SECURESIGHT - A Multi-Module Website Security Analyzer

Abstract

The rapid expansion of web technologies has transformed how organizations deliver services in commerce, education, and communication. At the same time, this growth has widened the attack surface for cyber threats, with adversaries exploiting insecure configurations, weak authentication, and malicious scripts. Manual detection of such vulnerabilities is often slow and error?prone, highlighting the need for automated solutions. This paper introduces SecureSight, a modular platform for website security analysis. The system integrates multiple modules— JavaScript malware detection, domain reputation checks, HTTP/TLS validation, and vulnerability scanning—into a unified framework. Built with React.js for the frontend and Node.js/Express.js for the backend, SecureSight executes concurrent scans and consolidates results through a centralized risk evaluation engine. Experimental evaluation demonstrates that the platform effectively identifies common vulnerabilities and provides actionable insights, supporting developers and security professionals in strengthening web application defenses.

Introduction

Web applications are essential to modern digital services but are increasingly vulnerable to cyberattacks such as SQL injection, XSS, and malicious scripts. Existing security tools often focus on specific threats, requiring developers to use multiple solutions, which reduces efficiency.

To address this, SecureSight is proposed as a unified, modular web security analysis platform. It integrates multiple detection techniques—JavaScript malware detection, URL reputation analysis, HTTP/TLS validation, and vulnerability scanning—into a single system. Built using a React.js frontend and Node.js/Express.js backend, it uses concurrent processing to efficiently analyze websites and generate comprehensive security reports through an interactive dashboard.

The system architecture follows a scalable client-server model with independent modules coordinated by a centralized risk evaluation engine. This engine aggregates results and assigns risk levels (low, medium, high).

Experimental results show that SecureSight effectively detects vulnerabilities like missing headers, suspicious scripts, and insecure configurations. Its modular design allows future enhancements such as AI-based detection, real-time monitoring, API security analysis, and integration with threat intelligence.

Overall, SecureSight provides a scalable, efficient, and comprehensive solution for automated web security assessment.

Conclusion

This paper presented SecureSight, a modular platform for automated website vulnerability detection. By combining JavaScript malware detection, domain reputation analysis, HTTP/TLS validation, and vulnerability scanning into a single system, SecureSight delivers a comprehensive approach to evaluating web application security. The system was implemented using modern web technologies, with React.js powering the frontend and Node.js/Express.js managing backend operations. Its modular architecture enables concurrent execution of multiple security checks, improving efficiency and coverage. Experimental evaluation confirmed SecureSight’s effectiveness in identifying common weaknesses such as malicious scripts, missing headers, and insecure configurations. The interactive dashboard further enhances usability by presenting results in a clear, accessible format. Overall, SecureSight contributes to democratizing access to professional?grade security analysis. Its scalable design also provides a foundation for future enhancements, including machine learning?based detection, real?time monitoring, and expanded coverage for API security.

References

[1] B. Yu, F. Tang, D. Ergu, R. Zeng, B. Ma, and F. Liu, “Efficient Classification of Malicious URLs: M-BERT—A Modified BERT Variant for Enhanced Semantic Understanding,” IEEE Access, vol. 12, pp. 13453-13468, 2024. [2] H. Alnabulsi, R. Islam, and M. Talukder, “GMSA: Gathering Multiple Signatures Approach to Defend Against Code Injection Attacks,” IEEE Access, vol. 6, pp. 77829-77840, 2018. [3] P. Cigoj and B. J. Blaži?, “An Intelligent and Automated WCMS Vulnerability-Discovery Tool: The Current State of the Web,” IEEE Access, vol. 7, pp. 175466-175473, 2019. [4] P. Patel, R. V. Reddy, D. S. Kiran, J. S. S. Harsha, and A. M. P. Reddy, “Enhancing Web Application Security: A Comprehensive Approach with WVS (Web Vulnerability Scanner),” Int. J. Eng. Res. Technol. (IJERT), vol. 13, no. 3, pp. 215-223, Mar. 2024. [5] L. Hu, S. Sarker, B. Melicher, and A. Starov, “Malicious JavaScript Detection using Obfuscation Analysis and String Reconstruction Techniques,” Computers & Security, vol. 149, p. 104152, Feb. 2025. [6] OWASP Foundation, “OWASP Zed Attack Proxy (ZAP) Project Documentation,” OWASP.org. Available: https://owasp.org [7] Google, “Safe Browsing Transparency Report,” Google Transparency Report. Available: https://transparencyreport.google.com/safe-browsing [8] VirusTotal API Documentation: https://virustotal.com [9] WHOIS Database, “Domain Registration and Ownership Lookup Service,” Whois.domaintools.com. Available: https://whois.domaintools.com [10] Mozilla Observatory: https://observatory.mozilla.org/

Copyright

Copyright © 2026 Aromal B. S., Ben Abishai Barik , Fathima Hana, Krishna S, Ms. Aiswarya S. S.. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.