Skip to main content

A Study on Written Communication About Client-Side Web Security

  • 285 Accesses

Part of the Lecture Notes in Networks and Systems book series (LNNS,volume 647)


Today, web services services are widely used by ordinary people with little technical know-how. End user cybersecurity in web applications has become an essential aspect to consider in web development. One important part of online cybersecurity is the HTTPS protocol that encrypts the web traffic between endpoints. This paper explores how the relevant end user cybersecurity instructions are communicated to users. Using text-focused analysis, we study and assess the cybersecurity instructions online banks and browser vendors provide with regards to HTTPS. We find that security benefits of HTTPS are often exaggerated and can give users a false sense of security.


  • web application security
  • cybersecurity education
  • security guidance

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

  2. 2.

  3. 3.

  4. 4.

  5. 5.

  6. 6.

    Popularity of browsers fetched from Kinsta at on 5th of March, 2021.

  7. 7.

  8. 8.


  1. Carlton, M., Levy, Y.: Expert assessment of the top platform independent cybersecurity skills for non-it professionals. In: SoutheastCon 2015, pp. 1–6. IEEE (2015)

    Google Scholar 

  2. Dandurand, L., Serrano, O.S.: Towards improved cyber security information sharing. In: 2013 5th International Conference on Cyber Conflict (CYCON 2013), pp. 1–16. IEEE (2013)

    Google Scholar 

  3. Farooq, A., Hakkala, A., Virtanen, S., Isoaho, J.: Cybersecurity education and skills: exploring students’ perceptions, preferences and performance in a blended learning initiative. In: 2020 IEEE Global Engineering Education Conference (EDUCON), pp. 1361–1369. IEEE (2020).

  4. Farooq, A., Isoaho, J., Virtanen, S., Isoaho, J.: Information security awareness in educational institution: an analysis of students’ individual factors. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 352–359. IEEE (2015)

    Google Scholar 

  5. Farooq, A., Jeske, D., Isoaho, J.: Predicting students’ security behavior using information-motivation-behavioral skills model. In: IFIP International Conference on ICT Systems Security and Privacy Protection, pp. 238–252. Springer (2019)

    Google Scholar 

  6. Farooq, A., Kakakhel, S.R.U.: Information security awareness: comparing perceptions and training preferences. In: 2013 2nd National Conference on Information Assurance (NCIA), pp. 53–57. IEEE (2013)

    Google Scholar 

  7. Farooq, A., Ndiege, J.R.A., Isoaho, J.: Factors affecting security behavior of Kenyan students: an integration of protection motivation theory and theory of planned behavior. In: 2019 IEEE AFRICON, pp. 1–8. IEEE (2019)

    Google Scholar 

  8. Felt, A.P., Barnes, R., King, A., Palmer, C., Bentzel, C., Tabriz, P.: Measuring \(\{\)HTTPS\(\}\) adoption on the web. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1323–1338 (2017)

    Google Scholar 

  9. Howe, A.E., Ray, I., Roberts, M., Urbanska, M., Byrne, Z.: The psychology of security for the home computer user. In: 2012 IEEE Symposium on Security and Privacy, pp. 209–223. IEEE (2012)

    Google Scholar 

  10. Ion, I., Reeder, R., Consolvo, S.: “... no one can hack my mind”: Comparing expert and non-expert security practices. In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 327–346 (2015)

    Google Scholar 

  11. Kang, R., Dabbish, L., Fruchter, N., Kiesler, S.: “my data just goes everywhere:” user mental models of the internet and implications for privacy and security. In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 39–52 (2015)

    Google Scholar 

  12. Kraus, L., Ukrop, M., Matyas, V., Fiebig, T.: Evolution of SSL/TLS indicators and warnings in web browsers. In: Cambridge International Workshop on Security Protocols, pp. 267–280. Springer (2019)

    Google Scholar 

  13. Krombholz, K., Busse, K., Pfeffer, K., Smith, M., von Zezschwitz, E.: “if https were secure, i wouldn’t need 2fa”-end user and administrator mental models of https. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 246–263. IEEE (2019)

    Google Scholar 

  14. Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Comput. Secur. 25(4), 289–296 (2006)

    CrossRef  Google Scholar 

  15. Laato, S., Farooq, A., Tenhunen, H., Pitkamaki, T., Hakkala, A., Airola, A.: Ai in cybersecurity education-a systematic literature review of studies on cybersecurity moocs. In: 2020 IEEE 20th International Conference on Advanced Learning Technologies (ICALT), pp. 6–10. IEEE (2020).

  16. Li, F., Lu, H., Hou, M., Cui, K., Darbandi, M.: Customer satisfaction with bank services: the role of cloud services, security, e-learning and service quality. Technol. Soc. 64, 101487 (2021)

    CrossRef  Google Scholar 

  17. Li, L., He, W., Xu, L., Ash, I., Anwar, M., Yuan, X.: Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. Int. J. Inf. Manag. 45, 13–24 (2019)

    Google Scholar 

  18. Lombardi, V., Ortiz, S., Phifer, J., Cerny, T., Shin, D.: Behavior control-based approach to influencing user’s cybersecurity actions using mobile news app. In: Proceedings of the 36th Annual ACM Symposium on Applied Computing, pp. 912–915 (2021)

    Google Scholar 

  19. Malar, D.A., Arvidsson, V., Holmstrom, J.: Digital transformation in banking: exploring value co-creation in online banking services in India. J. Glob. Inf. Technol. Manag. 22(1), 7–24 (2019)

    Google Scholar 

  20. Newman, N.: The rise of social media and its impact on mainstream journalism (2009)

    Google Scholar 

  21. Rauti, S.: A survey on countermeasures against man-in-the-browser attacks. In: International Conference on Hybrid Intelligent Systems, pp. 409–418. Springer (2019)

    Google Scholar 

  22. Rauti, S., Laato, S.: Location-based games as interfaces for collecting user data. In: World Conference on Information Systems and Technologies, pp. 631–642. Springer (2020)

    Google Scholar 

  23. Rauti, S., Laato, S., Pitkämäki, T.: Man-in-the-browser attacks against IoT devices: a study of smart homes. In: Abraham, A., Ohsawa, Y., Gandhi, N., Jabbar, M., Haqiq, A., McLoone, S., Issac, B. (eds.) Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020), pp. 727–737. Springer International Publishing, Cham (2021)

    Google Scholar 

  24. Shappie, A.T., Dawson, C.A., Debb, S.M.: Personality as a predictor of cybersecurity behavior. Psychol. Popul. Med. Cult. (2019)

    Google Scholar 

  25. Siponen, M., Vance, A.: Neutralization: new insights into the problem of employee information systems security policy violations. In: MIS Quarterly, pp. 487–502 (2010)

    Google Scholar 

  26. Wu, J., Zappala, D.: When is a tree really a truck? Exploring mental models of encryption. In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pp. 395–409 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Sampsa Rauti .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rauti, S., Laato, S., Farooq, A. (2023). A Study on Written Communication About Client-Side Web Security. In: Abraham, A., Hong, TP., Kotecha, K., Ma, K., Manghirmalani Mishra, P., Gandhi, N. (eds) Hybrid Intelligent Systems. HIS 2022. Lecture Notes in Networks and Systems, vol 647. Springer, Cham.

Download citation