1

3. Major Comments
3.1. Looking from an overall perspective of this specific article, cloud hosting services are not a
widely practical solution for online websites due to the external insecure management interest,
limited resource allocation, restricted control, and monitor methods, scalability concerns and etc.
3.2. In particular, Trojan horses, Worm, Infectious Viruses and so many other viruses are
analyzed as known attacks and can be examined through signature-based Firewalls and processes
such as IDS (Intrusion Detection System) and WAF (Web Application Firewalls), whereas
unknown attacks that are not covered in the context. It is preferable to have closer inspection
around unknown attacks, as their potential may lead to information disclosure.
3.3. These suggestions could bring many advantages. Some pieces of the pie chart in figure 1
such as SQL Injection, Local Inclusion, Web shell, and others are missed to have percentages.
The statistical outcomes of website safety progress before and after security installation in figure
2 should be explained with accurate measures and indexes over a certain month. Besides, there is
no description for horizontal or vertical charts and the numbers are not compared with any
measures.

4. Minor Comments
4.1. I cannot see any sign of expression around business network size, the level of sensitivity of
the information published on the website, network design and connections, cloud service
provider and so many absent elements that are necessary for scanning and optimizing against the
risk of exposure.
4.2. In my opinion, it is a good idea to have a deeper flow of network security configurations
from the beginning step till the final stage when the business website improved from different
security features. Considering the current state of the paper, some parts of the security solutions
and protection rules are not clear.
4.3. It is not advisable to confine just one example in the paper and generalize it to all structures
and business websites. An alternative and appropriate technical solution are to choose various
network size and topologies for precise examination and progress comparisons between security
methods and conclusion.

5. Confidential Comments
5.1. Given is the evidence that the paper highlights the most important known attacks, protection
practices, and operations on business websites in an incomplete way and it neglects a clear chain
of technical actions or other comparison metrics.
5.2. I expect to meet more statistical arguments that are logical, well-examined, well-organized,
and persuasive.

6. Decision
There are several reasons why I am motivated by this article however literally it does not satisfy
to pass standard metrics.
2