The Current state of Web Application Security Mitigation Training, What Can Be Done To Improve?

O’Docherty, C. (2017). The Current state of Web Application Security Mitigation Training, What Can Be Done To Improve? (MSc ASDF Dissertation). Edinburgh Napier University (Ramsay, B., Macfarlane, R.).



This project has investigated the current literature on the training platforms presented within
academia, teaching mitigation for web application security. It has undertaken a survey on the use of
a platform, which was created for this project to fulfil problem areas established in the literature
This was to find out what are the current justifications and background considerations which would
need to be made when designing a platform and the current situation and the user groups experience
on using the platform.
This was so more can be known about web application security mitigation training and how to improve
the research in this area, so recommendations could be made for future platforms.
The main data has come from the literature review, which provided the foundation for the survey
questions and gave the framework of which the aims of the platform were justified.
Additional data has come from the quantitative survey and the analysis of the results. The survey
research was carried out by way of an online questionnaire embedded within the platform, asking
closed ended questions. This method was most appropriate and sets this study apart from previous,
because previous studies in the majority had only undertaken qualitative assessment, and those who
had taken statistical data, lacked publishing the results.
The limitations are in the fact it was a quantitative closed question survey, in that it could not
encompass in depth feedback but only provide statistics with analysis on the group of participants and
subsequent user groups established by their background. The platform had to be kept simple and
straightforward so only covered one subject area of mitigation, being the method of securing a form
against XSS attacks, namely input and output escaping and validation.
The survey results had confirmed a majority of the problem statements risen by the literature review
still are current concluding that improvement is still to be made, however positive feedback was
established by way of the statistical data on the use of the platform created for this project.
[Read More]


Areas of Expertise

Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Associated Projects