Play to secure: gamified platform for secure web development
Date
2026-01
Journal Title
Journal ISSN
Volume Title
Publisher
BRAC University
Abstract
Novice developers often focus on quick progress and fast learning at the intermediary
stage of web development, commonly disregarding the security aspects that
need to be considered. Many are not aware of key concepts such as input validation,
parameterized queries, and access control, which have adverse consequences such as
leakage of confidential information and loss of reputation. To explore this further, we
conducted 32 semi-structured interviews of Bangladeshi developers at novice, mid,
and senior levels working across both large and small enterprises. The interviews
were then transcribed, coded, and analysed using thematic analysis. Our interview
findings include several themes: developers frequently make tradeoffs between functionality
and security, code reviews are vital in ensuring safe coding practices, and,
while in the learning process, security concepts need to be taught in an effective and
motivating manner. We have developed and designed a narrative-based gamified
learning platform using the Octalysis framework to improve learning motivation.
The platform promotes security awareness and embeds security as a fundamental
competency alongside development skills. The learning content is structured around
seven common web security attacks, presented as progressive challenges within the
game narrative. The gamified solution was evaluated through the application of the
MEEGA+ model with a sample size of 30 participants. The IRT analysis classified
the gamified platform as GOOD QUALITY with a mean θ score of 60.11 (42.5 ≤ θ
< 65). This shows that the gamified solution successfully meets the requirement for
an effective and motivating security education for novice developers.
Description
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 132-138).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science and Engineering, 2026.
Includes bibliographical references (pages 132-138).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science and Engineering, 2026.
Keywords
Dom clobbering, Clickjacking, Gamification, Octalysis, MEEGA+
