Web Application Security Research Papers (original) (raw)

2025, IFIP Advances in Information and Communication Technology

Cross-Site Request Forgery (CSRF) is listed in the top ten list of the Open Web Application Security Project (OWASP) as one of the most critical threats to web security. A number of protection mechanisms against CSRF exist, but an attacker can often exploit the complexity of modern web applications to bypass these protections by abusing other flaws. We present a formal model-based technique for automatic detection of CSRF. We describe how a web application should be specified in order to facilitate the exposition of CSRF-related vulnerabilities. We use an intruder model, à la Dolev-Yao, and discuss how CSRF attacks may result from the interactions between the intruder and the cryptographic protocols underlying the web application. We demonstrate the effectiveness and usability of our technique with three real-world case studies.

2025, Lecture Notes in Computer Science

In this paper, a solution that aims to help develop web services-based e-business and web services-based business process monitoring is provided. Some issues, such as security models and access control policy, asynchronous transaction support, and reliability of transactions in the process of developing e-business, are addressed in this solution. Moreover, we provide a mechanism to define the web services provided by supplier organizations and to record their business objectives to enable performance measurement.

2025, ANÁLISIS DE UN ATAQUE DE INGENIERÍA SOCIAL

Este articulo de revisión presenta un caso de estudio ficticio sobre un ataque de ingeniería social dirigido a una empresa de telecomunicaciones en Bolivia. El objetivo es analizar cómo las técnicas de manipulación psicológica pueden vulnerar la seguridad institucional incluso sin necesidad de explotar debilidades técnicas.
El documento descompone el ataque en sus cuatro etapas principales: recopilación de información, desarrollo del pretexto, ejecución y reporte. Desde la perspectiva del atacante, se evidencia el uso de ingeniería social para obtener acceso remoto a sistemas críticos mediante el engaño a un técnico de soporte. Desde la perspectiva de la víctima, se analizan las fallas humanas, los impactos operativos y reputacionales, así como las lecciones aprendidas.

2025

Apollo data breach in 2018 exposed over 125 million unique email addresses and nearly nine billion data points, a significant cybersecurity catastrophe for the sales intelligence firm. This essay analyzes the causes and effect of the breach using common frameworks of cybersecurity-CIA Triad, McCumber Cube, and NIST Framework-and offers specialist lessons. By examining Apollo's failure to establish straightforward security boundaries and data protection protocols, this study proposes combined strategies for protecting client data, achieving regulatory compliance, and cultivating operational resiliency among nascent IT organizations.

2025, Information Security Conference

Malicious web pages are an emerging security concern on the Internet due to their popularity and their potential serious impact. Detecting and analysing them are very costly because of their qualities and complexities. In this paper, we present a lightweight scoring mechanism that uses static features to identify potential malicious pages. This mechanism is intended as a filter that allows us to reduce the number suspicious web pages requiring more expensive analysis by other mechanisms that require loading and interpretation of the web pages to determine whether they are malicious or benign. Given its role as a filter, our main aim is to reduce false positives while minimising false negatives. The scoring mechanism has been developed by identifying candidate static features of malicious web pages that are evaluate using a feature selection algorithm. This identifies the most appropriate set of features that can be used to efficiently distinguish between benign and malicious web pages. These features are used to construct a scoring algorithm that allows us to calculate a score for a web page's potential maliciousness. The main advantage of this scoring mechanism compared to a binary classifier is the ability to make a trade-off between accuracy and performance. This allows us to adjust the number of web pages passed to the more expensive analysis mechanism in order to tune overall performance . .

2025, World Journal of Innovation and Modern Technology

The challenges ranging from human errors, repetitive manual labour, unnecessary delays and orthodox as well as conventional operation processes experienced in some cement manufacturing industry are the motivations that instigated this study. Artificial Intelligence has emerged as a transformative technology which has reshaped the business landscape across various industries such as cement industry. Therefore, this study assessed the effect of Artificial Intelligence on sustainable performance in cement manufacturing industry. Specifically, the study investigated how AI driven operational efficiency system, AI driven innovative product quality system and AI driven competitiveness systems enhance the sustainable performance in cement manufacturing companies in Nigeria. Relevant literature was reviewed while the study was anchored on the diffusion of innovation theory. The study adopted a positivistic oncology and used descriptive research design using a survey approach. The population and sample size were obtained and the respondents accessed using the research instrument. The instrument was validated and reliability of the measuring instrument established. The formulated hypotheses were tested using structural equation modeling statistical technique at 5% level of significance. The findings of the study showed that AI driven operational efficiency system has a very significant and positive effect on t he sustainable performance in selected cement manufacturing firms in Nigeria. The findings showed that AI driven innovative product quality system has a very significant and positive effect on sustainable performance. The study established that AI driven competitiveness system has a significant and positive effect on sustainable performance in cement manufacturing firms in Nigeria. The researchers recommend among others that cement manufacturing firms should continue to prioritize strategic investments in AI technologies for enhanced production and operational efficiencies in the areas of predictive maintenance systems, real-time process monitoring, automated quality control for sustained performance. They should develop more strategies through sensitization workshops and AI driven initiatives aimed at improving more competiveness for sustained performance in cement manufacturing industry in Nigeria.

2025, International Journal of Computer Applications Technology and Research

Voice assistants are increasingly being integrated into healthcare environments for data entry, enhancing efficiency and accessibility for healthcare providers. However, using these systems raises critical security and privacy concerns due to the sensitive nature of health data and the unique vulnerabilities of voice-enabled technologies. This paper examines the security and privacy implications of using voice assistants for data entry in healthcare settings, exploring risks associated with data interception, unauthorized access, and inadvertent information leakage. We analyze how voice assistant systems process, store, and transmit data, identifying potential attack vectors and privacy vulnerabilities. The paper also reviews existing regulations and standards, such as HIPAA, that impact the deployment of voice-enabled systems in healthcare. To address these challenges, we propose a framework for secure voice data entry, incorporating multi-layered authentication, encryption, and real-time anomaly detection. Our findings underscore the need for healthcare providers to adopt robust security protocols and privacy practices to ensure compliance and protect patient confidentiality. This research contributes to a growing body of knowledge aimed at the safe and ethical integration of voice assistants in healthcare, providing guidelines for technology developers and healthcare administrators.

2025, International Journal of Information System Modeling and Design

Most of the web applications are hosted by cloud due to low cost and low infrastructure setup required. In this paper, the technology, self web hosting, and cloud web hosting are compared based on different security parameters like key generation (PKI), automatic authentication and protection of intra-tenant networks, secure logging system events, spam filtering, CAPTCHA generation and authentication, and software widgets such as password metering. These parameters are classified into seven categories, and the review has been conducted based on these categories. The bibliometric analysis has been conducted with more than 70 studies found in Web of Science (WoS) database through bibliometric library and biblioshine package in R programming. The outcome of this analysis is presented in tabular form, and open challenges of both the technologies are discussed in detail with proposed solutions.

2025, Journal of Science & Technology

The research aims to improve financial security in the national health insurance market by integrating blockchain technology with cloud-based technologies. The research goals are to provide financial transparency in health insurance schemes, minimise fraud, and improve data privacy. The suggested method offers a solid response to the present problems with financial management in the healthcare industry by utilising the benefits of blockchain technology, such as tamper-proof data storage and decentralised transaction confirmation. The study also looks at how the Nudge theory might help consumers make wise privacy choices while upholding high standards of security and confidence in open banking systems. In-depth reviews of previous research, case studies, and assessments of the functionality of current systems are all part of the methodology. The results show that integrating blockchain with cloud computing can greatly increase the security and efficiency of financial transactions related to health insurance. However, issues remain to be resolved, including blockchain connection with current systems, regulatory compliance, and technological adoption. Recommendations for further research and real-world

2025, ICACT 2024 1st International Conference on Advanced Computing Technologies, NSBM Green University, Homagama, Sri Lanka

In the contemporary digital landscape, websites are essential to online activities, utilizing technologies such as HTML, CSS, and JavaScript. However, the increasing complexity of web applications elevates their susceptibility to security vulnerabilities like SQL injection and Cross-Site Scripting (XSS), which can result in significant data breaches, service disruptions, and exploitation of sensitive information. This paper presents an onsite vulnerability scanner specifically designed for web developers to detect these vulnerabilities before deployment. Developed using Agile methodology, the scanner utilizes a robust technology stack, including Python for backend operations and the MEAN stack (MongoDB, Express.js, Angular, Node.js) for an intuitive user interface. The scanner's value lies in its ability to proactively identify and report common yet critical vulnerabilities, thereby enabling developers to address potential security issues early in the development process. Additionally, the tool incorporates features for user feedback and inquiries, supporting continuous improvement and adaptability. By integrating this scanner into their development workflow, developers can significantly enhance the security of their web applications, protecting against prevalent and potentially devastating security threats.

2025, ICOBI -

Evolution of cyber-attacks has imposed serious threats, challenging the confidentiality integrity and availability of critical IT services and infrastructure. Security being the main concern of any web application or website, require the most sophisticated and robust security features as they create a digital identity and a unique representation of the organization in cyberspace. This criticality results in making web applications one of the main focal points for cyber-attacks leading to excessive use of organizational financial and human resources to implement security controls. It was identified that Operational Criticality (OC), which is a measure of availability along with the Data Criticality (DC) that signify the data confidentiality and integrity are important factors for continuous functionality of a web application. The OC was defined based on 4 questions (section 3.1) that identify the standard measures used in evaluating the high availability factors of a system such as Mean Time to Detect (MTTD), Mean Time to Repair (MTTR) and Mean time between failure (MTBF) along with the business continuity measure Maximum Tolerable Downtime (MTD). Data was classified into 4 levels as public, sensitive, confidential, and critical based on NIST 800-53, GDPR, and ISO 27001: 2022. DC was identified based on 4 questions (section 3.2) while defining the security and access restrictions that needs to be implemented in align with the proposed classification. Relying on the OC and DC evaluation, 5 zones were defined as A, B, C, D, and E. By applying the concept on few of the commonly used web applications in the university environment, the results depicted the fact that, the proposed concept of zones are align with the security service levels used in the IT security evaluations. Overall, this research intends to discuss and provide an insight to the issues in selecting security frameworks for web applications in an ad hoc manner and proposes critical parameters and evaluation process in defining a suitable security framework.
Keywords – web application security, security frameworks

2025

Mobile phone presents significant technical innovation to the news industry as it can be a powerful reporting tool. Journalists that are aware of it can use their mobile phones for reporting, shooting videos and photos, recording audio clips, processing contents and disseminate it. However, it is not yet clear to what extent the mobile phone is affecting journalism practices in Rwanda, where media organizations have not yet enough equipment while the mobile phone can be a substitute. This survey study intends to assess the place of mobile phone in news production. The study dealt with journalists operating in Rwanda that are members of Rwanda Association of Journalists of which 235 respondents were randomly selected. The findings have revealed that participants to the study are aware and have a very positive perception of the role that the mobile phone may play to streamline journalists’ tasks. Nonetheless, the integration of the gadget in journalistic tasks is still low. Poor quali...

2025, WORLD JOURNAL OF INNOVATION AND MODERN TECHNOLOGY

The study was necessitated by the need to provide strategies for effective protection of electrical installations in tertiary institutions in Rivers State. Three research questions and hypotheses guided the study. The study adopted descriptive survey research design. The entire population of 109 security guards in tertiary institution in Rivers State was studied without sampling. A structured questionnaire validated by experts was used for data collection. Cronbach Alpha reliability method was used to establish the internal consistency of the items which yielded an overall coefficient of 0.79. Data collected were analyzed using mean and standard deviation to answer the research questions while ANOVA was used to test the hypotheses at .05 level of significance. Findings revealed that security guards agreed that solar powered security lights, camera and alarm system are effective strategies for the protection of electrical installations in tertiary institutions in Rivers State and year of experience did not significantly influence there opinion. It concluded that the adoption of these strategies will provide effective protection of electrical installations. The study recommended among others that, Management of tertiary institutions should be encourage to install solar powered security lights, cameras and alarm system in all critical electrical installations in their institutions.

2025, International Journal for Research in Applied Science & Engineering Technology (IJRASET)

Legacy systems, characterized by their heterogeneity and outdated coding practices, present significant security challenges in modern software infrastructure. Recent advances in Large Language Models (LLMs) and Retrieval Augmented Generation (RAG) offer promising solutions for vulnerability detection, as demonstrated by successful implementations of knowledge-level retrieval frameworks [1]. This research proposes LegacyGuard, a hybrid framework that integrates state-of-theart code-specific LLMs with traditional static analysis and RAG-enhanced knowledge retrieval to detect vulnerabilities in multilingual legacy codebases. The framework leverages LLM-based semantic analysis for deep code understanding, while incorporating external vulnerability intelligence through RAG to enhance detection accuracy. Through systematic evaluation using precision, recall, and F1-score metrics, this work aims to demonstrate improved vulnerability detection rates and provide actionable insights through chain-of-thought reasoning. The modular architecture ensures extensibility and adaptability for future security analysis applications, contributing to both theoretical foundations and practical implementations of AI-driven vulnerability detection in legacy systems.

2025, Cyber Security - Indonesia

Cross-Site Scripting (XSS) remains one of the most prevalent web application security vulnerabilities despite decades of research and awareness. This paper presents a comprehensive analysis of XSS vulnerabilities, examining their evolution from simple attack vectors to sophisticated exploitation techniques that bypass modern defenses. Through systematic investigation of 120 real-world XSS vulnerabilities discovered between 2020-2024, we identify emerging patterns in attack methodologies and defense evasion techniques. This research introduces a novel classification framework for XSS vulnerabilities based on both attack delivery mechanisms and defensive context, allowing for more precise threat modeling. Additionally, we propose an enhanced Content Security Policy (CSP) implementation framework that demonstrated a 97.8% reduction in successful XSS exploitation during controlled testing across diverse web applications. Our findings indicate that while the fundamental nature of XSS vulnerabilities has remained consistent, the exploitation techniques and attack surfaces have evolved significantly, necessitating adaptive defense strategies that combine code-level protections with robust runtime enforcement mechanisms. This paper contributes to the security literature by bridging the gap between theoretical XSS defense models and practical implementation challenges in modern web applications.

2025

KАCHURKА P.А., GOLOVKO V.A. Ensemble of neuronetwork detectors in systems of detection of attacksПредставлен подход к обнаружению сетевых атак с использованием рециркуляционных нейронных сетей в качестве детекторов аномалий и детекторов злоупотреблений. Обосновано совместное использование данных детекторов в рамках системы обнаружения атак. Приводятся экспериментальные результаты, подтверждающие перспективность подхода

2025, International Journal of Scientific Research in Engineering and Management (IJSREM)

In recent years, the landscape of web security threats has evolved rapidly, driven by advancements in technology and increasingly sophisticated attack vectors. This paper presents a comprehensive survey of prominent web security threats in 2024, examining both traditional vulnerabilities and emerging risks that have intensified in the digital environment. We explore a range of threats, including but not limited to application-layer attacks, networklayer intrusions, and data privacy concerns. The study draws upon a wealth of sources, including industry reports, academic research, and standards from leading organizations. Our findings underscore the critical need for web application developers, security professionals, and organizations to adopt proactive defense mechanisms and stay informed on current threats to effectively protect web-based assets. This survey aims to serve as a reference for security practitioners and researchers, highlighting essential vulnerabilities and encouraging further exploration of effective countermeasures.

2025

This paper describes the use of optical Fiber Bragg grating (FBG) sensors for use in various intrusion detection systems for homeland security. We show that a FBG sensor can be used effectively as an embedded in-ground acoustic sensor, sensitive enough to detect the acoustic emissions associated with walking on a concrete surface. Also, the FBG can be used as an in-ground pressure switch for intrusion detection through temporary flooring materials, such as tiles and wooden laminate. In addition, we verify the use of FBGs as in-fence perimeter breach detectors. Finally, we show how an FBG can be used as a reed switch for use in intrusion detection systems for doors and windows. The combination of the different intrusion detection techniques illustrate the versatility of FBGs in security applications , showing this single technology can be used to form a complete intrusion detection system for homeland security. Furthermore the paper details the progress made towards a realtime in-ground sensor network for advanced security applications.

2025, Bina Darma Conference on Computer Science (BDCCS)

Bina Darma University has a website where visitors can access various information, but specifically to enter the academic information system, students need to log in first. The log in page is implemented so that the page visitors who obtain the information are truly legitimate and authenticated people. The purpose of this study is to determine the speed performance of the Brute Force Algorithm to find out how well the security of the Bina Darma university's academic information system website from brute force attacks so that researchers are able to understand how the brute force attack works so that the best way to be safe from the attack can be obtained. This research uses C # programming language and Microsot Visual Studio as a text editor. The process of sending 500 -4000 data produces an average time of 0.17 seconds while for the manual process requires 16 seconds.

2025, International Research Journal of Engineering and Technology (IRJET)

In the current stage of the internet, browser extensions are everywhere, offering better functionality and user experience. However, this convenience often comes at the cost of the user's security and privacy. In the following research, we are tackling the world of browser extensions to audit their privacy criteria. It turns out, that many of these handy tools are not just adding functionality; they're also introducing significant security risks. Through a methodical and detailed approach that includes policy review, source code analysis, and comprehensive documentation, we tried to uncover the hidden threats posed by these extensions along with the claims by these extensions. Our methodology comprises installing extensions in isolated environments, utilizing tools like ExtAnalysis[1], Chrome DevTools[2], Sonarqube[12], and Bearer[10] for in-depth analysis, and testing for privacy policy offered by the extension and auditing it. This research not only seeks to answer critical questions regarding privacy violations but also the potential for privilege escalation. With the ultimate goal of enhancing digital safety, this paper highlights the imperative for improved security oversight in the development and deployment of browser extensions.

2025

In the present era, the Internet is expanding at an unimaginable rate where Software security and Privacy have become necessary for protecting the Intellectual Property from Various Attacks and Reverse Engineering. Data Cryptography is the most commonly used security mechanism but has its pitfalls like key storage and computation costs. unauthorized access and prevent unwanted exposure of proprietary code. HoneyPot techniques can detect and monitor unauthorized access at the application level. The application itself can act as a honeypot by incorporating decoy instructions that trigger security measures if deviated from. This approach allows SaaS applications to function without encryption or performance impact while remaining secure and lightweight. The honeypot mechanism enables code deployment on remote systems without risking data leakage, providing an effective and impactful security solution for SaaS applications.

2025

2025, American Scholarly Publishing Group Inc

The convergence of Business Process Automation (BPA) and DevOps represents a transformative shift in enterprise operations, aiming to bridge the gap between process efficiency and continuous software delivery. This systematic literature review investigates the role of BPA-DevOps integration in enhancing agile technical support systems, operational agility, and organizational scalability. Employing the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) 2020 guidelines, a total of 147 peer-reviewed scholarly articles published between 2014 and 2024 were meticulously selected from six prominent academic databases. The selected studies span a range of domains, including IT services, SaaS, healthcare, finance, and public sector applications, offering a comprehensive cross-sectoral perspective. The review identifies that the synergistic adoption of BPA and DevOps contributes to streamlined deployment pipelines, automated incident resolution, enhanced customer support responsiveness, and measurable performance improvements such as reduced change failure rates and faster lead times. Notably, mature automation environments were found to yield greater consistency, resilience, and scalability across organizational functions. However, the review also surfaces critical research gaps-particularly the lack of unified implementation frameworks, inconsistent performance measurement indicators, limited empirical assessments of long-term automation impacts, and insufficient evaluation of ethical and socio-cultural considerations. Furthermore, the study emphasizes the pivotal role of organizational culture, leadership engagement, role redefinition, and continuous skills development in ensuring successful BPA-DevOps adoption. Through thematic synthesis, the review advances the academic discourse by integrating technical, operational, and managerial dimensions, while also advocating for future research that prioritizes inclusivity, longitudinal evaluation, and domain-specific adaptability. The insights generated from this review serve as a foundational reference for both scholars and practitioners seeking to design, implement, and assess sustainable, scalable, and value-aligned automation strategies within DevOps ecosystems..

2025

La seguridad es tan fuerte como su eslabón más débil. En ciberseguridad, ese eslabón a menudo no es la tecnología, sino la persona que la usa." 2 En los albores de la ciberseguridad, las defensas se centraban principalmente en la protección perimetral y la detección de software malicioso a nivel técnico. Sin embargo, a medida que las medidas de seguridad se fortalecieron, los atacantes comenzaron a identificar y explotar las vulnerabilidades humanas como un punto de entrada más sencillo y efectivo Las primeras formas de ingeniería social, como el phishing rudimentario a través de correos electrónicos engañosos, demostraron la eficacia de manipular la confianza y la falta de conciencia de los usuarios para obtener acceso a información sensible o sistemas protegidos. Con el advenimiento de internet y la proliferación de dispositivos conectados, la superficie de ataque se expandió exponencialmente, y con ella, las oportunidades para los ciberdelincuentes de explotar el factor humano.

2025

This guide builds on the OWASP Agentic AI – Threats and Mitigations publication, our master agentic threat taxonomy, by applying its threat taxonomy to real-world multi-agent systems (MAS). These systems, characterized by multiple autonomous agents coordinating to achieve shared or distributed goals, introduce additional complexity and new attack surfaces. Our objective is to demonstrate the application of the MAESTRO (Multi-Agent Environment, Security, Threat, Risk, and Outcome) framework, layered and architectural methodology, as a companion to the OWASP Agentic Security Initiative (ASI) threat taxonomy. This methodology is employed to conduct structured threat modeling in greater detail. The focus is on agentic threats previously defined by OWASP, including Tool Misuse, Intent Manipulation, and Privilege Compromise, and how they manifest within intricate MAS deployments.

2025, International Journal of Computer Science and Information Security (IJCSIS), Vol. 23, No. 2, March-April

Abstract—SQL injection attacks remain a critical cybersecurity
threat, with recent incidents causing over $2M in losses per
breach. We present a machine learning-based detection system
using XGBoost that achieves 99.58% accuracy on a dataset
of 30,926 queries (63% benign, 37% malicious). The model
demonstrates exceptional performance with a precision of 99.8%
on malicious queries (Class 1) and 99.6% on benign queries (Class
0), while maintaining real-time detection latency below 50ms. A
hybrid architecture integrates honeypot-based threat intelligence
to block malicious IPs and adapt to new attack patterns. The
comparative analysis shows 1. 21% higher accuracy than the
SVM baselines and 58% fewer false positives than previous
work. This solution meets enterprise-scale requirements for web
application security.
Keywords—Cybersecurity, honeypot deception, machine learning,
real-time detection, SQL injection, threat intelligence, web
application security, XGBoost.

2025, Lecture Notes in Computer Science

Injection attacks (e.g. XSS or SQL) are ranked at the first place in world-wide lists (e.g. MITRE and OWASP). These types of attacks can be easily obfuscated. Therefore it is difficult or even impossible to provide a reliable signature for firewalls that will detect such attacks. In this paper, we have proposed an innovative method for modelling the normal behaviour of web applications. The model is based on information obtained from HTTP requests generated by a client to a web server. We have evaluated our method on CSIC 2010 HTTP Dataset achieving satisfactory results.

2025, Applied aspects of information technologies

According to the latest "OWASP Top Ten" list, "Insecure Design" vulnerability is one of the key factors affecting the level of data protection and functional reliability. Heightening attention to this issue is pertinent as this vulnerability is appeared to be the first time in OWASP list and just briefly described there. This study aims to identify and analyze the architectural vulnerabilities of web applications arising from "Insecure Design". The goal is not only to identify specific vulnerabilities in the web applications design and implementation process but also to develop a detailed list of recommendations, that will help not only avoid similar problems in the future but to create a good background for safe web applications development from the start point. In order to construct a systematic approach to security at all stages of development, recommendations from the Software Development Life Cycle standard are considered here. Special attention is given to integrating security principles at all stages of the development lifecycle. The analysis is based on examining existing architectural solutions, studying vulnerabilities, and developing methods for their mitigation. The developed set of recommendations to enhance the security of web applications includes measures for architectural design, verification and validation processes, and early detection of potential vulnerabilities. Significant attention is paid to developing secure code, implementing security policies, and organizing training for developers. The research emphasizes the importance of integrating security into the web application development process from the beginning. The scientific novelty lies in the systematization and development of approaches to detect and mitigate architectural vulnerabilities caused by "Insecure Design". The practical significance of the paper is expressed in enhancing the security level of web applications, reducing risks for businesses and users, and fostering a culture of security among developers.

2025, International Journal of Innovative Research in Computer and Communication Engineering

Text Segmentation from a degraded document images is a very difficult task as the document image might contain lot of variations between the foreground and the background part.Binarization is been into intense research during the last few years. Most of the developed algorithms depend on statistical methods and do not consider the nature of document images. However, recent developments call for more specialized binarization techniques. Adaptive image contrast is used as a binarization technique in this paper . The adaptive image contrast is a combination of the local image contrast and the local image gradient. It is also tolerant towards variations caused due to degradations.The proposed technique constructs an adaptive contrast for an input degraded document image. The contrast map is then binarized and combined with Canny's edge map to identify the text stroke edge pixels. A local threshold is estimated based on the intensities of detected text stroke edge pixels within a local window and this threshold is used for segmentation purpose.. The proposed method is simple, robust, and involves minimum parameters.

2025

Phishing scams are considered as a threat issue to all web users. But still the web users are not consciously aware of this fact. Many research works have been done to increase the phishing awareness among the users but it is not up to the mark till to date. We have conducted a survey among a diversified group of people who are active user of internet. And then analyzed the existing phishing warnings provided by the web browsers and protection schemes, in this paper we have suggested new approaches i.e. sending notifications to user, checking URL, creating user alarms and security knowledge to ensure fairness in web usage.

2025, Lecture notes in networks and systems

The establishment of the Internet of Things (IoT) is gathering pace. The "things" will be counted in their billions, however interoperability problems may compromise the interconnectivity aspect. Isolated "things" are common and often make use of proprietary communication and security protocols that have not been subject to public scrutiny. By contrast the World Wide Web has well established technology and protocols and so there is interest in the so-called Web of Things (WoT) that would allow the "things" to communicate using standard web protocols. However, with so many readily accessible nodes we considered that the WoT should be underpinned by attack/tamper-resistant security modules that are compatible with the WoT protocols. This paper considers the use of the Smart Card Web Server (SCWS) capability to practically secure the WoT. Finally, the use of a SCWS is extended to provide a means of secure, local Single Sign-On (SSO).

2025, International Journal of Scientific Research in Engineering and Management

In today's digital era, securing applications has become paramount due to the increasing sophistication of cyber threats and the proliferation of data breaches. This paper explores how integrating OAuth2 Single Sign-On (SSO) with precision Role-Based Access Control (RBAC) can significantly enhance application security. By unifying authentication and authorization mechanisms, organizations can streamline user access while mitigating risks associated with over-privileged accounts and credential fatigue. We delve into the OAuth2 protocol architecture, dissect the core components of RBAC, and present strategies for their effective integration. Through real-world case studies and comparative analyses, we highlight the benefits, challenges, and future trends of this integration. Our findings underscore the necessity for robust security frameworks that adapt to evolving threats, emphasizing the role of OAuth2 SSO and RBAC in fortifying application security.

2025

In web applications, databases are generally used as data repositories, where a server-side program interacts with a Database Management System (DBMS), retrieves content, and dynamically generates web pages. This is known as a three-layer architecture, that is widely exposed to database threats. The attacks are usually performed through the injection of SQL code in the forms of the web applications, exploiting the dynamic construction of SQL statements. So, the database security relies on the quality of the code and the controls done by the web developer in the application level. In this paper, we present a solution for the improvement of security of databases accessed by web applications. The security is based on a user modelling approach that completely relies on the authorization mechanism of DBMSs.

2025

Decentralized online social networks have evolved from experimental stages to operating at unprecedented scale, with broader adoption and more active use than ever before. Platforms like Mastodon, Bluesky, Hive, and Nostr have seen notable growth, particularly following the wave of user migration after Twitter's acquisition in October 2022. As new platforms build upon earlier decentralization architectures and explore novel configurations, it becomes increasingly important to understand how these foundations shape both the direction and limitations of decentralization. Prior literature primarily focuses on specific architectures, resulting in fragmented views that overlook how different social networks encounter similar challenges and complement one another. This paper fills that gap by presenting a comprehensive view of the current decentralized online social network landscape. We examine four major architectures: federated, peer-to-peer, blockchain, and hybrid, tracing their evolution and evaluating how they support core social networking functions. By linking these architectural aspects to real-world cases, our work provides a foundation for understanding the societal implications of decentralized social platforms.

2025

In an era where healthcare systems increasingly rely on digital infrastructure, ensuring the integrity, availability, and confidentiality of patient data is of paramount importance. Healthcare ranks among the most targeted industries for cyberattacks due to the sensitivity of medical records and the complexity of system integrations. Despite major investments in compliance and risk management, significant vulnerabilities continue to emerge from fragmented testing practices and misaligned priorities between software quality assurance (SQA) and cybersecurity. This research proposes and validates a novel framework-Hybrid Integrated Testing Framework (HITF)-that unifies penetration testing and software QA into a continuous, automated pipeline tailored for healthcare IT environments. Leveraging widely adopted industry tools such as Jenkins, Selenium, OWASP ZAP, and Python for HIPAA-compliance checks, the framework enforces a "security-first" culture at every phase of the software lifecycle. Empirical evaluation through a real-world Medicaid eligibility simulation demonstrates marked improvements in defect detection (+50%), security vulnerability coverage (+450%), and audit readiness.

2025, IAEME

Quantum computing significantly threatens traditional cryptographic methods used in securing web and mobile applications. Classical encryption algorithms, such as RSA and ECC, rely on mathematical problems that are infeasible for conventional computers to solve within a reasonable time frame. However, quantum algorithms like Shor's can efficiently break RSA and ECC [1], rendering them obsolete, while Grover's algorithm weakens symmetric encryption by reducing its brute-force security level. The potential impact of quantum computing extends to critical security areas, including secure web communications, mobile authentication, and blockchain-based applications [2], [3]. This paper explores the vulnerabilities of current cryptographic standards under quantum computing, presents various attack scenarios affecting HTTPS, digital signatures, and cryptocurrency transactions, and discusses viable mitigation strategies. Key defensive approaches include post-quantum cryptography (PQC), quantum key distribution (QKD), hybrid cryptographic models, and increased key sizes for symmetric encryption. The urgency of transitioning to quantum-resistant security measures is emphasized, given that quantum computers are steadily progressing toward
practical implementation.
Additionally, the paper examines the challenges associated with adopting PQC, including performance overheads, usability trade-offs, and the need for widespread standardization efforts led by NIST and other regulatory bodies. As quantum computing advances, organizations must take proactive measures to future-proof their security frameworks by integrating quantum-resistant solutions before quantum attacks become a tangible threat. This research highlights the importance of early adoption and strategic implementation of PQC to ensure long-term digital safety and cybersecurity resilience.

2025, Innovative Technologies for Dependable OTS-Based Critical Systems

This chapter presents a methodology to evaluate and benchmark web application vulnerability scanners using software fault injection techniques. The most common software faults are injected in the web application source code, which is then checked by the scanners. Using this procedure, we evaluated three leading commercial scanners, which are often regarded as an easy way to test the security of web applications, including critical vulnerabilities such as XSS and SQL Injection. Our idea consists of providing the scanners with the input they are supposed to handle, which is a web application with software faults and possible vulnerabilities originated by such faults. The results of the scanners are compared evaluating the efficiency in identifying the potential vulnerabilities created by the injected fault, their coverage of vulnerability detection and false positives. However, the results show that the coverage of these tools is low and the percentage of false positives is very high.

2025, International Journal of Modeling and Optimization

Web applications have mushroomed a great deal from static web pages to interactive web services. It has thus become important to engineer these applications methodologically. Goal integration from the early stages maximizes the product quality and prevents giving "requirements" amiss. We propose a Goal based Requirement Analysis for creating the web application. Both functional and non-functional requirements have been studied specific to the web applications. The requirements can be analysed according to the type of application being constructed. The web classification model aids in the understanding of web applications.

2025, International Journal of Modeling and Optimization

2025, ISJEM

The rise of cyber threats has underscored the need for advanced tools that can predict, detect, and respond to security incidents with minimal human intervention. Artificial Intelligence (AI) is now at the forefront of such tools, transforming intrusion detection and threat intelligence systems with its ability to analyze vast amounts of data, learn from patterns, and adapt to emerging threats. This article explores how AI is reshaping intrusion detection systems (IDS) and threat intelligence platforms, examining the methods, advantages, and challenges associated with AI-driven security systems. Through AI, enterprises can strengthen their cyber defenses by enabling proactive, real-time responses to increasingly sophisticated cyber threats.

2025

Ce papier décrit WikiNEXT, un moteur de wiki créé pour la rédaction des applications web qui exploitent le web de données directement dans le navigateur web. WikiNEXT est un wiki à la croisée des wikis et des outils de développement en ligne (« web based IDEs 1 »), ce qui fait son originalité. WikiNEXT propose aujourd'hui des fonctionnalités et une interface plutôt orientée vers les développeurs web voulant manipuler des données sémantiques à l'aide des technologies « front end » (JavaScript/HTML5), et offre des moyens pour bénéficier de services proposés par le wiki pour la persistance côté serveur, en fournissant notamment une base de données de graphe compatible RDF/SPARQL 1.1, et une base de données objet.

2025, INTERNATIONAL RESEARCH JOURNAL OF ENGINEERING & APPLIED SCIENCES

As AI technologies quickly develop and infiltrate different industries, guaranteeing their safety and security has become crucial. This article offers an in-depth analysis of the structures, methods, and optimal techniques required for creating safe and secure AI systems. The conversation covers various fields, such as computer architecture, data management, and cloud computing. We examine the difficulties and weaknesses present in conventional architectures and determine how contemporary AI systems can mitigate these shortcomings. In particular, the document emphasizes the need for implementing secure coding methods, strong data governance, and ongoing oversight of AI systems to reduce risks linked to adversarial attacks and data leaks. Additionally, we address the importance of cloud computing in delivering scalable resources for AI advancement while stressing the necessity for secure cloud infrastructures. This paper presents a comprehensive method for developing AI systems that can withstand threats by combining secure software engineering principles with machine learning. Utilizing case studies and empirical evidence, we demonstrate the efficacy of different security measures and architectural designs in practical applications. In conclusion, this project seeks to offer a guide for researchers and professionals in the AI sector, directing them to develop systems that not only operate efficiently but also maintain the utmost levels of safety and security. As artificial intelligence influences our future, it is crucial to emphasize the creation of technologies that foster trust and protect user interests.

2025, Iternational journal of advanced research

SQL injection (SQLi) attacks remain one of the most prevalent and critical security threats to web applications, often leading to data breaches, unauthorized access, and system compromise. This study explores the effectiveness of various machine learning (ML) algorithms in detecting and preventing SQL injection attacks, including Support Vector Machines (SVM), Decision Trees, Random Forest, Neural Networks, and Ensemble Learning models. Through an extensive analysis of different publicly available datasets and comparison of model performance, it is observed that advanced ML algorithms, such as Neural Networks and Ensemble Learning models, outperform traditional models like SVM and Decision Trees in detecting sophisticated SQL injection techniques, particularly blind SQL injection and time-based SQL injection. The study also highlights the importance of dataset characteristics, including the size, class balance, and diversity of SQL injection types, in training accurate models. Larger, balanced datasets with diverse attack types lead to better generalization and robustness in model performance. The findings from the Analysis of Variance (ANOVA) tests further reinforce the importance of appropriate dataset selection and demonstrate significant variation in the performance of models across different types of attacks. Furthermore, the study identifies challenges such as class imbalance, overfitting, and the adaptability of models to evolving SQL injection tactics. These issues must be addressed through techniques like data augmentation, feature engineering, and hybrid models. The research concludes that while machine learning-based SQL injection detection and prevention offers promising results, continuous adaptation to emerging attack patterns and improvements in real-time detection capabilities remain key for enhancing web application security.

2025

En el último semestre de 2024 se observaron cambios en el panorama de los infostealers, estos malware "silenciosos" diseñados para robar información confidencial mostraron un aumento de la actividad en el segundo semestre y se posicionan para este 2025 como amenazas centrales para la seguridad de las organizaciones, sobre todo aquellas que no implementan la autenticación de dos factores 2 .

2025, Computer Science & Information Technology (CS & IT)

This paper presents new and evolved methods to perform Blind SQL Injection attacks. These are much faster than the current publicly available tools and techniques due to optimization and redesign ideas that hack databases in more efficient methods, using cleverer injection payloads; this is the result of years of private research. Implementing these methods within carefully crafted code has resulted in the development of the fastest tools in the world to extract information from a database through Blind SQL Injection vulnerabilities. These tools are around 1600% faster than the currently most popular tools. The nature of such attack vectors will be explained in this paper, including all of their intrinsic details.

2025, IJSR

The healthcare industry faces critical challenges in Identity and Access Management (IAM), requiring robust security while ensuring regulatory compliance. Traditional IAM approaches often fail to meet evolving threats, necessitating AI-driven solutions for enhanced security and efficiency. This study explores the role of Artificial Intelligence (AI) in IAM, highlighting AI-driven authentication, fraud prevention, and risk-based access control. Using machine learning and behavioral analytics, AI automates identity verification, enhances compliance with HIPAA and GDPR, and mitigates unauthorized access risks. Through real-world case studies, this paper demonstrates how AI-based IAM strengthens security, reduces administrative overhead, and ensures seamless access control in healthcare.

2025

The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutually distrustful setting, the combination of code and data from different providers demands new security approaches. This thesis explores information-flow control technologies to provide security for the current Web. With focus on practicality grounded in solid theoretical foundations, we aim to fulfill the demands with respect to security, permissiveness, and flexibility. We offer solutions for securing both the server and the client. On the server side, we suggest a taint analysis to track the information provided by the user. If the information reaches a sensitive operation without sanitization, we raise an alarm, mitigating potential exploitations. On the client side, we develop JSFlow, a JavaScript interpreter for tracking information flow in the browser. It covers the full ECMA-262 standard and browser APIs. The interpreter soundly guarantees non-interference, a policy to avoid inf...