

Abstract With the rapid development of quantum computers capable of realizing Shor’s algorithm, existing public key-based algorithms face a significant security risk. Crystals-Kyber has been selected as the only key encapsulation mechanism (KEM) algorithm in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) competition. In this study, we present a portable and efficient implementation of a Crystals-Kyber post-quantum KEM based on WebAssembly (Wasm), a recently released portable execution framework for high-performance web applications. Until now, most Kyber implementations have been developed with native programming languages such as C and Assembly. Although there are… More >

Xuyan Song, Yiting Qin, Xinyao Liu, Baojiang Cui^*, Junsong Fu

CMC-Computers, Materials & Continua, Vol.75, No.1, pp. 2061-2078, 2023, DOI:10.32604/cmc.2023.034505 - 06 February 2023

Abstract Fileless webshell attacks against Java web applications have become more frequent in recent years as Java has gained market share. Webshell is a malicious script that can remotely execute commands and invade servers. It is widely used in attacks against web applications. In contrast to traditional file-based webshells, fileless webshells leave no traces on the hard drive, which means they are invisible to most antivirus software. To make matters worse, although there are some studies on fileless webshells, almost all of them are aimed at web applications developed in the PHP language. The complex mechanism… More >

Tomás Sureda Riera^1,*, Juan Ramón Bermejo Higuera², Javier Bermejo Higuera², Juan Antonio Sicilia Montalvo², José Javier Martínez Herráiz¹

CMES-Computer Modeling in Engineering & Sciences, Vol.133, No.3, pp. 579-599, 2022, DOI:10.32604/cmes.2022.020976 - 03 August 2022

Abstract Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources. Thus, different approaches to protect web applications have been proposed to date. Of them, the two major approaches areWeb Application Firewalls (WAF) and Runtime Application Self Protection (RASP). It is, thus, essential to understand the differences and relative effectiveness of both these approaches for effective decisionmaking regarding the security of web applications. Here we present a comparative study between WAF and RASP simulated settings, with the aim to compare their effectiveness and efficiency against different categories More >

Nadeem Fakhar Malik^1,*, Aamer Nadeem¹, Muddassar Azam Sindhu²

Intelligent Automation & Soft Computing, Vol.33, No.1, pp. 429-455, 2022, DOI:10.32604/iasc.2022.023423 - 05 January 2022

Abstract The testing of Ajax (Asynchronous JavaScript and XML) web applications poses novel challenges for testers because Ajax constructs dynamic web applications by using Asynchronous communication and run time Document Object Model (DOM) manipulation. Ajax involves extreme dynamism, which induces novel kind of issues like state explosion, triggering state changes and unreachable states etc. that require more demanding web-testing methods. Model based testing is amongst the effective approaches to detect faults in web applications. However, the state model generated for an Ajax application can be enormous and may be hit by state explosion problem for large… More >

Abdullah Alharbi¹, Masood Ahmad², Wael Alosaimi¹, Hashem Alyami³, Alka Agrawal², Rajeev Kumar^4,*, Abdul Wahid⁵, Raees Ahmad Khan²

Computer Systems Science and Engineering, Vol.41, No.2, pp. 557-567, 2022, DOI:10.32604/csse.2022.020843 - 25 October 2021

Abstract Security has always been a vital research topic since the birth of web application. A great deal of research has been conducted to determine the ways of identifying and classifying security issues or goals However, in the recent years, it has been noticed that high secure web applications have less durability; thus reducing their business continuity. High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability. Hence, there is a need to bridge the gap between security and durability of the… More >