Juan Ramón Bermejo Higuera¹, Javier Bermejo Higuera¹, Juan Antonio Sicilia Montalvo¹, Tomás Sureda Riera², Christopher I. Argyros³, Á. Alberto Magreñán^4,*

CMES-Computer Modeling in Engineering & Sciences, Vol.129, No.2, pp. 541-565, 2021, DOI:10.32604/cmes.2021.017213

Abstract Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity. The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed. To utilize the possible synergies different static analysis tools may process, this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives. Specifically, five static analysis tools will be combined with… More >

Ahmed S. Alfakeeh¹, Abdulmohsen Almalawi², Fawaz Jaber Alsolami², Yoosef B. Abushark², Asif Irshad Khan^2,*, Adel Aboud S. Bahaddad¹, Alka Agrawal³, Rajeev Kumar⁴, Raees Ahmad Khan³

CMC-Computers, Materials & Continua, Vol.70, No.2, pp. 2297-2317, 2022, DOI:10.32604/cmc.2022.020146

Abstract Security is an important component in the process of developing healthcare web applications. We need to ensure security maintenance; therefore the analysis of healthcare web application's security risk is of utmost importance. Properties must be considered to minimise the security risk. Additionally, security risk management activities are revised, prepared, implemented, tracked, and regularly set up efficiently to design the security of healthcare web applications. Managing the security risk of a healthcare web application must be considered as the key component. Security is, in specific, seen as an add-on during the development process of healthcare web applications, but not as the… More >

Fahad A. Alzahrani^*

CMC-Computers, Materials & Continua, Vol.67, No.1, pp. 187-209, 2021, DOI:10.32604/cmc.2021.014007

Abstract In the recent years, the booming web-based applications have attracted the hackers’ community. The security risk of the web-based hospital management system (WBHMS) has been increasing rapidly. In the given context, the main goal of all security professionals and website developers is to maintain security divisions and improve on the user’s confidence and satisfaction. At this point, the different WBHMS tackle different types of security risks. In WBHMS, the security of the patients’ medical information is of utmost importance. All in all, there is an inherent security risk of data and assets in the field of the medical industry as… More >

Fahad A. Alzahrani^*

CMC-Computers, Materials & Continua, Vol.66, No.3, pp. 2599-2625, 2021, DOI:10.32604/cmc.2021.013124

Abstract Usability and security are often considered contradictory in nature. One has a negative impact on the other. In order to satisfy the needs of users with the security perspective, the relationship and trade-offs among security and usability must be distinguished. Security practitioners are working on developing new approaches that would help to secure healthcare web applications as well increase usability of the web applications. In the same league, the present research endeavour is premised on the usable-security of healthcare web applications. For a compatible blend of usability and security that would fulfill the users’ requirments, this research proposes an integration… More >

Roddy A. Correa¹, Juan Ramón Bermejo Higuera², Javier Bermejo Higuera², Juan Antonio Sicilia Montalvo², Manuel Sánchez Rubio², Á. Alberto Magreñán^3,*

CMES-Computer Modeling in Engineering & Sciences, Vol.126, No.1, pp. 89-124, 2021, DOI:10.32604/cmes.2021.010700

Abstract This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications. The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box, to carry out the security validation of a web application in an agile and precise way. The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks. Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage, so that… More >

Abdulaziz Attaallah¹, Abdullah Algarni¹, Raees Ahmad Khan^2,*

CMC-Computers, Materials & Continua, Vol.66, No.2, pp. 1849-1865, 2021, DOI:10.32604/cmc.2020.013854

Abstract The advanced technological need, exacerbated by the flexible time constraints, leads to several more design level unexplored vulnerabilities. Security is an extremely vital component in software development; we must take charge of security and therefore analysis of software security risk assumes utmost significance. In order to handle the cyber-security risk of the web application and protect individuals, information and properties effectively, one must consider what needs to be secured, what are the perceived threats and the protection of assets. Security preparation plans, implements, tracks, updates and consistently develops safety risk management activities. Risk management must be interpreted as the major… More >

Abid Nisar¹, Waheed Iqbal^1,*, Fawaz Bokhari¹, Faisal Bukhari¹, Khaled Almustafa²

Intelligent Automation & Soft Computing, Vol.26, No.2, pp. 353-365, 2020, DOI:10.31209/2019.100000159

Abstract The adaptive resource provisioning of cloud-hosted applications is enabled to provide a better quality of services to the users of applications. Most of the cloud-hosted applications follow the multi-tier architecture model. However, it is challenging to adaptively provision the resources of multi-tier applications. In this paper, we propose an auto-scaling method to dynamically scale resources for multi-tier web applications. The proposed method exploits the horizontal scaling at the web server tier and vertical scaling at the database tier dynamically to maintain response time guarantees. We evaluated our proposed method on Amazon Web Services using a real web application. The extensive… More >

Juan R. Bermejo Higuera^{1, *}, Javier Bermejo Higuera¹, Juan A. Sicilia Montalvo¹, Javier Cubo Villalba¹, Juan José Nombela Pérez¹

CMC-Computers, Materials & Continua, Vol.64, No.3, pp. 1555-1577, 2020, DOI:10.32604/cmc.2020.010885

Abstract To detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and… More >