{"id":"https://openalex.org/W4287884605","doi":"https://doi.org/10.1109/spw54247.2022.9833858","title":"Measuring Developers\u2019 Web Security Awareness from Attack and Defense Perspectives","display_name":"Measuring Developers\u2019 Web Security Awareness from Attack and Defense Perspectives","publication_year":2022,"publication_date":"2022-05-01","ids":{"openalex":"https://openalex.org/W4287884605","doi":"https://doi.org/10.1109/spw54247.2022.9833858"},"language":"en","primary_location":{"id":"doi:10.1109/spw54247.2022.9833858","is_oa":false,"landing_page_url":"https://doi.org/10.1109/spw54247.2022.9833858","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Security and Privacy Workshops (SPW)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://rke.abertay.ac.uk/en/publications/6cfc29eb-7dfc-4285-924c-9fe1c6074d10","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101821772","display_name":"Merve \u015eahin","orcid":"https://orcid.org/0009-0009-4798-0601"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Merve Sahin","raw_affiliation_strings":["SAP Security Research,France","SAP Security Research, France"],"affiliations":[{"raw_affiliation_string":"SAP Security Research,France","institution_ids":[]},{"raw_affiliation_string":"SAP Security Research, France","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062775344","display_name":"Tolga \u00dcnl\u00fc","orcid":"https://orcid.org/0000-0001-9525-1408"},"institutions":[{"id":"https://openalex.org/I877506347","display_name":"Abertay University","ror":"https://ror.org/04mwwnx67","country_code":"GB","type":"education","lineage":["https://openalex.org/I877506347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Tolga Unlu","raw_affiliation_strings":["Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom","Division of Cyber Security, School of Design and Informatics, Abertay University, Dundee, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom","institution_ids":["https://openalex.org/I877506347"]},{"raw_affiliation_string":"Division of Cyber Security, School of Design and Informatics, Abertay University, Dundee, United Kingdom","institution_ids":["https://openalex.org/I877506347"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008559767","display_name":"C\u00e9dric H\u00e9bert","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cedric Hebert","raw_affiliation_strings":["SAP Security Research,France","SAP Security Research, France"],"affiliations":[{"raw_affiliation_string":"SAP Security Research,France","institution_ids":[]},{"raw_affiliation_string":"SAP Security Research, France","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046848175","display_name":"Lynsay A. Shepherd","orcid":"https://orcid.org/0000-0002-1082-1174"},"institutions":[{"id":"https://openalex.org/I877506347","display_name":"Abertay University","ror":"https://ror.org/04mwwnx67","country_code":"GB","type":"education","lineage":["https://openalex.org/I877506347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Lynsay A. Shepherd","raw_affiliation_strings":["Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom","Division of Cyber Security, School of Design and Informatics, Abertay University, Dundee, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom","institution_ids":["https://openalex.org/I877506347"]},{"raw_affiliation_string":"Division of Cyber Security, School of Design and Informatics, Abertay University, Dundee, United Kingdom","institution_ids":["https://openalex.org/I877506347"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045795185","display_name":"Natalie Coull","orcid":"https://orcid.org/0000-0003-0681-9888"},"institutions":[{"id":"https://openalex.org/I877506347","display_name":"Abertay University","ror":"https://ror.org/04mwwnx67","country_code":"GB","type":"education","lineage":["https://openalex.org/I877506347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Natalie Coull","raw_affiliation_strings":["Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom","Division of Cyber Security, School of Design and Informatics, Abertay University, Dundee, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom","institution_ids":["https://openalex.org/I877506347"]},{"raw_affiliation_string":"Division of Cyber Security, School of Design and Informatics, Abertay University, Dundee, United Kingdom","institution_ids":["https://openalex.org/I877506347"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053805943","display_name":"Colin Mc Lean","orcid":null},"institutions":[{"id":"https://openalex.org/I877506347","display_name":"Abertay University","ror":"https://ror.org/04mwwnx67","country_code":"GB","type":"education","lineage":["https://openalex.org/I877506347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Colin Mc Lean","raw_affiliation_strings":["Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom","Division of Cyber Security, School of Design and Informatics, Abertay University, Dundee, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Abertay University,Division of Cyber Security, School of Design and Informatics,Dundee,United Kingdom","institution_ids":["https://openalex.org/I877506347"]},{"raw_affiliation_string":"Division of Cyber Security, School of Design and Informatics, Abertay University, Dundee, United Kingdom","institution_ids":["https://openalex.org/I877506347"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5101821772"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.8699,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.92243552,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"31","last_page":"43"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.8653011322021484},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.8345240950584412},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.727751612663269},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7100563049316406},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6608545184135437},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.6383457779884338},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6027559638023376},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5273692607879639},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5196170210838318},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.4981422424316406},{"id":"https://openalex.org/keywords/security-awareness","display_name":"Security awareness","score":0.4543241560459137},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4384543299674988},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.37043601274490356},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.34813743829727173},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3263697624206543},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.21638712286949158},{"id":"https://openalex.org/keywords/search-engine","display_name":"Search engine","score":0.10003605484962463}],"concepts":[{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.8653011322021484},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.8345240950584412},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.727751612663269},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7100563049316406},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6608545184135437},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.6383457779884338},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6027559638023376},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5273692607879639},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5196170210838318},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.4981422424316406},{"id":"https://openalex.org/C2778652015","wikidata":"https://www.wikidata.org/wiki/Q7445019","display_name":"Security awareness","level":3,"score":0.4543241560459137},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4384543299674988},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.37043601274490356},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.34813743829727173},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3263697624206543},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.21638712286949158},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.10003605484962463},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/spw54247.2022.9833858","is_oa":false,"landing_page_url":"https://doi.org/10.1109/spw54247.2022.9833858","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Security and Privacy Workshops (SPW)","raw_type":"proceedings-article"},{"id":"pmh:oai:rke.abertay.ac.uk:openaire_cris_publications/6cfc29eb-7dfc-4285-924c-9fe1c6074d10","is_oa":true,"landing_page_url":"https://rke.abertay.ac.uk/en/publications/6cfc29eb-7dfc-4285-924c-9fe1c6074d10","pdf_url":null,"source":{"id":"https://openalex.org/S4306402526","display_name":"Abertay Research Portal (Abertay University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I877506347","host_organization_name":"Abertay University","host_organization_lineage":["https://openalex.org/I877506347"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"Sahin , M , \u00dcnl\u00fc , T , Hebert , C , Shepherd , L A , Coull , N &amp; McLean , C 2022 , Measuring developers\u2019 web security awareness from attack and defense perspectives . in L O'Conner (ed.) , 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022 : proceedings . , 9833858 , IEEE Security and Privacy Workshops , Piscataway, NJ , pp. 31-43 , Third Workshop of Designing Security for the Web , San Francisco , United States , 26/05/22 . https://doi.org/10.1109/SPW54247.2022.9833858","raw_type":"contributionToPeriodical"}],"best_oa_location":{"id":"pmh:oai:rke.abertay.ac.uk:openaire_cris_publications/6cfc29eb-7dfc-4285-924c-9fe1c6074d10","is_oa":true,"landing_page_url":"https://rke.abertay.ac.uk/en/publications/6cfc29eb-7dfc-4285-924c-9fe1c6074d10","pdf_url":null,"source":{"id":"https://openalex.org/S4306402526","display_name":"Abertay Research Portal (Abertay University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I877506347","host_organization_name":"Abertay University","host_organization_lineage":["https://openalex.org/I877506347"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"Sahin , M , \u00dcnl\u00fc , T , Hebert , C , Shepherd , L A , Coull , N &amp; McLean , C 2022 , Measuring developers\u2019 web security awareness from attack and defense perspectives . in L O'Conner (ed.) , 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022 : proceedings . , 9833858 , IEEE Security and Privacy Workshops , Piscataway, NJ , pp. 31-43 , Third Workshop of Designing Security for the Web , San Francisco , United States , 26/05/22 . https://doi.org/10.1109/SPW54247.2022.9833858","raw_type":"contributionToPeriodical"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.46000000834465027}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W125279808","https://openalex.org/W1999436718","https://openalex.org/W2183348589","https://openalex.org/W2212216914","https://openalex.org/W2511044583","https://openalex.org/W2541261609","https://openalex.org/W2585818648","https://openalex.org/W2604400213","https://openalex.org/W2750778058","https://openalex.org/W2766667285","https://openalex.org/W2799202976","https://openalex.org/W2888959482","https://openalex.org/W2909425896","https://openalex.org/W2963762781","https://openalex.org/W2971162126","https://openalex.org/W3008836990","https://openalex.org/W3022792526","https://openalex.org/W3030213528","https://openalex.org/W3046819152","https://openalex.org/W3101007135","https://openalex.org/W3103824570","https://openalex.org/W3158912279","https://openalex.org/W3162923072","https://openalex.org/W3190536237","https://openalex.org/W3206830212","https://openalex.org/W3214939043","https://openalex.org/W6605031466","https://openalex.org/W6688229325","https://openalex.org/W6754277020","https://openalex.org/W6767466676"],"related_works":["https://openalex.org/W4256450364","https://openalex.org/W3092270246","https://openalex.org/W1968406821","https://openalex.org/W4492996","https://openalex.org/W2610725969","https://openalex.org/W3011173831","https://openalex.org/W2037704314","https://openalex.org/W4287884605","https://openalex.org/W2787553796","https://openalex.org/W2501929767"],"abstract_inverted_index":{"Web":[0],"applications":[1],"are":[2,92,127],"the":[3,25,32,48,81,86,100,131,167],"public-facing":[4],"components":[5],"of":[6,19,27,47,61,88,125,130,140,153,166],"information":[7],"systems,":[8],"which":[9],"makes":[10],"them":[11,41],"an":[12,141],"easy":[13],"entry":[14],"point":[15],"for":[16,40],"various":[17],"types":[18,87],"attacks.":[20],"While":[21],"it":[22,36],"is":[23],"often":[24,93],"responsibility":[26],"web":[28,62,118],"developers":[29,126],"to":[30,42,54,79,104,107,134],"implement":[31],"proper":[33],"security":[34,89],"controls,":[35],"remains":[37],"a":[38,44,59,77,98,116,150,163],"challenge":[39,102],"develop":[43],"good":[45],"understanding":[46],"whole":[49],"attack":[50,63,83,111,146,168],"surface.This":[51],"paper":[52],"aims":[53],"understand":[55,80],"developers\u2019":[56,145],"familiarity":[57],"with":[58],"number":[60],"and":[64,85,136,159],"defense":[65],"mechanisms.":[66],"In":[67],"particular,":[68],"we":[69,75,96],"conducted":[70],"two":[71],"different":[72],"experiments:":[73],"First,":[74],"employed":[76],"questionnaire":[78],"perceived":[82],"surface":[84],"controls":[90],"that":[91,122],"considered.":[94],"Second,":[95],"designed":[97],"Capture":[99],"Flag":[101],"aiming":[103],"push":[105],"participants":[106],"discover":[108],"as":[109,113,156],"many":[110],"points":[112],"possible":[114],"on":[115,149],"given":[117],"application.":[119],"We":[120],"found":[121],"one":[123],"third":[124],"not":[128],"aware":[129],"clients\u2019":[132],"ability":[133],"intercept":[135],"modify":[137],"all":[138],"parts":[139],"HTTP":[142],"request.":[143],"Moreover,":[144],"awareness":[147],"focuses":[148],"limited":[151],"set":[152],"attacks":[154],"(such":[155],"Cross-site":[157],"scripting":[158],"SQL":[160],"injection),":[161],"overlooking":[162],"large":[164],"part":[165],"surface.":[169]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}