Next Article in Journal
Secure Remote Storage of Logs with Search Capabilities
Next Article in Special Issue
An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors
Previous Article in Journal
Developing a Cybersecurity Framework for e-Government Project in the Kingdom of Saudi Arabia
Previous Article in Special Issue
Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JCP
Volume 1
Issue 2
10.3390/jcp1020018
Review Report
jcp-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Ontology for Cross-Site-Scripting (XSS) Attack in Cybersecurity

J. Cybersecur. Priv. 2021, 1(2), 319-339; https://doi.org/10.3390/jcp1020018
by Jean Rosemond Dora * and Karol Nemoga
Reviewer 1: Anonymous
Reviewer 2: Anonymous
J. Cybersecur. Priv. 2021, 1(2), 319-339; https://doi.org/10.3390/jcp1020018
Submission received: 4 April 2021 / Revised: 3 May 2021 / Accepted: 18 May 2021 / Published: 25 May 2021
(This article belongs to the Collection Intelligent Security and Privacy Approaches against Cyber Threats)

Round 1

Reviewer 1 Report

The area of cybersecurity and the XSS vulnerability is a very popular and important area of research and it is represented by a very rich literature positions and researches thus authors don’t refer to the valid and latest research articles (the latest reference is dated 2019), the authors have provided almost 9 pages that describes XSS attacks. This part of the articles is summarized by the authors

"In the previous chapters we have seen few simple examples of how the vulnerabilities can be detected by an attacker, and how he can exploit them by inserting some payloads to jeopardize a system"

The question is why authors  focus  on  such  a simple   aspects  while  the research   is  focused on  the  cybersecurity ontology that is  seen as more innovative.

The most important part of article related to ontology is described on only 4 pages out of 18. So it seems  that authors  hasn’t put   relevant  importance  to the research itself and  also the  model  definition  doesn’t  provide  relevant  feedback how  to use that apart from : "this model is a 2-way descriptive in such a way that, it tells the administrator what will be next if the negative steps are taken and in creating a website or onto an existing website, and in managing the back-end side (server). At the same time, if proper implementation is considered, then the system is at low risk." The  statement  given mitigates  the importance  of the research "In summary, we have seen the importance of ontology to be implemented within the cybersecurity area." So the  question  is  what  in  reality authors  wanted  to say ?

In Conclusion there is: “The research showed that more than 7/9 attacks are being deployed at the application layer and more than 8/9 applications are vulnerable to the attacks”

Correctly it should be “According to authors ontology “more than 7/9 attacks are being deployed….”

The article is inconsistent with the publication policy in respectable publishing houses, e.g.

  • pictures 3 and 4 are not in the indicated source (11. Shashank, G.; Gupta. B. B. Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Springer, ……)
  • articles section titles without capital letter. e.g. 2. different types of XSS and procedures to detect"

It’s strongly recommended to clearly  define  the scope  of  stated  research on  the XSS  ontology  and its   goals ( thesis) and  the  output  of  such research, to make  the   article  more  clear and   user  friendly  for the   readers. It  is  also   essential to track the proper  citation sources  within the   article  including  the latest  publications

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Reviewer 2 Report

1) Abstract has to be concise. It is too long.

2) Identify the limitations of the existing works that motivated current research.

3) List out the main contributions of the current work.

4) Some of the recent and relevant works such as the following can be discussed in the paper: A systematic review on clone node detection in static wireless sensor networks, An adaptive multi-layer botnet detection technique using machine learning classifiers, Image-Based malware classification using ensemble of CNN architectures (IMCEC).

5) Discuss about the future scope of the current work.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

There is no proper linkage/reference between given literature positions  and citations  within the    article  body. Currently literature  reference  is indicated  as [?] to be  corrected

Back to TopTop