English

A Survey of Web Application Security Tutorials

Cryptography and Security 2026-03-24 v1 Software Engineering

Abstract

Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials come from vendors and emphasize high-level explanations over concrete implementation guidance. Few tutorials provide complete runnable code examples or direct links to authoritative security resources such as the Open Web Application Security Project (OWASP), Common Weakness Enumeration (CWE), or Common Vulnerabilities and Exposures (CVE). We found that two visible signals help identify more useful tutorials: the presence of runnable code and direct links to official resources. These signals can help developers distinguish broad awareness material from tutorials that better support secure implementation.

Keywords

Cite

@article{arxiv.2603.21556,
  title  = {A Survey of Web Application Security Tutorials},
  author = {Bhagya Chembakottu and Martin P. Robillard},
  journal= {arXiv preprint arXiv:2603.21556},
  year   = {2026}
}
R2 v1 2026-07-01T11:32:41.954Z