Security testing challenges of web developers in the Lagos, Nigeria IT industry.
Ajayi, Moyinoluwa Ibukunoluwa.
MetadataShow full item record
Web applications are instrumental for businesses. Due to the susceptible nature of the internet, which is their main operating environment, many vulnerabilities that compromise web applications are constantly reported. Despite these vulnerabilities, there is a huge pressure on web development teams to build applications to meet business demands. This leads to compromise in the quality and security testing process integrated into the development life cycle. Related studies have revealed that although there are many frameworks and tools to support Security testing, many of these developed frameworks and tools are often poorly adopted and are thus found ineffective. Studies have also revealed that in Nigeria, a huge amount of money is lost annually to software importation from foreign countries due to the low quality of indigenously-developed applications in the Information Technology industry. This study investigates the practice of security testing among web development teams in the Information Technology industry in Lagos in Nigeria, and the factors that affect its actual usage. Three companies were randomly selected for the study, and both quantitative and qualitative research methods were used. A conceptual framework adapted from the technology acceptance model was used to guide the data collection instruments. The quantitative research method involved statistical analysis of eighty-two responses to the closed-ended Likert-type questionnaire. The qualitative research method involved using the data obtained from the interviews conducted with eight industry experts. Findings from the study revealed three basic approaches to security testing used by web development teams in Lagos, Nigeria. Perceived usefulness, perceived ease of use and behavioural intention were significant constructs of the conceptual framework that predict the use of security testing among web developers in Lagos, Nigeria. Factors found to affect the effective usage of security testing techniques were human resources, project constraints, and ethical and compliance factors. To improve the usage of security testing, more awareness, training and technical support are required for development teams. Furthermore, ethical and compliance policies need to be provided by regulatory bodies in the industry to guide the security testing process for teams. Project timelines should also be made flexible to give room for adequate security testing implementation in the Software development life cycle.