We believe security in web development is a main concern, as the resources that constitute the web application can be potentially accessed by many users over untrusted networks.
To help with this, the Java EE framework provides the developers with the means to specify access-control policies in order to assure the confidentiality and integrity properties of the resources exposed by web applications.
We have prepared a short survey to shed some light on 1) the importance of security aspects according to Java web developers 2) how they define and use the access-control mechanisms to manage them 3) the main security properties they consider when doing it.
The survey is anonymous, comprises 16 questions and takes no more than 10 minutes. It is addressed to anyone with some experience on Java-based web development. The results of the survey will be made publicly available on this blog in the following months.
Help us (the researchers) to help you by answering the survey so that we can then target our security analysis algorithms to what you need! (feel free to check what we have done so far for the security analysis of firewall configurations, databases or CMSs)