Abdulgbar A. R. Farea¹, Gehad Abdullah Amran^2,*, Ebraheem Farea³, Amerah Alabrah^4,*, Ahmed A. Abdulraheem⁵, Muhammad Mursil⁶, Mohammed A. A. Al-qaness⁷

CMC-Computers, Materials & Continua, Vol.76, No.3, pp. 3605-3622, 2023, DOI:10.32604/cmc.2023.040121

Abstract E-commerce, online ticketing, online banking, and other web-based applications that handle sensitive data, such as passwords, payment information, and financial information, are widely used. Various web developers may have varying levels of understanding when it comes to securing an online application. Structured Query language SQL injection and cross-site scripting are the two vulnerabilities defined by the Open Web Application Security Project (OWASP) for its 2017 Top Ten List Cross Site Scripting (XSS). An attacker can exploit these two flaws and launch malicious web-based actions as a result of these flaws. Many published articles focused on these attacks’ binary classification. This… More >

Xuyan Song, Yiting Qin, Xinyao Liu, Baojiang Cui^*, Junsong Fu

CMC-Computers, Materials & Continua, Vol.75, No.1, pp. 2061-2078, 2023, DOI:10.32604/cmc.2023.034505

Abstract Fileless webshell attacks against Java web applications have become more frequent in recent years as Java has gained market share. Webshell is a malicious script that can remotely execute commands and invade servers. It is widely used in attacks against web applications. In contrast to traditional file-based webshells, fileless webshells leave no traces on the hard drive, which means they are invisible to most antivirus software. To make matters worse, although there are some studies on fileless webshells, almost all of them are aimed at web applications developed in the PHP language. The complex mechanism of Java makes researchers face… More >

Mengmeng Ge¹, Xiangzhan Yu^1,*, Lin Ye^1,2, Jiantao Shi¹

CMC-Computers, Materials & Continua, Vol.71, No.2, pp. 3393-3405, 2022, DOI:10.32604/cmc.2022.017220

Abstract With the rapid development of the Internet, the types of webpages are more abundant than in previous decades. However, it becomes severe that people are facing more and more significant network security risks and enormous losses caused by phishing webpages, which imitate the interface of real webpages and deceive the victims. To better identify and distinguish phishing webpages, a visual feature extraction method and a visual similarity algorithm are proposed. First, the visual feature extraction method improves the Vision-based Page Segmentation (VIPS) algorithm to extract the visual block and calculate its signature by perceptual hash technology. Second, the visual similarity… More >

Abdulwahed Awad Almutairi¹, Shailendra Mishra^2,*, Mohammed AlShehri¹

Computer Systems Science and Engineering, Vol.40, No.3, pp. 1233-1248, 2022, DOI:10.32604/csse.2022.019427

Abstract Web applications have become a widely accepted method to support the internet for the past decade. Since they have been successfully installed in the business activities and there is a requirement of advanced functionalities, the configuration is growing and becoming more complicated. The growing demand and complexity also make these web applications a preferred target for intruders on the internet. Even with the support of security specialists, they remain highly problematic for the complexity of penetration and code reviewing methods. It requires considering different testing patterns in both codes reviewing and penetration testing. As a result, the number of hacked… More >

Bader Rasheed¹, Adil Khan¹, S. M. Ahsan Kazmi², Rasheed Hussain², Md. Jalil Piran^3,*, Doug Young Suh⁴

CMC-Computers, Materials & Continua, Vol.68, No.1, pp. 921-939, 2021, DOI:10.32604/cmc.2021.015452

Abstract Detecting malicious Uniform Resource Locators (URLs) is crucially important to prevent attackers from committing cybercrimes. Recent researches have investigated the role of machine learning (ML) models to detect malicious URLs. By using ML algorithms, first, the features of URLs are extracted, and then different ML models are trained. The limitation of this approach is that it requires manual feature engineering and it does not consider the sequential patterns in the URL. Therefore, deep learning (DL) models are used to solve these issues since they are able to perform featureless detection. Furthermore, DL models give better accuracy and generalization to newly… More >

Chaochao Luo¹, Shen Su^{2, *}, Yanbin Sun², Qingji Tan³, Meng Han⁴, Zhihong Tian^{2, *}

CMC-Computers, Materials & Continua, Vol.62, No.1, pp. 399-411, 2020, DOI:10.32604/cmc.2020.06507

Abstract Since the web service is essential in daily lives, cyber security becomes more and more important in this digital world. Malicious Uniform Resource Locator (URL) is a common and serious threat to cybersecurity. It hosts unsolicited content and lure unsuspecting users to become victim of scams, such as theft of private information, monetary loss, and malware installation. Thus, it is imperative to detect such threats. However, traditional approaches for malicious URLs detection that based on the blacklists are easy to be bypassed and lack the ability to detect newly generated malicious URLs. In this paper, we propose a novel malicious… More >