Play to secure: gamified platform for secure web development

dc.contributor.advisorChowdhury, Farida
dc.contributor.authorChowdhury, Inan Karim
dc.contributor.authorMimu, Mimia Mozammel
dc.contributor.authorSal-Sabil
dc.contributor.authorMullick, Ayaz Elahi
dc.contributor.authorChowdhury, Faiyaz Ahmed
dc.date.accessioned2026-04-22T05:08:40Z
dc.date.available2026-04-22T05:08:40Z
dc.date.issued2026-01
dc.descriptionCataloged from PDF version of thesis.
dc.descriptionIncludes bibliographical references (pages 132-138).
dc.descriptionThis thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science and Engineering, 2026.
dc.description.abstractNovice developers often focus on quick progress and fast learning at the intermediary stage of web development, commonly disregarding the security aspects that need to be considered. Many are not aware of key concepts such as input validation, parameterized queries, and access control, which have adverse consequences such as leakage of confidential information and loss of reputation. To explore this further, we conducted 32 semi-structured interviews of Bangladeshi developers at novice, mid, and senior levels working across both large and small enterprises. The interviews were then transcribed, coded, and analysed using thematic analysis. Our interview findings include several themes: developers frequently make tradeoffs between functionality and security, code reviews are vital in ensuring safe coding practices, and, while in the learning process, security concepts need to be taught in an effective and motivating manner. We have developed and designed a narrative-based gamified learning platform using the Octalysis framework to improve learning motivation. The platform promotes security awareness and embeds security as a fundamental competency alongside development skills. The learning content is structured around seven common web security attacks, presented as progressive challenges within the game narrative. The gamified solution was evaluated through the application of the MEEGA+ model with a sample size of 30 participants. The IRT analysis classified the gamified platform as GOOD QUALITY with a mean θ score of 60.11 (42.5 ≤ θ < 65). This shows that the gamified solution successfully meets the requirement for an effective and motivating security education for novice developers.
dc.identifier.otherID 22101377
dc.identifier.otherID 22101088
dc.identifier.otherID 22101376
dc.identifier.otherID 22101069
dc.identifier.otherID 22101848
dc.identifier.otherhttps://dspace.bracu.ac.bd/server/api/core/items/25ee147b-e857-455d-9dd0-9a674256a6f0
dc.identifier.urihttp://hdl.handle.net/10361/28015
dc.language.isoen
dc.publisherBRAC University
dc.sourceBRAC University Institutional Repository
dc.subjectDom clobbering
dc.subjectClickjacking
dc.subjectGamification
dc.subjectOctalysis
dc.subjectMEEGA+
dc.titlePlay to secure: gamified platform for secure web development
dc.typeThesis

Files

Original bundle

Now showing 1 - 1 of 1
Thumbnail Image
Name:
22101377, 22101088, 22101376, 22101069, 22101848_CSE.pdf
Size:
21.95 MB
Format:
Adobe Portable Document Format