Secure coding for web applications: Frameworks, challenges, and the role of LLMs

TL;DR

This paper reviews secure coding practices in web applications, compares frameworks, discusses challenges, and explores how Large Language Models can assist in identifying and recommending secure code solutions.

Contribution

It provides a structured comparison of secure coding frameworks, categorizes threats, and investigates the application of LLMs in vulnerability detection and secure code recommendation.

Findings

LLMs can effectively evaluate and suggest secure code for various vulnerabilities.

A structured framework comparison aids in understanding secure coding practices.

Case study demonstrates LLMs' potential in improving secure coding in real-world scenarios.

Abstract

Secure coding is a critical yet often overlooked practice in software development. Despite extensive awareness efforts, real-world adoption remains inconsistent due to organizational, educational, and technical barriers. This paper provides a comprehensive review of secure coding practices across major frameworks and domains, including web development, DevSecOps, and cloud security. It introduces a structured framework comparison and categorizes threats aligned with the OWASP Top 10. Additionally, we explore the rising role of Large Language Models (LLMs) in evaluating and recommending secure code, presenting a reproducible case study across four major vulnerability types. This paper offers practical insights for researchers, developers, and educators on integrating secure coding into real-world development processes.