Yanmei Shi¹, Wei Yu^2,*, Yanxia Zhao^3,*, Yungang Jia⁴

CMES-Computer Modeling in Engineering & Sciences, Vol.140, No.1, pp. 887-906, 2024, DOI:10.32604/cmes.2024.046140

Abstract Web application fingerprint recognition is an effective security technology designed to identify and classify web applications, thereby enhancing the detection of potential threats and attacks. Traditional fingerprint recognition methods, which rely on preannotated feature matching, face inherent limitations due to the ever-evolving nature and diverse landscape of web applications. In response to these challenges, this work proposes an innovative web application fingerprint recognition method founded on clustering techniques. The method involves extensive data collection from the Tranco List, employing adjusted feature selection built upon Wappalyzer and noise reduction through truncated SVD dimensionality reduction. The core of the methodology lies in… More >

Seog Chung Seo¹, HeeSeok Kim^2,*

Computer Systems Science and Engineering, Vol.46, No.2, pp. 2091-2107, 2023, DOI:10.32604/csse.2023.035064

Abstract With the rapid development of quantum computers capable of realizing Shor’s algorithm, existing public key-based algorithms face a significant security risk. Crystals-Kyber has been selected as the only key encapsulation mechanism (KEM) algorithm in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) competition. In this study, we present a portable and efficient implementation of a Crystals-Kyber post-quantum KEM based on WebAssembly (Wasm), a recently released portable execution framework for high-performance web applications. Until now, most Kyber implementations have been developed with native programming languages such as C and Assembly. Although there are a few previous Kyber implementations… More >

Xuyan Song, Yiting Qin, Xinyao Liu, Baojiang Cui^*, Junsong Fu

CMC-Computers, Materials & Continua, Vol.75, No.1, pp. 2061-2078, 2023, DOI:10.32604/cmc.2023.034505

Abstract Fileless webshell attacks against Java web applications have become more frequent in recent years as Java has gained market share. Webshell is a malicious script that can remotely execute commands and invade servers. It is widely used in attacks against web applications. In contrast to traditional file-based webshells, fileless webshells leave no traces on the hard drive, which means they are invisible to most antivirus software. To make matters worse, although there are some studies on fileless webshells, almost all of them are aimed at web applications developed in the PHP language. The complex mechanism of Java makes researchers face… More >

Tomás Sureda Riera^1,*, Juan Ramón Bermejo Higuera², Javier Bermejo Higuera², Juan Antonio Sicilia Montalvo², José Javier Martínez Herráiz¹

CMES-Computer Modeling in Engineering & Sciences, Vol.133, No.3, pp. 579-599, 2022, DOI:10.32604/cmes.2022.020976

Abstract Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources. Thus, different approaches to protect web applications have been proposed to date. Of them, the two major approaches areWeb Application Firewalls (WAF) and Runtime Application Self Protection (RASP). It is, thus, essential to understand the differences and relative effectiveness of both these approaches for effective decisionmaking regarding the security of web applications. Here we present a comparative study between WAF and RASP simulated settings, with the aim to compare their effectiveness and efficiency against different categories of attacks. For this, we… More >

Nadeem Fakhar Malik^1,*, Aamer Nadeem¹, Muddassar Azam Sindhu²

Intelligent Automation & Soft Computing, Vol.33, No.1, pp. 429-455, 2022, DOI:10.32604/iasc.2022.023423

Abstract The testing of Ajax (Asynchronous JavaScript and XML) web applications poses novel challenges for testers because Ajax constructs dynamic web applications by using Asynchronous communication and run time Document Object Model (DOM) manipulation. Ajax involves extreme dynamism, which induces novel kind of issues like state explosion, triggering state changes and unreachable states etc. that require more demanding web-testing methods. Model based testing is amongst the effective approaches to detect faults in web applications. However, the state model generated for an Ajax application can be enormous and may be hit by state explosion problem for large number of user action based… More >

Jesus Hamilton Ortiz¹, Osamah Ibrahim Khalaf², Fernando Velez Varela^3,*, Nicolas Minotta Rodriguez³, Christian Andres Mosquera Gil³

Journal on Internet of Things, Vol.3, No.3, pp. 87-97, 2021, DOI:10.32604/jiot.2021.014737

Abstract In recent years, the Internet has gradually developed into a mature tool, which can integrate technologies involved in different application scenarios. The Internet allows the integration of solutions to different problems, which benefits both users and companies. The Internet of Things is a further development of the Internet, which can further realize the interconnection of people, machines, and things. The work of this paper mainly focuses on the use of Internet of Things technology to achieve efficient management. A wireless device is designed in the paper, which can be integrated in a helmet. This helmet can be used in some… More >

Abdullah Alharbi¹, Masood Ahmad², Wael Alosaimi¹, Hashem Alyami³, Alka Agrawal², Rajeev Kumar^4,*, Abdul Wahid⁵, Raees Ahmad Khan²

Computer Systems Science and Engineering, Vol.41, No.2, pp. 557-567, 2022, DOI:10.32604/csse.2022.020843

Abstract Security has always been a vital research topic since the birth of web application. A great deal of research has been conducted to determine the ways of identifying and classifying security issues or goals However, in the recent years, it has been noticed that high secure web applications have less durability; thus reducing their business continuity. High security features of a web application are worthless unless they provide effective services to the user and meet the standards of commercial viability. Hence, there is a need to bridge the gap between security and durability of the web application. Indeed, security mechanisms… More >

Juan Ramón Bermejo Higuera¹, Javier Bermejo Higuera¹, Juan Antonio Sicilia Montalvo¹, Tomás Sureda Riera², Christopher I. Argyros³, Á. Alberto Magreñán^4,*

CMES-Computer Modeling in Engineering & Sciences, Vol.129, No.2, pp. 541-565, 2021, DOI:10.32604/cmes.2021.017213

Abstract Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity. The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed. To utilize the possible synergies different static analysis tools may process, this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives. Specifically, five static analysis tools will be combined with… More >

Ahmed S. Alfakeeh¹, Abdulmohsen Almalawi², Fawaz Jaber Alsolami², Yoosef B. Abushark², Asif Irshad Khan^2,*, Adel Aboud S. Bahaddad¹, Alka Agrawal³, Rajeev Kumar⁴, Raees Ahmad Khan³

CMC-Computers, Materials & Continua, Vol.70, No.2, pp. 2297-2317, 2022, DOI:10.32604/cmc.2022.020146

Abstract Security is an important component in the process of developing healthcare web applications. We need to ensure security maintenance; therefore the analysis of healthcare web application's security risk is of utmost importance. Properties must be considered to minimise the security risk. Additionally, security risk management activities are revised, prepared, implemented, tracked, and regularly set up efficiently to design the security of healthcare web applications. Managing the security risk of a healthcare web application must be considered as the key component. Security is, in specific, seen as an add-on during the development process of healthcare web applications, but not as the… More >

Adil Hussain Seh¹, Jehad F. Al-Amri², Ahmad F. Subahi³, Md Tarique Jamal Ansari¹, Rajeev Kumar^4,*, Mohammad Ubaidullah Bokhari⁵, Raees Ahmad Khan¹

CMC-Computers, Materials & Continua, Vol.70, No.1, pp. 469-489, 2022, DOI:10.32604/cmc.2022.019593

Abstract Transformation from conventional business management systems to smart digital systems is a recurrent trend in the current era. This has led to digital revolution, and in this context, the hardwired technologies in the software industry play a significant role However, from the beginning, software security remains a serious issue for all levels of stakeholders. Software vulnerabilities lead to intrusions that cause data breaches and result in disclosure of sensitive data, compromising the organizations’ reputation that translates into, financial losses as well. Most of the data breaches are financially motivated, especially in the healthcare sector. The cyber invaders continuously penetrate the… More >