Development of Tailored Security Guidelines and Strategies to Improve Web Application Security in Sri Lankan State Universities

Abstract

As higher education institutions (HEIs) increasingly rely on web-based platforms for aca demic, administrative, and communication purposes, they face growing exposure to cybersecurity threats that endanger data integrity and institutional op erations. In Sri Lankan state universities, this digi tal shift has revealed significant vulnerabilities, in cluding limited user awareness, weak technical safe guards, and inadequate institutional support. This study examines the current state of web application security within Sri Lankan HEIs through a compre hensive assessment of staff awareness, security prac tices, organizational support, and technical measures. A mixed-method approach was used, combining doc ument analysis of global and local cybersecurity frameworks, a staff survey, and expert validation to develop a context-specific security guideline. Find ings show that although cybersecurity awareness among staff is moderate to high, it does not consis tently lead to secure behavior or effective technical implementation. Additionally, gaps in institutional policies, leadership involvement, and resource al location hinder sustainable security practices. To address these issues, a tailored security guideline was developed and presented as a web-based ap plication, integrating international best practices with local needs. Validated by domain experts, the proposed framework provides practical direction for strengthening web application security, promoting awareness, and building long-term cybersecurity re silience across the higher education sector in Sri Lanka.