Abstract:
As higher education institutions (HEIs)
increasingly rely on web-based platforms for aca
demic, administrative, and communication purposes,
they face growing exposure to cybersecurity threats
that endanger data integrity and institutional op
erations. In Sri Lankan state universities, this digi
tal shift has revealed significant vulnerabilities, in
cluding limited user awareness, weak technical safe
guards, and inadequate institutional support. This
study examines the current state of web application
security within Sri Lankan HEIs through a compre
hensive assessment of staff awareness, security prac
tices, organizational support, and technical measures.
A mixed-method approach was used, combining doc
ument analysis of global and local cybersecurity
frameworks, a staff survey, and expert validation to
develop a context-specific security guideline. Find
ings show that although cybersecurity awareness
among staff is moderate to high, it does not consis
tently lead to secure behavior or effective technical
implementation. Additionally, gaps in institutional
policies, leadership involvement, and resource al
location hinder sustainable security practices. To
address these issues, a tailored security guideline
was developed and presented as a web-based ap
plication, integrating international best practices
with local needs. Validated by domain experts, the
proposed framework provides practical direction for
strengthening web application security, promoting
awareness, and building long-term cybersecurity re
silience across the higher education sector in Sri
Lanka.
