{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T01:11:52Z","timestamp":1754183512362,"version":"3.41.2"},"reference-count":51,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"8","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. &amp; Syst."],"published-print":{"date-parts":[[2025,8,1]]},"DOI":"10.1587\/transinf.2024dak0002","type":"journal-article","created":{"date-parts":[[2025,2,5]],"date-time":"2025-02-05T17:12:31Z","timestamp":1738775551000},"page":"933-946","source":"Crossref","is-referenced-by-count":0,"title":["A+Block: Web Security Add-on Service by Just Pointing to Your Website URL"],"prefix":"10.1587","volume":"E108.D","author":[{"given":"Shota","family":"FUJII","sequence":"first","affiliation":[{"name":"Kobe University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shohei","family":"KAKEI","sequence":"additional","affiliation":[{"name":"Nagoya Institute of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Masanori","family":"HIROTOMO","sequence":"additional","affiliation":[{"name":"Saga University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Makoto","family":"TAKITA","sequence":"additional","affiliation":[{"name":"Kobe University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yoshiaki","family":"SHIRAISHI","sequence":"additional","affiliation":[{"name":"Kobe University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Masami","family":"MOHRI","sequence":"additional","affiliation":[{"name":"Kindai University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hiroki","family":"KUZUNO","sequence":"additional","affiliation":[{"name":"Kobe University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Masakatu","family":"MORII","sequence":"additional","affiliation":[{"name":"Kobe University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"532","reference":[{"key":"1","unstructured":"[1] S. Balkhi, \u201c2024\u2019s CMS Market Share Report - Latest Trends and Usage Stats,\u201d WPBeginner, https:\/\/www.wpbeginner.com\/research\/cms-market-share-report-latest-trends-and-usage-stats\/, accessedMay 21. 2024."},{"key":"2","unstructured":"[2] Global Cybersecurity Association, \u201cAlarming lack of awareness in the cybersecurity domain,\u201d https:\/\/globalcybersecurityassociation.com\/blog\/alarming-lack-of-awareness-in-the-cybersecurity-domain\/, accessed May 21. 2024."},{"key":"3","unstructured":"[3] K. Stine, \u201cCybersecurity: Challenges and Opportunities for Small Businesses, Field Hearing,\u201d NIST, https:\/\/www.nist.gov\/speech-testimony\/cybersecurity-challenges-and-opportunities-small-businesses-field-hearing, accessed May 21. 2024."},{"key":"4","doi-asserted-by":"crossref","unstructured":"[4] M. Walaza, M. Loock, and E. Kritzinger, \u201cA Framework to Enhance ICT Security Through Education, Training &amp; Awareness (ETA) Programmes in South African Small, Medium and Micro-sized Enterprises (SMMEs): A Scoping Review,\u201d Computer Science On-line Conference, pp.45-58, 2020. 10.1007\/978-3-030-51974-2_5","DOI":"10.1007\/978-3-030-51974-2_5"},{"key":"5","unstructured":"[5] OWASP Top 10 team, \u201cOWASP Top 10:2021,\u201d OWASP, https:\/\/owasp.org\/Top10\/, accessed May 8. 2024."},{"key":"6","doi-asserted-by":"crossref","unstructured":"[6] O.B. Al-Khurafi and M.A. Al-Ahmad, \u201cSurvey of Web Application Vulnerability Attacks,\u201d 2015 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT), Kuala Lumpur, Malaysia, pp.154-158, 2015. DOI: 10.1109\/ACSAT.2015.46 10.1109\/acsat.2015.46","DOI":"10.1109\/ACSAT.2015.46"},{"key":"7","doi-asserted-by":"crossref","unstructured":"[7] W. Al-Kahla, A.S. Shatnawi, and E. Taqieddin, \u201cA Taxonomy of Web Security Vulnerabilities,\u201d 2021 12th International Conference on Information and Communication Systems (ICICS), Valencia, Spain, pp.424-429, 2021. DOI: 10.1109\/ICICS52457.2021.9464576 10.1109\/icics52457.2021.9464576","DOI":"10.1109\/ICICS52457.2021.9464576"},{"key":"8","doi-asserted-by":"crossref","unstructured":"[8] N.D. Bobade, V.A. Sinha, and S.S. Sherekar, \u201cA diligent survey of SQL injection attacks, detection and evaluation of mitigation techniques,\u201d 2024 IEEE International Students\u2019 Conference on Electrical, Electronics and Computer Science (SCEECS), Bhopal, India, pp.1-5, 2024. DOI: 10.1109\/SCEECS61402.2024.10481914 10.1109\/sceecs61402.2024.10481914","DOI":"10.1109\/SCEECS61402.2024.10481914"},{"key":"9","doi-asserted-by":"crossref","unstructured":"[9] I.F. Khazal and M.A. Hussain, \u201cServer Side Method to Detect and Prevent Stored XSS Attack,\u201d Iraqi Journal for Electrical and Electronic Engineering, vol.17, no.2, pp.58-65, 2021. 10.37917\/ijeee.17.2.8","DOI":"10.37917\/ijeee.17.2.8"},{"key":"10","unstructured":"[10] A. Singh and S. Sathappan, \u201cA survey on xss web-attack and defense mechanisms,\u201d International Journal of Advanced Research in Computer Science and Software Engineering, vol.4, no.3, pp.1160-1164, 2014. 10.1145\/3383972.3384027"},{"key":"11","doi-asserted-by":"crossref","unstructured":"[11] A. Shrivastava, S. Choudhary, and A. Kumar, \u201cXSS vulnerability assessment and prevention in web application,\u201d 2016 2nd International Conference on Next Generation Computing Technologies (NGCT), Dehradun, India, pp.850-853, 2016. DOI: 10.1109\/NGCT.2016.7877529 10.1109\/ngct.2016.7877529","DOI":"10.1109\/NGCT.2016.7877529"},{"key":"12","doi-asserted-by":"publisher","unstructured":"[12] A. Armando, R. Carbone, L. Compagna, J. Cu\u00e9llar, G. Pellegrino, and A. Sorniotti, \u201cAn authentication flaw in browser-based Single Sign-On protocols: Impact and remediations,\u201d Computers &amp; Security, vol.33, pp.41-58. 2013. DOI: 10.1016\/j.cose.2012.08.007 10.1016\/j.cose.2012.08.007","DOI":"10.1016\/j.cose.2012.08.007"},{"key":"13","doi-asserted-by":"crossref","unstructured":"[13] R.A. Muzaki, O.C. Briliyant, M.A. Hasditama, and H. Ritchi, \u201cImproving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall,\u201d 2020 International Workshop on Big Data and Information Security (IWBIS), Depok, Indonesia, pp.85-90, 2020. DOI: 10.1109\/IWBIS50925.2020.9255601 10.1109\/iwbis50925.2020.9255601","DOI":"10.1109\/IWBIS50925.2020.9255601"},{"key":"14","doi-asserted-by":"crossref","unstructured":"[14] K. Anna, K. Olena, K. Mykhailo, K. Svitlana, S. Olena, and Z. Rostyslav, \u201cMethods of Security Authentication and Authorization into Informationals Systems,\u201d 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT), Kyiv, Ukraine, pp.270-274, 2020. DOI: 10.1109\/ATIT50783.2020.9349333 10.1109\/atit50783.2020.9349333","DOI":"10.1109\/ATIT50783.2020.9349333"},{"key":"15","doi-asserted-by":"publisher","unstructured":"[15] M. Fareed and A.A. Yassin, \u201cPrivacy-preserving multi-factor authentication and role-based access control scheme for the E-healthcare system,\u201d Bulletin of Electrical Engineering and Informatics, vol.11, no.4, pp.2131-2141, 2022. DOI: 10.11591\/eei.v11i4.3658 10.11591\/eei.v11i4.3658","DOI":"10.11591\/eei.v11i4.3658"},{"key":"16","doi-asserted-by":"crossref","unstructured":"[16] K. Li, A. Ren, Y. Ding, Y. Shi, and X. Wang, \u201cResearch on Decentralized Identity and Access Management Model Based on the OIDC Protocol,\u201d 2020 International Conference on E-Commerce and Internet Technology (ECIT), Zhangjiajie, China, pp.252-255, 2020. DOI: 10.1109\/ECIT50008.2020.00065 10.1109\/ecit50008.2020.00065","DOI":"10.1109\/ECIT50008.2020.00065"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] V. Clincy and H. Shahriar, \u201cWeb Application Firewall: Network Security Models and Configuration,\u201d 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan, pp.835-836, 2018. DOI: 10.1109\/COMPSAC.2018.00144 10.1109\/compsac.2018.00144","DOI":"10.1109\/COMPSAC.2018.00144"},{"key":"18","doi-asserted-by":"publisher","unstructured":"[18] J. Harefa, G. Prajena, Alexander, A. Muhamad, E.V.S. Dewa, and S. Yuliandry, \u201cSEA WAF: The Prevention of SQL Injection Attacks on Web Applications,\u201d Advances in Science, Technology, and Engineering Systems Journal, vol.6, no.2, pp.405-411, 2021. 10.25046\/aj060247","DOI":"10.25046\/aj060247"},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] D. Kumar, Z. Ma, Z. Durumeric, A. Mirian, J. Mason, J.A. Halderman, and M. Bailey, \u201cSecurity Challenges in an Increasingly Tangled Web,\u201d World Wide Web Conference (WWW), pp.677-684, 2017. DOI: 10.1145\/3038912.305268 10.1145\/3038912.3052686","DOI":"10.1145\/3038912.3052686"},{"key":"20","unstructured":"[20] B. Stock, M. Johns, M. Steffens, and M. Backes, \u201cHow the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security,\u201d USENIX Security Symposium, 2017."},{"key":"21","doi-asserted-by":"publisher","unstructured":"[21] Y. Takata, H. Kumagai, and M. Kamizono, \u201cThe Uncontrolled Web: Measuring Security Governance on the Web,\u201d IEICE Trans. Fundamentals, vol.E104-D, no.11, pp.1828-1838, 2021. DOI: 10.1587\/transinf.2021NGP0003 10.1587\/transinf.2021ngp0003","DOI":"10.1587\/transinf.2021NGP0003"},{"key":"22","unstructured":"[22] WordPress, \u201cWordPress Documentation,\u201d https:\/\/wordpress.org\/documentation\/, accessed Feb. 5. 2024."},{"key":"23","unstructured":"[23] WordPress, \u201cWordPress Plugin Directory,\u201d https:\/\/ja.wordpress.org\/plugins\/browse\/popular\/, accessed Jan. 26. 2024."},{"key":"24","unstructured":"[24] Nginx, \u201cModule ngx_http_sub_module,\u201d https:\/\/nginx.org\/en\/docs\/http\/ngx_http_sub_module.html, accessed May 15. 2024."},{"key":"25","unstructured":"[25] Apache, \u201cApache HTTP server benchmarking tool,\u201d https:\/\/httpd.apache.org\/docs\/2.4\/programs\/ab.html, accessed May 15. 2024."},{"key":"26","unstructured":"[26] Amazon Web Services, \u201cWhat is Amazon EC2?,\u201d https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/concepts.html, accessedOct. 17. 2024."},{"key":"27","unstructured":"[27] Amazon Web Services, \u201cWhat is an Application Load Balancer?,\u201d https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/application\/introduction.html, accessed Oct. 17. 2024."},{"key":"28","unstructured":"[28] Amazon Web Services, \u201cSetting up AWS WAF and its components,\u201d https:\/\/docs.aws.amazon.com\/waf\/latest\/developerguide\/getting-started.html, accessed Oct. 19. 2024."},{"key":"29","unstructured":"[29] Amazon Web Services, \u201cAuthenticate users using an Application Load Balancer,\u201d https:\/\/docs.aws.amazon.com\/elasticloadbalancing\/latest\/application\/listener-authenticate-users.html, accessed Oct. 19. 2024."},{"key":"30","unstructured":"[30] Cloudflare, \u201cWhat is SASE architecture? \uff5c Secure access service edge,\u201d https:\/\/www.cloudflare.com\/learning\/access-management\/what-is-sase\/, accessed Oct. 19. 2024."},{"key":"31","unstructured":"[31] Cloudflare, \u201cEvolving to a SASE architecture with Cloudflare,\u201d https:\/\/developers.cloudflare.com\/reference-architecture\/architectures\/sase\/, accessed Oct. 19. 2024."},{"key":"32","unstructured":"[32] Cloudflare, \u201cAdd a site,\u201d https:\/\/developers.cloudflare.com\/fundamentals\/setup\/manage-domains\/add-site\/, accessed Oct. 19, 2024."},{"key":"33","unstructured":"[33] Cloudflare, \u201cWAF Get started,\u201d https:\/\/developers.cloudflare.com\/waf\/get-started\/, accessed Oct. 19. 2024."},{"key":"34","unstructured":"[34] Cloudflare, \u201cWhat is Zero Trust Network Access (ZTNA)?,\u201d https:\/\/www.cloudflare.com\/learning\/access-management\/what-is-ztna\/, accessed Oct. 19. 2024."},{"key":"35","unstructured":"[35] Okta, \u201cWhat is Okta,\u201d https:\/\/developer.okta.com\/docs\/concepts\/how-okta-works\/, accessed Oct. 22. 2024."},{"key":"36","unstructured":"[36] Cloudflare, \u201cCloudflare Zero Trust Get started,\u201d https:\/\/developers.cloudflare.com\/cloudflare-one\/setup\/, accessed Oct. 19. 2024."},{"key":"37","unstructured":"[37] Cloudflare, \u201cSSO integration,\u201d https:\/\/developers.cloudflare.com\/cloudflare-one\/identity\/idp-integration\/, accessed Oct. 19. 2024."},{"key":"38","unstructured":"[38] Cloudflare, \u201cSSO integration Okta,\u201d https:\/\/developers.cloudflare.com\/cloudflare-one\/identity\/idp-integration\/okta\/, accessed Oct. 19. 2024."},{"key":"39","unstructured":"[39] R.P. Carver, \u201cReading Rate: Theory, Research, and Practical Implications,\u201d Journal of Reading, vol.36, no.2, pp.84-95, 1992."},{"key":"40","unstructured":"[40] SpaCy, \u201cLinguistic Features,\u201d https:\/\/spacy.io\/usage\/linguistic-features, accessed Oct. 19. 2024."},{"key":"41","unstructured":"[41] WordNet, \u201cWhat is WordNet?,\u201d https:\/\/wordnet.princeton.edu\/, accessed Oct. 19. 2024."},{"key":"42","unstructured":"[42] Amazon Web Services, \u201cWhat is IAM Identity Center?,\u201d https:\/\/docs.aws.amazon.com\/singlesignon\/latest\/userguide\/what-is.html, acce\u00adssed Oct. 20. 2024."},{"key":"43","unstructured":"[43] Amazon Web Services, \u201cAWS Shield,\u201d https:\/\/docs.aws.amazon.com\/waf\/latest\/developerguide\/shield-chapter.html, accessed Oct. 20. 2024."},{"key":"44","unstructured":"[44] Amazon Web Services, \u201cWhat is AWS Lambda?,\u201d https:\/\/docs.aws.amazon.com\/lambda\/latest\/dg\/welcome.html, accessed Oct. 20. 2024."},{"key":"45","unstructured":"[45] Cloudflare, \u201cAccess,\u201d https:\/\/developers.cloudflare.com\/cloudflare-one\/policies\/access\/, accessed Oct. 20. 2024."},{"key":"46","unstructured":"[46] Cloudflare, \u201cOverview,\u201d https:\/\/developers.cloudflare.com\/registrar\/, accessed Oct. 20. 2024."},{"key":"47","unstructured":"[47] Cloudflare, \u201cCloudflare Tunnel,\u201d https:\/\/developers.cloudflare.com\/cloudflare-one\/connections\/connect-networks\/, accessed Oct. 20. 2024."},{"key":"48","unstructured":"[48] Microsoft, \u201cWhat is Microsoft Entra?,\u201d https:\/\/learn.microsoft.com\/en-us\/entra\/fundamentals\/what-is-entra, accessed Oct. 20. 2024."},{"key":"49","unstructured":"[49] Wordfence, \u201cHelp Documentation,\u201d https:\/\/www.wordfence.com\/help\/firewall\/options\/, accessed May 10. 2024."},{"key":"50","doi-asserted-by":"crossref","unstructured":"[50] L. Schwittmann, M. Wander, and T. Weis, \u201cDomain Impersonation is Feasible: A Study of CA Domain Validation Vulnerabilities,\u201d 2019 IEEE European Symposium on Security and Privacy (EuroS&amp;P), Stockholm, Sweden, pp.544-559, 2019. DOI: 10.1109\/EuroSP.2019.00046 10.1109\/eurosp.2019.00046","DOI":"10.1109\/EuroSP.2019.00046"},{"key":"51","doi-asserted-by":"crossref","unstructured":"[51] R. Barnes, J. Hoffman-Andrews, D. McCarney, and J. Kasten, \u201cRFC 8555 Automatic Certificate Management Environment (ACME),\u201d IETF, March 2019. 10.17487\/rfc8555","DOI":"10.17487\/RFC8555"}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E108.D\/8\/E108.D_2024DAK0002\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T03:28:28Z","timestamp":1754105308000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E108.D\/8\/E108.D_2024DAK0002\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,1]]},"references-count":51,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2024dak0002","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"type":"print","value":"0916-8532"},{"type":"electronic","value":"1745-1361"}],"subject":[],"published":{"date-parts":[[2025,8,1]]},"article-number":"2024DAK0002"}}