Secure coding for web applications: Frameworks, challenges, and the role of LLMs

📅 2025-07-29
📈 Citations: 0
Influential: 0
📄 PDF

career value

164K/year
🤖 AI Summary
This study addresses the low industrial adoption of secure web application coding practices by systematically analyzing organizational, educational, and technical barriers. Methodologically, it develops a structured threat classification framework grounded in OWASP Top 10, integrating DevSecOps and cloud security contexts; conducts a comparative analysis of secure coding practices across mainstream web frameworks; and—novelly—empirically evaluates large language models (LLMs) on vulnerability detection and secure code generation for four critical vulnerability classes: SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and insecure deserialization. The approach combines systematic literature review, threat modeling, framework-level comparative analysis, and LLM-driven empirical evaluation. Results demonstrate LLMs’ measurable efficacy—and clear limitations—in automated vulnerability identification and remediation suggestion. The work delivers an integrable, intelligent secure coding assistance framework, offering practitioners, educators, and researchers actionable insights to enhance secure development efficiency and inform future AI-augmented security tooling.

Technology Category

Application Category

📝 Abstract
Secure coding is a critical yet often overlooked practice in software development. Despite extensive awareness efforts, real-world adoption remains inconsistent due to organizational, educational, and technical barriers. This paper provides a comprehensive review of secure coding practices across major frameworks and domains, including web development, DevSecOps, and cloud security. It introduces a structured framework comparison and categorizes threats aligned with the OWASP Top 10. Additionally, we explore the rising role of Large Language Models (LLMs) in evaluating and recommending secure code, presenting a reproducible case study across four major vulnerability types. This paper offers practical insights for researchers, developers, and educators on integrating secure coding into real-world development processes.
Problem

Research questions and friction points this paper is trying to address.

Analyzing secure coding adoption barriers in web development
Comparing frameworks and threats for secure coding practices
Evaluating LLMs' role in detecting and suggesting secure code
Innovation

Methods, ideas, or system contributions that make the work stand out.

Structured framework comparison for secure coding
Categorizes threats aligned with OWASP Top 10
LLMs for evaluating and recommending secure code