The rise of cyberattacks has led to an increase in the creation of fake websites by attackers, who use these sites for advertising products, transmit malware, or steal valuable login credentials. Phishing, the act of soliciting sensitive information from users by masquerading as a trustworthy entity, is a common technique used by attackers to achieve their goals. Spoofed websites and email spoofing are often used in phishing attacks, with spoofed emails redirecting users to phishing websites in order to trick them into revealing their personal information. Traditional solutions for detecting phishing websites rely on signature-based approaches that are not effective in detecting newly created spoofed websites. To address this challenge, researchers have been exploring machine-learning methods for detecting phishing websites. In this paper, we suggest a new approach that combines the use of blacklists and machine learning techniques such that a variety of powerful features, including domain-based features, abnormal features, and abnormal features based on URLs, HTML, and JavaScript, to rank web pages and improve classification accuracy. Our experimental results show that using the proposed approach, the random forest classifier offers the best accuracy of 93%, with FPR and FNR as 0.12 and 0.02, with a Precision of 90%, Recall of 97% an F1 Score of 93%, and MCC of 0.85.

SQL injection attack is a major threat to web application security. It has been rated as one of the most dangerous vulnerabilities for a web-based application. Based on the Open Web Application Security Project (OWASP), it is measured as one of the top ten.  Many types of research have been made to face this attack either by preventing the threat or at least detecting it. We aim in this paper to give an overview of the SQL injection (SQLI) attack and classify these attacks and prevention and detection tools. We introduce the most current techniques and tools that are used to prevent and detect SQLI and highlight their strengths and weaknesses.