{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T00:06:13Z","timestamp":1770768373681,"version":"3.50.0"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031783852","type":"print"},{"value":"9783031783869","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T00:00:00Z","timestamp":1732665600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T00:00:00Z","timestamp":1732665600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-78386-9_9","type":"book-chapter","created":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T16:44:30Z","timestamp":1733071470000},"page":"123-138","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Guidelines for\u00a0Supporting Software Engineers in\u00a0Developing Secure Web Applications"],"prefix":"10.1007","author":[{"given":"Klara","family":"Svensson","sequence":"first","affiliation":[]},{"given":"Drake","family":"Axelrod","sequence":"additional","affiliation":[]},{"given":"Mazen","family":"Mohamad","sequence":"additional","affiliation":[]},{"given":"Rebekka","family":"Wohlrab","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,11,27]]},"reference":[{"key":"9_CR1","doi-asserted-by":"crossref","unstructured":"Acar, Y., Stransky, C., Wermke, D., Weir, C., Mazurek, M.L., Fahl, S.: Developers need support, too: a survey of security advice for software developers. In: SecDev, pp. 22\u201326. IEEE (2017)","DOI":"10.1109\/SecDev.2017.17"},{"key":"9_CR2","doi-asserted-by":"crossref","unstructured":"Akbar, M.A., Smolander, K., Mahmood, S., Alsanad, A.: Toward successful DevSecOps in software development organizations: a decision-making framework. Inf. Softw. Technol. 147 (2022)","DOI":"10.1016\/j.infsof.2022.106894"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Assal, H., Chiasson, S.: Think secure from the beginning: a survey with software developers. In: CHI 2019, pp. 1\u201313 (2019)","DOI":"10.1145\/3290605.3300519"},{"issue":"11","key":"9_CR4","first-page":"38","volume":"4","author":"DS Battina","year":"2017","unstructured":"Battina, D.S.: Best practices for ensuring security in Devops: a case study approach. Int. J. Innov. Eng. Res. Technol. 4(11), 38\u201345 (2017)","journal-title":"Int. J. Innov. Eng. Res. Technol."},{"key":"9_CR5","unstructured":"Strom, B.E., Applebaum, A., et al.: MITRE ATT &CK: design and Philosophy. The MITRE Corporation, Tech. rep. (2018)"},{"key":"9_CR6","doi-asserted-by":"publisher","unstructured":"Easterbrook, S., Singer, J., Storey, M.A., Damian, D.: Selecting Empirical Methods for Software Engineering Research, pp. 285\u2013311. Springer London (2008). https:\/\/doi.org\/10.1007\/978-1-84800-044-5_11","DOI":"10.1007\/978-1-84800-044-5_11"},{"key":"9_CR7","unstructured":"Ellison, R.J., Goodenough, J.B., Weinstock, C.B., Woody, C.: Evaluating and mitigating software supply chain security risks. Tech. Rep. CMU\/SEI-2010-TN-016 (2010)"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Espinha\u00a0Gasiba, T., Beckers, K., Suppan, S., Rezabek, F.: On the requirements for serious games geared towards software developers in the industry. In: RE 2019, pp. 286\u2013296 (2019)","DOI":"10.1109\/RE.2019.00038"},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Futcher, L.: SecSDM: a model for integrating security into the software development life cycle. In: 5th World Conference on Information Security Education, pp. 41\u201348 (2007)","DOI":"10.1007\/978-0-387-73269-5_6"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Gasiba, T., Lechner, U., Albuquerque, M., Fernandez, D.: Awareness of secure coding guidelines in the industry - a first data analysis. In: TrustCom, pp. 345\u2013352 (2020)","DOI":"10.1109\/TrustCom50675.2020.00055"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Gasiba, T., Lechner, U., Pinto-Albuquerque, M.: CyberSecurity challenges for software developer awareness training in industrial environments. In: Innovation Through Information Systems, pp. 370\u2013387 (2021)","DOI":"10.1007\/978-3-030-86797-3_25"},{"key":"9_CR12","doi-asserted-by":"publisher","first-page":"75","DOI":"10.2307\/25148625","volume":"28","author":"AR Hevner","year":"2004","unstructured":"Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75 (2004)","journal-title":"MIS Q."},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Kalhoro, S., Rehman, M., Ponnusamy, V., Shaikh, F.B.: Extracting key factors of cyber hygiene behaviour among software engineers: a systematic literature review. IEEE Access 9 (2021)","DOI":"10.1109\/ACCESS.2021.3097144"},{"key":"9_CR14","doi-asserted-by":"crossref","unstructured":"Kumar, S., Mahajan, R., Kumar, N., Khatri, S.K.: A study on web application security and detecting security vulnerabilities. In: ICRITO, pp. 451\u2013455 (2017)","DOI":"10.1109\/ICRITO.2017.8342469"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Larsen, K.R., et al.: Validity in design science research. In: Designing for Digital Transformation. Co-Creating Services with Citizens and Industry (2020)","DOI":"10.1007\/978-3-030-64823-7_25"},{"key":"9_CR16","unstructured":"Myagmar, S., Lee, A.J., Yurcik, W.: Threat Modeling as a Basis for Security Requirements. University of Pittsburgh (2005)"},{"issue":"1","key":"9_CR17","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1186\/s13635-019-0092-4","volume":"2019","author":"FD Nembhard","year":"2019","unstructured":"Nembhard, F.D., Carvalho, M.M., Eskridge, T.C.: Towards the application of recommender systems to secure coding. EURASIP J. Inf. Secur. 2019(1), 9 (2019)","journal-title":"EURASIP J. Inf. Secur."},{"issue":"12","key":"9_CR18","first-page":"669","volume":"9","author":"DY Perwej","year":"2021","unstructured":"Perwej, D.Y., Abbas, S.Q., Dixit, J.P., Akhtar, D.N., Jaiswal, A.K.: A systematic literature review on the cyber security. Int. J. Sci. Res. Manag. 9(12), 669 (2021)","journal-title":"Int. J. Sci. Res. Manag."},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Petranovi\u0107, T., \u017dari\u0107, N.: Effectiveness of using OWASP TOP 10 as AppSec standard. In: IT, pp.\u00a01\u20134 (Feb 2023)","DOI":"10.1109\/IT57431.2023.10078626"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Rangnau, T., v.\u00a0Buijtenen, R., Fransen, F., Turkmen, F.: Continuous security testing: a case study on integrating dynamic security testing tools in CI\/CD pipelines. In: EDOC, pp. 145\u2013154 (2020)","DOI":"10.1109\/EDOC49727.2020.00026"},{"key":"9_CR21","unstructured":"Rastogi, A., Nygard, K.: Cybersecurity practices from a software engineering perspective. In: SERP (2017)"},{"key":"9_CR22","doi-asserted-by":"crossref","unstructured":"Siderova, A., Daneva, M., Bukhsh, F.A., Arachchige, J.J.: Security approaches in model-driven engineering for web applications: the state-of-the-art in the last 10 years. In: RE Workshops, pp. 155\u2013163 (2024)","DOI":"10.1109\/REW61692.2024.00026"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Strandberg, P.E.: Ethical Interviews in Software Engineering. In: ESEM 2019, pp. 1\u201311 (2019)","DOI":"10.1109\/ESEM.2019.8870192"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Tahaei, M., Vaniea, K.: A survey on developer-centred security. In: EuroS &PW, pp. 129\u2013138. IEEE (2019)","DOI":"10.1109\/EuroSPW.2019.00021"},{"key":"9_CR25","doi-asserted-by":"crossref","unstructured":"T\u00f3th, R., Bisztray, T., Erdodi, L.: LLMs in web-development: evaluating LLM-generated PHP code unveiling vulnerabilities and limitations. In: SAFECOMP Workshops (2024)","DOI":"10.1007\/978-3-031-68738-9_34"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"Weir, C., Becker, I., Blair, L.: A passion for security: intervening to help software developers. In: ICSE-SEIP, pp. 21\u201330. IEEE (2021)","DOI":"10.1109\/ICSE-SEIP52600.2021.00011"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Wicks, D.: The Coding Manual for Qualitative Researchers (3rd edition). Qual. Res. Organ. Manag. 12(2), 169\u2013170 (2017)","DOI":"10.1108\/QROM-08-2016-1408"}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-78386-9_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T17:02:55Z","timestamp":1733072575000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-78386-9_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,27]]},"ISBN":["9783031783852","9783031783869"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-78386-9_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,27]]},"assertion":[{"value":"27 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tartu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Estonia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conf.researchr.org\/home\/profes-2024","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}