Projektarbeit Developer Centered Security

Students can send a short exposé (about two pages) as an application to the supervisor who is working on similar topics. Students can apply with their own Ideas, and we will publish a list of potential topics soon. Deadline for application is 02.10.2023.

Stefan Horstmann (he/him) (LINK)

Stefan supervises projects on the topic of Developer Centered Security with a focus on Privacy and Privacy by Design.

Test Usability of Privacy Guidelines for Developers

With privacy laws like the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), software developers are expected to develop software in accordance with those laws. However, as most developers are not privacy experts, governments and security organizations often publish guidelines, common risks, and advice for software developers to guide them during the programming process [1]. It is, however, unclear if those information sources are well known to developers and formulated in an understandable way [2]. Your tasks in this lab would be to compare the information publicly available for developers, comparing them, and create a study to test their usability.


[1] Accessed: September 2023

[2] Senarath, Awanthika, and Nalin AG Arachchilage. „Why developers cannot embed privacy into software systems? An empirical investigation.“ Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018. 2018.

Houda Naji (she/her) (LINK)

Houda supervises projects on the topic of Developer Centered Security with a focus on software developers and security. She investigates how software developers deal with security topics within an organization.

Raphael Serafini (he/him) (LINK)

Raphael supervises projects with a focus on the influence of study factors on the willingness of software developers to participate in developer studies. In addition, he is investigating the differences between professional and non-professional software developers in terms of security awareness and skill and other factors.

Exploring Perceptions of Resource Requirements in Secure Programming – Questionnaire Development and Pilot Study

Objective: Your task is to design a questionnaire focused on exploring how individuals perceive resource requirements in secure programming compared to functional programming.
Key Responsibilities:
  1. Questionnaire Development: Develop a questionnaire that assesses participants‘ perceptions, attitudes, and self-assessment related to secure programming versus functional programming.
  2. Questionnaire Pilot Testing: Pilot the questionnaire with a small group of developers to assess its clarity, relevance, and effectiveness. Suggest necessary revisions based on the pilot results.
  3. Data Analysis: Analyze the pilot study results, even if they are limited, to gain preliminary insights into participants‘ perceptions. Summarize your findings in a brief report.
  4. Documentation: Provide documentation explaining the rationale behind each question in the questionnaire and how they relate to the research objectives.

Asli Yardim (she/they) (LINK)

Asli supervises projects on the topic of Developer Centered Security with a focus on security and Security by Design.

Further info on the Projektarbeit:

Die Projektarbeit wird jedes Wintersemester im Master IT-Sicherheit angeboten. Die Projektarbeit kann ein Pfilchtpraktikum ersetzen.

Lernziele (Learning Outcomes)

Methodik zur Benutzbarkeitanalyse von Anwendungsschnittstellen anwenden sowie Labor- und Onlinestudien mit Softwareentwicklern und Administratoren durchführen können. Sichere und benutzerfreundliche Anwendungsschnittstellen entwickeln und beurteilen können.


Das Forschungspraktikum ermöglicht Studenten das angeeignete Wissen aus der gleichnamigen Vorlesung, die im SS angeboten wird, in eigenen Projekten umzusetzen.


Projektarbeit, studienbegleitend.


Erstellen einer wissenschaftlichen Ausarbeitung und das Halten eines Vortrages.


  • Green, Matthew, and Matthew Smith. „Developers are Not the Enemy!: The Need for Usable Security APIs.“ IEEE Security & Privacy 14.5 (2016): 40-46.
  • Naiakshina, Alena, et al. „On Conducting Security Developer Studies with CS Students: Examining a Password-Storage Study with CS Students, Freelancers, and Company Developers.“ Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. 2020.
  • Danilova, Anastasia, et al. „Do you really code? Designing and Evaluating Screening Questions for Online Surveys with Programmers.“ 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). IEEE, 2021.