How Can Web Developers Ensure Secure Coding?

Web developers indicate that secure coding—or improving code security—is a top priority. Due to tight deadlines and client demands to deliver software and executable code quickly, insufficient time and attention are often devoted to security. This can make applications vulnerable to hacker attacks. In addition, secure coding is not always part of formal education, or developers may not fully recognise its importance.

As part of an internship project by Suly-ann Stokkel, research was conducted into why this problem persists and what is needed to increase web developers’ security knowledge. The result is a prototype providing an overview of existing knowledge resources and training opportunities related to secure coding. The research was carried out within the Centre of Expertise Cyber Security and the Network and Systems Engineering research group, under the supervision of lecturer-researcher Daniel Meinsma.

The central research question was: What (freely) available training materials can be shared to improve web developers’ knowledge and skills in secure coding?

Core curriculum, exercises, and prototype

The research revealed that many web developers have limited knowledge of secure coding. In current ICT programmes, secure coding is not a core subject but rather an elective or specialisation. The recommendation is therefore to treat secure coding as a “must-have” rather than a “nice-to-have” in education. Digital security should be addressed from the moment students begin learning to code or build web applications. This fosters awareness among both students and lecturers.

A second recommendation for developers is to learn primarily by doing—through hands-on exercises and training—rather than only listening or watching. Staying informed via security blogs and IT news is also essential.

To raise awareness of secure coding, a prototype was developed that provides an overview of materials, exercises, and tutorials covering common secure coding topics and widely used web programming languages. Materials are categorised by beginner, intermediate, and expert levels, allowing (future) web developers to identify gaps in their knowledge and address them accordingly. The overview also serves as a useful teaching resource for lecturers in ICT programmes.

Experience of Suly-ann

“During this internship, I met great colleagues and gained valuable experience by participating in (online) Centre of Expertise Cyber Security meetings. Receiving feedback was very educational. I collaborated with lecturers from The Hague University of Applied Sciences and Fontys University of Applied Sciences, as well as developers from organisations based at the Dutch Innovation Factory. By working on this project and creating secure coding exercises, I not only improved my own skills but also developed a product to support others. It was an exciting challenge that taught me a great deal.”