Yongbo Jiang, Shengnan Huang, Tao Feng, Baofeng Duan^*

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-22, 2026, DOI:10.32604/cmc.2025.069423 - 10 November 2025

Abstract In the context of modern software development characterized by increasing complexity and compressed development cycles, traditional static vulnerability detection methods face prominent challenges including high false positive rates and missed detections of complex logic due to their over-reliance on rule templates. This paper proposes a Syntax-Aware Hierarchical Attention Network (SAHAN) model, which achieves high-precision vulnerability detection through grammar-rule-driven multi-granularity code slicing and hierarchical semantic fusion mechanisms. The SAHAN model first generates Syntax Independent Units (SIUs), which slices the code based on Abstract Syntax Tree (AST) and predefined grammar rules, retaining vulnerability-sensitive contexts. Following this, through More >

Xiaohu Song¹, Zhiliang Zhu^2,*

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-19, 2026, DOI:10.32604/cmc.2025.068930 - 10 November 2025

Abstract Vulnerabilities are a known problem in modern Open Source Software (OSS). Most developers often rely on third-party libraries to accelerate feature implementation. However, these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code, posing security risks to dependent projects. Existing research addresses these challenges through Software Composition Analysis (SCA) for vulnerability detection and remediation. Nevertheless, current solutions may introduce additional issues, such as incompatibilities, dependency conflicts, and additional vulnerabilities. To address this, we propose Vulnerability Scan and Protection (), a robust solution for detection and remediation vulnerabilities in Java projects. Specifically, builds… More >

Brian Mweu^1,*, John Ndia²

Journal of Cyber Security, Vol.7, pp. 417-437, 2025, DOI:10.32604/jcs.2025.071765 - 10 October 2025

Abstract Static analysis methods are crucial in developing secure software, as they allow for the early identification of vulnerabilities before the software is executed. This systematic review follows Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) 2020 guidelines to assess static analysis techniques for software security enhancement. We systematically searched IEEE Xplore, Association for Computing Machinery (ACM) Digital Library, SpringerLink, and ScienceDirect for journal articles published between 2017 and 2025. The review examines hybrid analyses and machine learning integration to enhance vulnerability detection accuracy. Static analysis tools enable early fault detection but face persistent challenges. More >

Nouman Ahmad^*, Changsheng Zhang

CMC-Computers, Materials & Continua, Vol.85, No.2, pp. 3321-3334, 2025, DOI:10.32604/cmc.2025.067044 - 23 September 2025

Abstract Source code vulnerabilities present significant security threats, necessitating effective detection techniques. Rigid rule-sets and pattern matching are the foundation of traditional static analysis tools, which drown developers in false positives and miss context-sensitive vulnerabilities. Large Language Models (LLMs) like BERT, in particular, are examples of artificial intelligence (AI) that exhibit promise but frequently lack transparency. In order to overcome the issues with model interpretability, this work suggests a BERT-based LLM strategy for vulnerability detection that incorporates Explainable AI (XAI) methods like SHAP and attention heatmaps. Furthermore, to ensure auditable and comprehensible choices, we present a… More >

Fatima Tanveer¹, Faisal Iradat^1,*, Waseem Iqbal^2,*, Awais Ahmad³

CMC-Computers, Materials & Continua, Vol.84, No.3, pp. 4223-4257, 2025, DOI:10.32604/cmc.2025.067536 - 30 July 2025

Abstract RESTful APIs have been adopted as the standard way of developing web services, allowing for smooth communication between clients and servers. Their simplicity, scalability, and compatibility have made them crucial to modern web environments. However, the increased adoption of RESTful APIs has simultaneously exposed these interfaces to significant security threats that jeopardize the availability, confidentiality, and integrity of web services. This survey focuses exclusively on RESTful APIs, providing an in-depth perspective distinct from studies addressing other API types such as GraphQL or SOAP. We highlight concrete threats—such as injection attacks and insecure direct object references… More >

Adarsh Anand¹, Divya¹, Deepti Aggrawal², Omar H. Alhazmi^3,*

CMC-Computers, Materials & Continua, Vol.84, No.1, pp. 1529-1544, 2025, DOI:10.32604/cmc.2025.063361 - 09 June 2025

Abstract Software systems are vulnerable to security breaches as they expand in complexity and functionality. The confidentiality, integrity, and availability of data are gravely threatened by flaws in a system’s design, implementation, or configuration. To guarantee the durability & robustness of the software, vulnerability identification and fixation have become crucial areas of focus for developers, cybersecurity experts and industries. This paper presents a thorough multi-phase mathematical model for efficient patch management and vulnerability detection. To uniquely model these processes, the model incorporated the notion of the learning phenomenon in describing vulnerability fixation using a logistic learning… More >

Ra-Yeon Choi¹, Yeji Song², Minsoo Jang¹, Taekyung Kim³, Jinhyun Ahn^4,*, Dong-Hyuk Im^5,*

CMC-Computers, Materials & Continua, Vol.83, No.1, pp. 785-801, 2025, DOI:10.32604/cmc.2025.061185 - 26 March 2025

Abstract Smart contracts are self-executing programs on blockchains that manage complex business logic with transparency and integrity. However, their immutability after deployment makes programming errors particularly critical, as such errors can be exploited to compromise blockchain security. Existing vulnerability detection methods often rely on fixed rules or target specific vulnerabilities, limiting their scalability and adaptability to diverse smart contract scenarios. Furthermore, natural language processing approaches for source code analysis frequently fail to capture program flow, which is essential for identifying structural vulnerabilities. To address these limitations, we propose a novel model that integrates textual and structural… More >

Guan-Yan Yang^1,*, Yi-Heng Ko¹, Farn Wang¹, Kuo-Hui Yeh², Haw-Shiang Chang¹, Hsueh Yi Chen¹

The International Conference on Computational & Experimental Engineering and Sciences, Vol.32, No.1, pp. 1-4, 2024, DOI:10.32604/icces.2024.013297

Abstract 1 Introduction
Ensuring the absence of exploitable vulnerabilities within applications has always been a critical aspect of software development [1-3]. Traditional code security testing methods often rely on manual inspection or rule-based approaches, which can be time-consuming and prone to human errors. With the recent advancements in natural language processing, deep learning has emerged as a viable approach for code security testing. In this work, we investigated the application of deep learning techniques to code security testing to enhance the efficiency and effectiveness of security analysis in the software development process. In 2022, Wartschinski et al.… More >

Tao Zheng¹, Rui Tang^1,2,3, Xingshu Chen^1,2,3,*, Changxiang Shen¹

CMC-Computers, Materials & Continua, Vol.81, No.1, pp. 1595-1612, 2024, DOI:10.32604/cmc.2024.055180 - 15 October 2024

Abstract RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms. Existing tools struggle with generating lengthy, high-semantic request sequences that can pass Kubernetes API gateway checks. To address this, we propose KubeFuzzer, a black-box fuzzing tool designed for Kubernetes RESTful APIs. KubeFuzzer utilizes Natural Language Processing (NLP) to extract and integrate semantic information from API specifications and response messages, guiding the generation of more effective request sequences. Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86% to 36.34%, increases the successful response rate by More >

Yaqiong He, Jinlin Fan^*, Huaiguang Wu

CMC-Computers, Materials & Continua, Vol.80, No.1, pp. 995-1032, 2024, DOI:10.32604/cmc.2024.052887 - 18 July 2024

Abstract With the rise of blockchain technology, the security issues of smart contracts have become increasingly critical. Despite the availability of numerous smart contract vulnerability detection tools, many face challenges such as slow updates, usability issues, and limited installation methods. These challenges hinder the adoption and practicality of these tools. This paper examines smart contract vulnerability detection tools from 2016 to 2023, sourced from the Web of Science (WOS) and Google Scholar. By systematically collecting, screening, and synthesizing relevant research, 38 open-source tools that provide installation methods were selected for further investigation. From a developer’s perspective,… More >