A Survey of Web Application Security Tutorials
Bhagya Chembakottu, Martin P. Robillard
TL;DR
This survey reviews 132 web application security tutorials, highlighting their focus, quality, and usefulness, and identifies signals like runnable code and official links that indicate more practical and reliable tutorials.
Contribution
It provides a comprehensive analysis of tutorial content, authorship, and quality, and proposes indicators to help developers find more effective security tutorials.
Findings
Most tutorials are vendor-authored and high-level.
Few tutorials include runnable code or official resource links.
Presence of runnable code and official links signals higher quality.
Abstract
Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials come from vendors and emphasize high-level explanations over concrete implementation guidance. Few tutorials provide complete runnable code examples or direct links to authoritative security resources such as the Open Web Application Security Project (OWASP), Common Weakness Enumeration (CWE), or Common Vulnerabilities and Exposures (CVE). We found that two visible signals help identify more useful tutorials: the presence of runnable code and direct links to official resources. These signals can help developers distinguish broad awareness material from tutorials that better support secure implementation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Digital Accessibility for Disabilities · Information and Cyber Security