🤖 AI Summary
This study addresses the low industrial adoption of secure web application coding practices by systematically analyzing organizational, educational, and technical barriers. Methodologically, it develops a structured threat classification framework grounded in OWASP Top 10, integrating DevSecOps and cloud security contexts; conducts a comparative analysis of secure coding practices across mainstream web frameworks; and—novelly—empirically evaluates large language models (LLMs) on vulnerability detection and secure code generation for four critical vulnerability classes: SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and insecure deserialization. The approach combines systematic literature review, threat modeling, framework-level comparative analysis, and LLM-driven empirical evaluation. Results demonstrate LLMs’ measurable efficacy—and clear limitations—in automated vulnerability identification and remediation suggestion. The work delivers an integrable, intelligent secure coding assistance framework, offering practitioners, educators, and researchers actionable insights to enhance secure development efficiency and inform future AI-augmented security tooling.
📝 Abstract
Secure coding is a critical yet often overlooked practice in software development. Despite extensive awareness efforts, real-world adoption remains inconsistent due to organizational, educational, and technical barriers. This paper provides a comprehensive review of secure coding practices across major frameworks and domains, including web development, DevSecOps, and cloud security. It introduces a structured framework comparison and categorizes threats aligned with the OWASP Top 10. Additionally, we explore the rising role of Large Language Models (LLMs) in evaluating and recommending secure code, presenting a reproducible case study across four major vulnerability types. This paper offers practical insights for researchers, developers, and educators on integrating secure coding into real-world development processes.