Fahad A. Alzahrani^*

CMC-Computers, Materials & Continua, Vol.66, No.3, pp. 2599-2625, 2021, DOI:10.32604/cmc.2021.013124 - 28 December 2020

Abstract Usability and security are often considered contradictory in nature. One has a negative impact on the other. In order to satisfy the needs of users with the security perspective, the relationship and trade-offs among security and usability must be distinguished. Security practitioners are working on developing new approaches that would help to secure healthcare web applications as well increase usability of the web applications. In the same league, the present research endeavour is premised on the usable-security of healthcare web applications. For a compatible blend of usability and security that would fulfill the users’ requirments,… More >

Roddy A. Correa¹, Juan Ramón Bermejo Higuera², Javier Bermejo Higuera², Juan Antonio Sicilia Montalvo², Manuel Sánchez Rubio², Á. Alberto Magreñán^3,*

CMES-Computer Modeling in Engineering & Sciences, Vol.126, No.1, pp. 89-124, 2021, DOI:10.32604/cmes.2021.010700 - 22 December 2020

Abstract This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications. The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box, to carry out the security validation of a web application in an agile and precise way. The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks. Each one of the phases contemplated in the methodology is supported by security analysis tools of different… More >

Abdulaziz Attaallah¹, Abdullah Algarni¹, Raees Ahmad Khan^2,*

CMC-Computers, Materials & Continua, Vol.66, No.2, pp. 1849-1865, 2021, DOI:10.32604/cmc.2020.013854 - 26 November 2020

Abstract The advanced technological need, exacerbated by the flexible time constraints, leads to several more design level unexplored vulnerabilities. Security is an extremely vital component in software development; we must take charge of security and therefore analysis of software security risk assumes utmost significance. In order to handle the cyber-security risk of the web application and protect individuals, information and properties effectively, one must consider what needs to be secured, what are the perceived threats and the protection of assets. Security preparation plans, implements, tracks, updates and consistently develops safety risk management activities. Risk management must… More >

Abid Nisar¹, Waheed Iqbal^1,*, Fawaz Bokhari¹, Faisal Bukhari¹, Khaled Almustafa²

Intelligent Automation & Soft Computing, Vol.26, No.2, pp. 353-365, 2020, DOI:10.31209/2019.100000159

Abstract The adaptive resource provisioning of cloud-hosted applications is enabled to provide a better quality of services to the users of applications. Most of the cloud-hosted applications follow the multi-tier architecture model. However, it is challenging to adaptively provision the resources of multi-tier applications. In this paper, we propose an auto-scaling method to dynamically scale resources for multi-tier web applications. The proposed method exploits the horizontal scaling at the web server tier and vertical scaling at the database tier dynamically to maintain response time guarantees. We evaluated our proposed method on Amazon Web Services using a More >

Juan R. Bermejo Higuera^{1, *}, Javier Bermejo Higuera¹, Juan A. Sicilia Montalvo¹, Javier Cubo Villalba¹, Juan José Nombela Pérez¹

CMC-Computers, Materials & Continua, Vol.64, No.3, pp. 1555-1577, 2020, DOI:10.32604/cmc.2020.010885 - 30 June 2020

Abstract To detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows… More >