Brian Mweu^1,*, John Ndia²

Journal of Cyber Security, Vol.7, pp. 417-437, 2025, DOI:10.32604/jcs.2025.071765 - 10 October 2025

Abstract Static analysis methods are crucial in developing secure software, as they allow for the early identification of vulnerabilities before the software is executed. This systematic review follows Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) 2020 guidelines to assess static analysis techniques for software security enhancement. We systematically searched IEEE Xplore, Association for Computing Machinery (ACM) Digital Library, SpringerLink, and ScienceDirect for journal articles published between 2017 and 2025. The review examines hybrid analyses and machine learning integration to enhance vulnerability detection accuracy. Static analysis tools enable early fault detection but face persistent challenges. More >

Nouman Ahmad^*, Changsheng Zhang

CMC-Computers, Materials & Continua, Vol.85, No.2, pp. 3321-3334, 2025, DOI:10.32604/cmc.2025.067044 - 23 September 2025

Abstract Source code vulnerabilities present significant security threats, necessitating effective detection techniques. Rigid rule-sets and pattern matching are the foundation of traditional static analysis tools, which drown developers in false positives and miss context-sensitive vulnerabilities. Large Language Models (LLMs) like BERT, in particular, are examples of artificial intelligence (AI) that exhibit promise but frequently lack transparency. In order to overcome the issues with model interpretability, this work suggests a BERT-based LLM strategy for vulnerability detection that incorporates Explainable AI (XAI) methods like SHAP and attention heatmaps. Furthermore, to ensure auditable and comprehensible choices, we present a… More >

Fatima Tanveer¹, Faisal Iradat^1,*, Waseem Iqbal^2,*, Awais Ahmad³

CMC-Computers, Materials & Continua, Vol.84, No.3, pp. 4223-4257, 2025, DOI:10.32604/cmc.2025.067536 - 30 July 2025

Abstract RESTful APIs have been adopted as the standard way of developing web services, allowing for smooth communication between clients and servers. Their simplicity, scalability, and compatibility have made them crucial to modern web environments. However, the increased adoption of RESTful APIs has simultaneously exposed these interfaces to significant security threats that jeopardize the availability, confidentiality, and integrity of web services. This survey focuses exclusively on RESTful APIs, providing an in-depth perspective distinct from studies addressing other API types such as GraphQL or SOAP. We highlight concrete threats—such as injection attacks and insecure direct object references… More >

Adarsh Anand¹, Divya¹, Deepti Aggrawal², Omar H. Alhazmi^3,*

CMC-Computers, Materials & Continua, Vol.84, No.1, pp. 1529-1544, 2025, DOI:10.32604/cmc.2025.063361 - 09 June 2025

Abstract Software systems are vulnerable to security breaches as they expand in complexity and functionality. The confidentiality, integrity, and availability of data are gravely threatened by flaws in a system’s design, implementation, or configuration. To guarantee the durability & robustness of the software, vulnerability identification and fixation have become crucial areas of focus for developers, cybersecurity experts and industries. This paper presents a thorough multi-phase mathematical model for efficient patch management and vulnerability detection. To uniquely model these processes, the model incorporated the notion of the learning phenomenon in describing vulnerability fixation using a logistic learning… More >

Ra-Yeon Choi¹, Yeji Song², Minsoo Jang¹, Taekyung Kim³, Jinhyun Ahn^4,*, Dong-Hyuk Im^5,*

CMC-Computers, Materials & Continua, Vol.83, No.1, pp. 785-801, 2025, DOI:10.32604/cmc.2025.061185 - 26 March 2025

Abstract Smart contracts are self-executing programs on blockchains that manage complex business logic with transparency and integrity. However, their immutability after deployment makes programming errors particularly critical, as such errors can be exploited to compromise blockchain security. Existing vulnerability detection methods often rely on fixed rules or target specific vulnerabilities, limiting their scalability and adaptability to diverse smart contract scenarios. Furthermore, natural language processing approaches for source code analysis frequently fail to capture program flow, which is essential for identifying structural vulnerabilities. To address these limitations, we propose a novel model that integrates textual and structural… More >

Guan-Yan Yang^1,*, Yi-Heng Ko¹, Farn Wang¹, Kuo-Hui Yeh², Haw-Shiang Chang¹, Hsueh Yi Chen¹

The International Conference on Computational & Experimental Engineering and Sciences, Vol.32, No.1, pp. 1-4, 2024, DOI:10.32604/icces.2024.013297

Abstract 1 Introduction
Ensuring the absence of exploitable vulnerabilities within applications has always been a critical aspect of software development [1-3]. Traditional code security testing methods often rely on manual inspection or rule-based approaches, which can be time-consuming and prone to human errors. With the recent advancements in natural language processing, deep learning has emerged as a viable approach for code security testing. In this work, we investigated the application of deep learning techniques to code security testing to enhance the efficiency and effectiveness of security analysis in the software development process. In 2022, Wartschinski et al.… More >

Tao Zheng¹, Rui Tang^1,2,3, Xingshu Chen^1,2,3,*, Changxiang Shen¹

CMC-Computers, Materials & Continua, Vol.81, No.1, pp. 1595-1612, 2024, DOI:10.32604/cmc.2024.055180 - 15 October 2024

Abstract RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms. Existing tools struggle with generating lengthy, high-semantic request sequences that can pass Kubernetes API gateway checks. To address this, we propose KubeFuzzer, a black-box fuzzing tool designed for Kubernetes RESTful APIs. KubeFuzzer utilizes Natural Language Processing (NLP) to extract and integrate semantic information from API specifications and response messages, guiding the generation of more effective request sequences. Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86% to 36.34%, increases the successful response rate by More >

Yaqiong He, Jinlin Fan^*, Huaiguang Wu

CMC-Computers, Materials & Continua, Vol.80, No.1, pp. 995-1032, 2024, DOI:10.32604/cmc.2024.052887 - 18 July 2024

Abstract With the rise of blockchain technology, the security issues of smart contracts have become increasingly critical. Despite the availability of numerous smart contract vulnerability detection tools, many face challenges such as slow updates, usability issues, and limited installation methods. These challenges hinder the adoption and practicality of these tools. This paper examines smart contract vulnerability detection tools from 2016 to 2023, sourced from the Web of Science (WOS) and Google Scholar. By systematically collecting, screening, and synthesizing relevant research, 38 open-source tools that provide installation methods were selected for further investigation. From a developer’s perspective,… More >

Jiawei Qin^1,2, Hua Zhang^1,*, Hanbing Yan², Tian Zhu², Song Hu¹, Dingyu Yan²

Intelligent Automation & Soft Computing, Vol.39, No.3, pp. 527-544, 2024, DOI:10.32604/iasc.2024.047509 - 11 July 2024

Abstract By the analysis of vulnerabilities of Android native system services, we find that some vulnerabilities are caused by inconsistent data transmission and inconsistent data processing logic between client and server. The existing research cannot find the above two types of vulnerabilities and the test cases of them face the problem of low coverage. In this paper, we propose an extraction method of test cases based on the native system services of the client and design a case construction method that supports multi-parameter mutation based on genetic algorithm and priority strategy. Based on the above method, More >

Bui Van Cong¹, Cho Do Xuan^2,*

CMC-Computers, Materials & Continua, Vol.79, No.3, pp. 3699-3723, 2024, DOI:10.32604/cmc.2024.050019 - 20 June 2024

Abstract The detection of software vulnerabilities written in C and C++ languages takes a lot of attention and interest today. This paper proposes a new framework called DrCSE to improve software vulnerability detection. It uses an intelligent computation technique based on the combination of two methods: Rebalancing data and representation learning to analyze and evaluate the code property graph (CPG) of the source code for detecting abnormal behavior of software vulnerabilities. To do that, DrCSE performs a combination of 3 main processing techniques: (i) building the source code feature profiles, (ii) rebalancing data, and (iii) contrastive… More >