<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd">
<article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article">
 <front>
  <journal-meta>
   <journal-id journal-id-type="publisher-id">
    jsea
   </journal-id>
   <journal-title-group>
    <journal-title>
     Journal of Software Engineering and Applications
    </journal-title>
   </journal-title-group>
   <issn pub-type="epub">
    1945-3116
   </issn>
   <issn publication-format="print">
    1945-3124
   </issn>
   <publisher>
    <publisher-name>
     Scientific Research Publishing
    </publisher-name>
   </publisher>
  </journal-meta>
  <article-meta>
   <article-id pub-id-type="doi">
    10.4236/jsea.2024.176029
   </article-id>
   <article-id pub-id-type="publisher-id">
    jsea-133992
   </article-id>
   <article-categories>
    <subj-group subj-group-type="heading">
     <subject>
      Articles
     </subject>
    </subj-group>
    <subj-group subj-group-type="Discipline-v2">
     <subject>
      Computer Science 
     </subject>
     <subject>
       Communications
     </subject>
    </subj-group>
   </article-categories>
   <title-group>
    Enable Excel-Based Basic Cybersecurity Features for End Users by Using Python-Excel Integration
   </title-group>
   <contrib-group>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Mohamed
      </surname>
      <given-names>
       Breik
      </given-names>
     </name>
    </contrib>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Osama
      </surname>
      <given-names>
       Magdy
      </given-names>
     </name>
    </contrib>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Essam
      </surname>
      <given-names>
       Amin
      </given-names>
     </name>
    </contrib>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Tarek
      </surname>
      <given-names>
       Aly
      </given-names>
     </name>
    </contrib>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Mervat
      </surname>
      <given-names>
       Gheith
      </given-names>
     </name>
    </contrib>
   </contrib-group> 
   <aff id="affnull">
    <addr-line>
     aSoftware Engineering Department, Faculty of Graduate Studies for Statistical Research, Cairo University, Cairo, Egypt
    </addr-line> 
   </aff> 
   <pub-date pub-type="epub">
    <day>
     07
    </day> 
    <month>
     06
    </month>
    <year>
     2024
    </year>
   </pub-date> 
   <volume>
    17
   </volume> 
   <issue>
    06
   </issue>
   <fpage>
    522
   </fpage>
   <lpage>
    529
   </lpage>
   <history>
    <date date-type="received">
     <day>
      26,
     </day>
     <month>
      April
     </month>
     <year>
      2024
     </year>
    </date>
    <date date-type="published">
     <day>
      21,
     </day>
     <month>
      April
     </month>
     <year>
      2024
     </year> 
    </date> 
    <date date-type="accepted">
     <day>
      21,
     </day>
     <month>
      June
     </month>
     <year>
      2024
     </year> 
    </date>
   </history>
   <permissions>
    <copyright-statement>
     © Copyright 2014 by authors and Scientific Research Publishing Inc. 
    </copyright-statement>
    <copyright-year>
     2014
    </copyright-year>
    <license>
     <license-p>
      This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/
     </license-p>
    </license>
   </permissions>
   <abstract>
    In the digital age, the global character of the Internet has significantly improved our daily lives by providing access to large amounts of knowledge and allowing for seamless connections. However, this enormously interconnected world is not without its risks. Malicious URLs are a powerful menace, masquerading as legitimate links while holding the intent to hack computer systems or steal sensitive personal information. As the sophistication and frequency of cyberattacks increase, identifying bad URLs has emerged as a critical aspect of cybersecurity. This study presents a new approach that enables the average end-user to check URL safety using Microsoft Excel. Using the powerful VirusTotal API for URL inspections, this study creates an Excel add-in that integrates Python and Excel to deliver a seamless, user-friendly interface. Furthermore, the study improves Excel’s capabilities by allowing users to encrypt and decrypt text communications directly in the spreadsheet. Users may easily encrypt their conversations by simply typing a key and the required text into predefined cells, enhancing their personal cybersecurity with a layer of cryptographic secrecy. This strategy democratizes access to advanced cybersecurity solutions, making attentive digital integrity a feature rather than a daunting burden.
   </abstract>
   <kwd-group> 
    <kwd>
     Python
    </kwd> 
    <kwd>
      End-User Approach
    </kwd> 
    <kwd>
      Excel
    </kwd> 
    <kwd>
      Excel Add-In
    </kwd> 
    <kwd>
      Cybersecurity
    </kwd> 
    <kwd>
      URL Check
    </kwd> 
    <kwd>
      API
    </kwd> 
    <kwd>
      Virustotal API
    </kwd> 
    <kwd>
      Encryption
    </kwd> 
    <kwd>
      Decryption
    </kwd> 
    <kwd>
      Vigenère Cipher
    </kwd> 
    <kwd>
      Python-Excel Integration
    </kwd>
   </kwd-group>
  </article-meta>
 </front>
 <body>
  <sec id="s1">
   <title>1. Introduction</title>
   <p>The global character of the Internet has significantly improved our daily lives by providing access to vast amounts of knowledge and enabling seamless connections. However, this interconnected world is fraught with risks, including malicious URLs that masquerade as legitimate links with the intent to compromise systems or steal sensitive information <xref ref-type="bibr" rid="scirp.133992-1">
     [1]
    </xref>. As cyberattacks become more sophisticated and frequent, identifying and mitigating these threats is crucial. Antivirus software has evolved to safeguard against harmful URLs, yet it remains out of reach for many non-technical users <xref ref-type="bibr" rid="scirp.133992-2">
     [2]
    </xref>.</p>
   <p>End-user development (EUD) is advancing to make technology accessible to both experts and non-experts, with tools that capture, represent, visualize, analyze, and test developer intent <xref ref-type="bibr" rid="scirp.133992-3">
     [3]
    </xref>. Integrating Python with Excel—a widely used tool in business and academia—offers a unique opportunity to democratize cybersecurity by providing advanced features in a familiar interface. This study aims to empower average end-users by integrating Python with Excel to deliver cybersecurity functionalities such as URL safety checks using the VirusTotal API and text encryption/decryption via the Vigenère Cipher.</p>
  </sec><sec id="s2">
   <title>2. Background</title>
   <sec id="s2_1">
    <title>2.1. Computer Security</title>
    <p>The field of computer security has evolved significantly since its early days in the 1970s. Ken Thompson’s seminal work, “Reflections on Trusting Trust” (1984), highlighted the fundamental problem of trust in computer systems, emphasizing the need for secure infrastructure and tools <xref ref-type="bibr" rid="scirp.133992-4">
      [4]
     </xref>. This study builds on these foundational ideas by integrating security features into everyday tools like Excel.</p>
   </sec>
   <sec id="s2_2">
    <title>2.2. Web Applications and Security Testing</title>
    <p>Web applications are critical in today’s digital landscape, serving as the backbone for communication, information exchange, and service provision. Security testing of these applications is vital to ensure their integrity and protect sensitive data <xref ref-type="bibr" rid="scirp.133992-5">
      [5]
     </xref>. Regular vulnerability assessments help organizations proactively address security flaws and comply with industry regulations.</p>
   </sec>
   <sec id="s2_3">
    <title>2.3. The Vigenère Cipher</title>
    <p>The Vigenère cipher, a method of encrypting text using a polyalphabetic substitution technique, has been a resilient cryptographic method for centuries. It employs a repeating key to shift letters in the plaintext, providing a simple yet effective means of securing communications <xref ref-type="bibr" rid="scirp.133992-6">
      [6]
     </xref>. This study leverages the Vigenère cipher to offer encryption and decryption functionalities within Excel, enhancing user data privacy.</p>
   </sec>
  </sec><sec id="s3">
   <title>3. Related Work</title>
   <p>Several studies highlight the importance of large-scale analyses and classifications of malicious URLs. Choo et al. (2023) <xref ref-type="bibr" rid="scirp.133992-7">
     [7]
    </xref> conducted a comprehensive study on VirusTotal (VT) reports, providing insights into the characteristics and patterns of malicious URLs. Shalaginov et al. (2016) <xref ref-type="bibr" rid="scirp.133992-8">
     [8]
    </xref> emphasized the role of large-scale datasets in malware detection research. The need for user-friendly cybersecurity tools that leverage such comprehensive data is evident. This study fills this gap by integrating advanced cybersecurity features into Excel, making them accessible to non-technical users.</p>
   <p>End-User Development (EUD) security is a crucial area that aims to empower end-users to develop and adapt systems themselves while ensuring the security of these systems. Lieberman et al. (2006) <xref ref-type="bibr" rid="scirp.133992-9">
     [9]
    </xref> emphasize the goal of EUD in empowering end-users to develop and adapt systems themselves. Ko et al. (2011) <xref ref-type="bibr" rid="scirp.133992-10">
     [10]
    </xref> provide an overview of End-User Software Engineering (EUSE) and related terminology, which is essential for understanding the landscape of EUD security. Fischer et al. (2017) <xref ref-type="bibr" rid="scirp.133992-11">
     [11]
    </xref> propose EUD methods as a solution for developing flexible systems that can be adapted to different end-user needs directly. To enhance security in EUD environments, Rak et al. (2014) <xref ref-type="bibr" rid="scirp.133992-12">
     [12]
    </xref> focus on developing secure cloud applications, emphasizing the importance of mapping high-level security requirements with low-level interactions among application components.</p>
   <p>In conclusion, EUD security is a multifaceted domain that requires a holistic approach integrating end-user empowerment with robust security measures. By leveraging HCI principles, user participation, and tailored security management systems, EUD environments can be fortified against potential threats, ensuring both usability and security for end-users.</p>
  </sec><sec id="s4">
   <title>4. Methodology</title>
   <p>This study followed the Software Development Life Cycle (SDLC) to develop the Excel add-in, serving as proof of concept for enabling Excel-based cybersecurity features <xref ref-type="bibr" rid="scirp.133992-13">
     [13]
    </xref>.</p>
   <sec id="s4_1">
    <title>4.1. Plan and Requirement Analysis</title>
    <p>• User Profiling: Define typical end-user profiles based on their cybersecurity knowledge and Excel usage patterns.</p>
    <p>• Feasibility Study: Analyze the technical feasibility and limitations of integrating the VirusTotal API and encryption/decryption algorithms into an Excel add-in.</p>
   </sec>
   <sec id="s4_2">
    <title>4.2. Design</title>
    <p>• System Architecture: Outline the overall architecture of the Excel add-in, including the user interface, functional modules, and interaction with external APIs.</p>
    <p>• VirusTotal API Integration: Design the integration process for the VirusTotal API, ensuring robust and secure communication between Excel and the VirusTotal service.</p>
    <p>• Encryption/Decryption Module: Design the module for encryption and decryption, deciding on cryptographic algorithms that balance security with ease of use for non-technical users.</p>
    <p>• As shown in <xref ref-type="fig" rid="fig1">
      Figure 1
     </xref>, the proposed system includes several key components (User, Excel Application, Data, and Local add-in server).</p>
   </sec>
   <sec id="s4_3">
    <title>4.3. Implement</title>
    <p>• Add-in Development: Utilize a suitable programming language (python, flask) to create the Excel add-in.</p>
    <p>• URL Check Code Development: Prepare Virustotal API python code.</p>
    <p>• Encrypt/Decrypt python Code Development: Prepare Vigenère Encryption and Decryption python code.</p>
    <p>• <xref ref-type="fig" rid="fig2">
      Figure 2
     </xref> shows the implemented architect.</p>
   </sec>
   <sec id="s4_4">
    <title>4.4. Test</title>
    <p>• Unit Testing: Perform unit tests on each module (API integration, encryption/decryption) to ensure they function correctly in isolation.</p>
    <p>• Integration Testing: Test the integration of modules within the Excel environment to ensure they work together seamlessly.</p>
    <fig id="fig1" position="float">
     <label>Figure 1</label>
     <caption>
      <title>Figure 1. Proposed architecture.</title>
     </caption>
     <graphic mimetype="image" position="float" xlink:type="simple" xlink:href="https://html.scirp.org/file/9303267-rId14.jpeg?20240624024329" />
    </fig>
    <fig id="fig2" position="float">
     <label>Figure 2</label>
     <caption>
      <title>Figure 2. Implemented architecture.</title>
     </caption>
     <graphic mimetype="image" position="float" xlink:type="simple" xlink:href="https://html.scirp.org/file/9303267-rId15.jpeg?20240624024329" />
    </fig>
   </sec>
   <sec id="s4_5">
    <title>4.5. Deploy</title>
   </sec>
  </sec><sec id="s5">
   <title>URL Check API Deployment:</title>
   <p>Embed the VirusTotal API into the add-in, ensuring that URLs can be checked seamlessly from within Excel as shown below in <xref ref-type="fig" rid="fig3">
     Figure 3
    </xref>.</p>
   <p>1) User enter URL to check in cell A11</p>
   <p>2) User click on URL Check add-in module</p>
   <p>3) Results show up in cell B11</p>
  </sec><sec id="s6">
   <title>Encryption/Decryption Deployment:</title>
   <p>Embed the encryption/decryption functionality, allowing users to input a key and message within Excel cells to perform the cryptographic operations:</p>
  </sec><sec id="s7">
   <title>Encryption as shown below in <xref ref-type="fig" rid="fig4">
     Figure 4
    </xref>:</title>
   <p>1) User enters his Key in cell A14</p>
   <p>2) User enters his text to encrypt in cell B14</p>
   <p>3) User clicks on Encrypt add-in module</p>
   <p>4) Encrypted text shows up in cell A15</p>
  </sec><sec id="s8">
   <title>Decryption as shown below in <xref ref-type="fig" rid="fig5">
     Figure 5
    </xref>:</title>
   <p>1) User enters his Key in cell A18</p>
   <p>2) User enters his text to encrypt in cell B18</p>
   <p>3) User clicks on Decrypt add-in module</p>
   <p>4) Decrypted text shows up in cell A19</p>
  </sec><sec id="s9">
   <title>5. Contribution</title>
   <p>This research makes several key contributions to the field of cybersecurity and end-user data protection:</p>
   <sec id="s9_1">
    <title>5.1. Innovation in End-User Cybersecurity</title>
    <p>• It introduces a novel Excel add-in that integrates with the VirusTotal API, bringing advanced URL safety checks directly into a commonly used application.</p>
    <fig id="fig3" position="float">
     <label>Figure 3</label>
     <caption>
      <title>Figure 3. URL check Excel add-in.</title>
     </caption>
     <graphic mimetype="image" position="float" xlink:type="simple" xlink:href="https://html.scirp.org/file/9303267-rId16.jpeg?20240624024330" />
    </fig>
    <fig id="fig4" position="float">
     <label>Figure 4</label>
     <caption>
      <title>Figure 4. Encryption using Excel add-in.</title>
     </caption>
     <graphic mimetype="image" position="float" xlink:type="simple" xlink:href="https://html.scirp.org/file/9303267-rId17.jpeg?20240624024330" />
    </fig>
    <fig id="fig5" position="float">
     <label>Figure 5</label>
     <caption>
      <title>Figure 5. Decryption using Excel add-in.</title>
     </caption>
     <graphic mimetype="image" position="float" xlink:type="simple" xlink:href="https://html.scirp.org/file/9303267-rId18.jpeg?20240624024330" />
    </fig>
    <p>• It provides a straightforward method for even non-technical users to encrypt and decrypt messages within Excel, promoting data privacy and security awareness.</p>
   </sec>
   <sec id="s9_2">
    <title>5.2. Usability Enhancements</title>
    <p>• It enhances the usability of cybersecurity tools by embedding them into Excel, an environment familiar to many users, thereby reducing the barrier to effective cybersecurity practices.</p>
    <p>• It includes the development of user-friendly documentation and interfaces, thereby empowering users with little to no background in cybersecurity to take proactive measures to protect their data.</p>
   </sec>
   <sec id="s9_3">
    <title>5.3. Technical Contributions</title>
    <p>• It contributes to the field by demonstrating the practical integration of external security APIs within office productivity software.</p>
    <p>• It applies and tests encryption algorithms within a new context, providing insights into their usability and performance in everyday applications.</p>
   </sec>
   <sec id="s9_4">
    <title>5.4. Educational Value</title>
    <p>• The add-in serves as an educational tool, raising awareness about the importance of cybersecurity and the risks associated with malicious URLs and unencrypted data.</p>
    <p>• It provides a real-world application of encryption, potentially sparking user interest in the wider field of cybersecurity.</p>
   </sec>
  </sec><sec id="s10">
   <title>6. Future Work</title>
   <p>For future research and development, several avenues are presented by this study:</p>
   <sec id="s10_1">
    <title>6.1. Advanced Threat Detection</title>
    <p>• Integrate more advanced machine learning-based models to predict and detect zero-day phishing URLs and other emerging threats.</p>
    <p>• Explore the integration of additional security APIs to broaden the scope of threat detection.</p>
   </sec>
   <sec id="s10_2">
    <title>6.2. Cross-Platform Adaptability</title>
    <p>• Adapt the add-in for use with other spreadsheet software and platforms, increasing the tool’s accessibility and utility.</p>
    <p>• Create mobile versions of the add-in to extend protection to users on mobile devices.</p>
   </sec>
  </sec><sec id="s11">
   <title>Acknowledgements</title>
   <p>We are grateful to Prof. Mervat Gheith, Prof. Essam Amin and Dr. Tarek Aly for their guidance and support. We also extend our thanks to the Pythonista Egypt group for their valuable contributions to this research.</p>
  </sec>
 </body><back>
  <ref-list>
   <title>References</title>
   <ref id="scirp.133992-ref1">
    <label>1</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Manjusha, K.N.S.B.V. and Jaya Kumari, D. (2024) Detecting Phishing Links Analysis Using Machine Learning. International Journal for Multidisciplinary Research, 6. &gt;https://doi.org/10.36948/ijfmr.2024.v06i03.18870 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref2">
    <label>2</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Koca, M., Avci, İ. and Al-Hayani, M.A.S. (2023) Classification of Malicious Urls Using Naive Bayes and Genetic Algorithm. Sakarya University Journal of Computer and Information Sciences, 6, 80-90. &gt;https://doi.org/10.35377/saucis...1273536 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref3">
    <label>3</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Barricelli, B.R., Cassano, F., Fogli, D. and Piccinno, A. (2019) End-User Development, End-User Programming and End-User Software Engineering: A Systematic Mapping Study. Journal of Systems and Software, 149, 101-137. &gt;https://doi.org/10.1016/j.jss.2018.11.041 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref4">
    <label>4</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Thompson, K. (1984) Reflections on Trusting Trust. Communications of the ACM, 27, 761-763. &gt;https://doi.org/10.1145/358198.358210 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref5">
    <label>5</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Huang, Y., Tsai, C., Lin, T., Huang, S., Lee, D.T. and Kuo, S. (2005) A Testing Framework for Web Application Security Assessment. Computer Networks, 48, 739-761. &gt;https://doi.org/10.1016/j.comnet.2005.01.003 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref6">
    <label>6</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Rubinstein-Salzedo, S. (2018). The Vigenère Cipher. In: Rubinstein-Salzedo, S., Ed., Cryptography, Springer Undergraduate Mathematics Series. Springer, Cham, 41-54. &gt;https://doi.org/10.1007/978-3-319-94818-8_5 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref7">
    <label>7</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Choo, E., Nabeel, M., Kim, D., De Silva, R., Yu, T. and Khalil, I. (2023) A Large Scale Study and Classification of Virustotal Reports on Phishing and Malware Urls. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 7, 1-26. &gt;https://doi.org/10.1145/3626790 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref8">
    <label>8</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Shalaginov, A., Franke, K. and Huang, X. (2016) Malware Beaconing Detection by Mining Large-Scale DNS Logs for Targeted Attack Identification. International Journal of Computer and Information Engineering, 10, 743-755. &gt;https://publications.waset.org/10004242/pdf
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref9">
    <label>9</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Lieberman, H., Paternò, F., Klann, M. and Wulf, V. (2006) End-User Development: An Emerging Paradigm. In: Lieberman, H., Paternò, F., Wulf, V., Eds., End User Development, Human-Computer Interaction Series, vol. 9, Springer, Dordrecht, 1-8. &gt;https://doi.org/10.1007/1-4020-5386-x_1
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref10">
    <label>10</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Ko, A.J., Abraham, R., Beckwith, L., Blackwell, A., Burnett, M., Erwig, M., et al. (2011) The State of the Art in End-User Software Engineering. ACM Computing Surveys, 43, 1-44. &gt;https://doi.org/10.1145/1922649.1922658 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref11">
    <label>11</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Fischer, G., Fogli, D. and Piccinno, A. (2017) Revisiting and Broadening the Meta-Design Framework for End-User Development. In: Paternò, F. and Wulf, V., Eds., New Perspectives in End-User Development, Springer, Cham, 61-97.&gt;https://doi.org/10.1007/978-3-319-60291-2_4 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref12">
    <label>12</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Rak, M., Ficco, M., Battista, E., Casola, V. and Mazzocca, N. (2014) Developing Secure Cloud Applications. Scalable Computing: Practice and Experience, 15. &gt;https://doi.org/10.12694/scpe.v15i1.965 
    </mixed-citation>
   </ref>
   <ref id="scirp.133992-ref13">
    <label>13</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Ghumatkar, R.S. and Date, A. (2023) Software Development Life Cycle (SDLC). International Journal for Research in Applied Science and Engineering Technology, 11, 1162-1165. &gt;https://doi.org/10.22214/ijraset.2023.56554
    </mixed-citation>
   </ref>
  </ref-list>
 </back>
</article>