Investigating attack-aware web applications - developer attack-awareness survey results

This is the dataset that accompanies the chapter in Tolga Ünlü's PhD thesis titled "Questionnaire-based Survey on Developers’ Attack-Awareness".

Additionally, a subset of the data was presented in the following manuscript: Sahin, M., Ünlü, T., Hébert, C., Shepherd, L.A., Coull, N. and Mc Lean, C., 2022, May. Measuring developers’ web security awareness from attack and defense perspectives. In 2022 IEEE Security and Privacy Workshops (SPW) (pp. 31-43). IEEE

A Questionnaire-based survey was conducted, including three sections of questions covering demographics, participants familiarity with security controls, especially input validation controls, whether they understand attack attempts and what part of a HTTP request is under a clients’ control. A scenario was provided to evaluate the participants’ awareness of attack attempts indicated by input validation failures. The participants’ responses have been analysed to understand how various aspects of input validation controls (e.g., the type of validations performed, the parts of a HTTP request that are validated) are considered which can impact how and whether developers can integrate attack-awareness capabilities.