Article Per Year (5 Year)
p-Index From 2021 - 2026
0.562
P-Index
This Author published in this journals
All Journal International Journal of Electrical and Computer Engineering TELKOMNIKA (Telecommunication Computing Electronics and Control) Indonesian Journal of Electrical Engineering and Computer Science
Mamdouh Alenezi
Prince Sultan University
Computer Science & IT Electrical & Electronics Engineering

Published : 8 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 8 Documents
Search

 1 
Security assessment framework for educational ERP systems Hafsa Ashraf; Mamdouh Alenezi; Muhammad Nadeem; Yasir Javid
International Journal of Electrical and Computer Engineering (IJECE) Vol 9, No 6: December 2019
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | Full PDF (1711.057 KB) | DOI: 10.11591/ijece.v9i6.pp5570-5585

Abstract

The educational ERP systems have vulnerabilities at the different layers such as version-specific vulnerabilities, configuration level vulnerabilities and vulnerabilities of the underlying infrastructure. This research has identified security vulnerabilities in an educational ERP system with the help of automated tools; penetration testing tool and public vulnerability repositories (CVE, CCE) at all layers. The identified vulnerabilities are analyzed for any false positives and then clustered with mitigation techniques, available publicly in security vulnerability solution repository like CCE and CWE. These mitigation techniques are mapped over reported vulnerabilities using mapping algorithms. Security vulnerabilities are then prioritized based on the Common Vulnerability Scoring System (CVSS). Finally, open standards-based vulnerability mitigation recommendations are discussed.
Ontology-based context-sensitive software security knowledge management modeling Mamdouh Alenezi
International Journal of Electrical and Computer Engineering (IJECE) Vol 10, No 6: December 2020
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | Full PDF (581.414 KB) | DOI: 10.11591/ijece.v10i6.pp6507-6520

Abstract

The disconcerting increase in the number of security attacks on software calls for an imminent need for including secure development practices within the software development life cycle. The software security management system has received considerable attention lately and various efforts have been made in this direction. However, security is usually only considered in the early stages of the development of software. Thus, this leads to stating other vulnerabilities from a security perspective. Moreover, despite the abundance of security knowledge available online and in books, the systems that are being developed are seldom sufficiently secure. In this paper, we have highlighted the need for including application context sensitive modeling within a case-based software security management system. Furthermore, we have taken the context-driven and ontology-based frameworks and prioritized their attributes according to their weights which were achieved by using the Fuzzy AHP methodology.
An automated approach to fix buffer overflows Aamir Shahab; Muhammad Nadeem; Mamdouh Alenezi; Raja Asif
International Journal of Electrical and Computer Engineering (IJECE) Vol 10, No 4: August 2020
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | Full PDF (958.211 KB) | DOI: 10.11591/ijece.v10i4.pp3777-3787

Abstract

Buffer overflows are one of the most common software vulnerabilities that occur when more data is inserted into a buffer than it can hold. Various manual and automated techniques for detecting and fixing specific types of buffer overflow vulnerability have been proposed, but the solution to fix Unicode buffer overflow has not been proposed yet. Public security vulnerability repository e.g., Common Weakness Enumeration (CWE) holds useful articles about software security vulnerabilities. Mitigation strategies listed in CWE may be useful for fixing the specified software security vulnerabilities. This research contributes by developing a prototype that automatically fixes different types of buffer overflows by using the strategies suggested in CWE articles and existing research. A static analysis tool has been used to evaluate the performance of the developed prototype tools. The results suggest that the proposed approach can automatically fix buffer overflows without inducing errors.
Harnessing deep learning algorithms to predict software refactoring Mamdouh Alenezi; Mohammed Akour; Osama Al Qasem
TELKOMNIKA (Telecommunication Computing Electronics and Control) Vol 18, No 6: December 2020
Publisher : Universitas Ahmad Dahlan

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.12928/telkomnika.v18i6.16743

Abstract

During software maintenance, software systems need to be modified by adding or modifying source code. These changes are required to fix errors or adopt new requirements raised by stakeholders or market place. Identifying thetargeted piece of code for refactoring purposes is considered a real challenge for software developers. The whole process of refactoring mainly relies on software developers’ skills and intuition. In this paper, a deep learning algorithm is used to develop a refactoring prediction model for highlighting the classes that require refactoring. More specifically, the gated recurrent unit algorithm is used with proposed pre-processing steps for refactoring predictionat the class level. The effectiveness of the proposed model is evaluated usinga very common dataset of 7 open source java projects. The experiments are conducted before and after balancing the dataset to investigate the influence of data sampling on the performance of the prediction model. The experimental analysis reveals a promising result in the field of code refactoring prediction
A sustainable procedural method of software design process improvements Khalid T. Al-Sarayreh; Kenza Meridji; Mamdouh Alenezi; Mohammed Zarour; Mohammed D. Al-Majali
Indonesian Journal of Electrical Engineering and Computer Science Vol 21, No 1: January 2021
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/ijeecs.v21.i1.pp440-449

Abstract

In practice, the software process is an intermediate phase for enhancement and improvements the design for different types of software products and help developers to converts the specified requirements into prototypes that implement the design into reality. The objective of this paper is to provide software developers, designers and software engineers who work in small companies with a standards-based process improvement using a procedural method technique including detailed steps for designing the small software systems into their companies. The method used in this paper includes 1) analysis four different types of commonly design processes used by industry such as CMMI, conventional or software process in ISO 19759, generic and engineering design processes. 2)  mapping between those four design processes. 3) collect the dispersed design concepts proposed by those four processes. 4) proposed a sustainable procedural method of software design process improvements 5) Illustration of the applicability of the proposed approach using A template-based implementation. The primary result of this study is a guideline procedure with detailed steps for software design process improvements to help and guide developers in small companies to analyze and design a small software scales with limited cost and duration. In conclusion, this paper proposed a method to improve the design process for different kinds of the software systems using a template-based implementation to reduce the cost, effort and time needed in the implementation phase in small companies. The scientific implication behind a template-based implementation helps the system and software engineering to use this template easily in their small companies; because most of the time those engineering developers are responsible for analyzing, designing, implementing and testing their software systems during the whole software life cycle.
Software process improvement initiative in medium size IT organization: a case study Mohammad Zarour; Mamdouh Alenezi
Indonesian Journal of Electrical Engineering and Computer Science Vol 23, No 1: July 2021
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/ijeecs.v23.i1.pp500-509

Abstract

IT organizations are striving to develop software solutions that meet customer needs as well as their business goals. Software organization scontinuously improve their software development practices for faster time-to-market and better software quality. The success factors to conduct process improvement initiatives are documented in the literature, but their effect and existences differ from one place to another. Hence, as the culture and organizational behavior in developing software varies across the world, it becomes interesting to report and discuss local experiences in differentregions. The experience gained in this empirical study differs from that gained in the previous work in the sense that it was the organization that initiated this initiative and this ensures the top management commitment in conducting the process improvement initiative. We have used CMMI continuous representation and SCAMPI Class C appraisal method to conduct the appraisal. In this empirical study, most of the success factors are met toconduct the process improvement initiative, including: Staff involvement and high staff morale. Several process pitfalls have been identified; an interesting one is that adopting powerful case tools is not enough to control the development process if they are not fully used.
SQL injection attacks countermeasures assessments Mamdouh Alenezi; Muhammad Nadeem; Raja Asif
Indonesian Journal of Electrical Engineering and Computer Science Vol 21, No 2: February 2021
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/ijeecs.v21.i2.pp1121-1131

Abstract

SQL injections attacks have been rated as the most dangerous vulnerability of web-based systems over more than a decade by OWASP top ten. Though different static, runtime and hybrid approaches have been proposed to counter SQL injection attacks, no single approach guarantees flawless prevention/ detection for these attacks. Hundreds of components of open source and commercial software products are reported to be vulnerable for SQL injection to CVE repository every year. In this mapping study, we identify different existing approaches in terms of the cost of computation and protection offered. We found that most of the existing techniques claim to offer protection based on the testing on a very small or limited scale. This study dissects each proposed approach and highlights their strengths and weaknesses and categorizes them based on the underlying technology used to detect or counter the injection attacks.
Test suites effectiveness evolution in open source systems: empirical study Mohammed Akour; Mamdouh Alenezi
Indonesian Journal of Electrical Engineering and Computer Science Vol 19, No 2: August 2020
Publisher : Institute of Advanced Engineering and Science

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.11591/ijeecs.v19.i2.pp992-999

Abstract

Test suite code coverage is usually used to indicate the capability of a test suite in detecting faults. Earlier research studies, which explored the relationship among test suite effectiveness and code coverage, have not addressed this relationship evolutionally. Moreover, some of these works were studied small or identical domain systems, which make the result generalization process unclear for other systems. Finally, some of these studies were conducted with automatically generated test suites, which might not present the real situation for studied systems, so the results cannot be generalized to real test suites. In this paper, the authors empirically explore three open-source software systems along with their 11 versions. These versions are evolved over time and might have more sources of code and test suites. This work objective is to study the correlation between test suite effectiveness, the size of the test suite, and coverage for three Java programs during their evolution. In this work, the code coverage, test suite LOC and mutation testing coverage are measured to assess the correlation between the effectiveness of fault detection, code coverage, and test suite size. Based on the result we cannot generalize the assumption that test size is always revealing a positive correlation with its effectiveness, but still weak to the high correlation between test effectiveness, test size, and coverage. 
Co-Authors Aamir Shahab Hafsa Ashraf Kenza Meridji Khalid T. Al-Sarayreh Mohammad Zarour Mohammed Akour Mohammed Akour Mohammed D. Al-Majali Mohammed Zarour Muhammad Nadeem Muhammad Nadeem Osama Al Qasem Raja Asif Raja Asif Yasir Javid