Can gamification help to teach Cybersecurity?

Over the last decade, there has been an increase in the number of attacks on web applications. The proliferation of these attacks is partially a result of increased adoption of IT systems in organisations and the increasing role digital technologies play in our lives. The success of an attack relies upon the existence of vulnerabilities in the code base and there is consensus within literature that many of these vulnerabilities can be avoided through developers adopting secure code practices and standards which are often not formally taught.Whilst gamification has been shown to be an effective educational tool in fields such as health, education and security awareness, there is a scarcity of research regarding the application of gamification in the context of secure code practices. This paper evaluates the efficacy of a bespoke gamified application in creating awareness and fostering an understanding of the threats and secure coding practices. The application presented in this work focuses on JavaScript with the aim of reducing the number of vulnerabilities in web applications. The analysis is conducted using first and second-year undergraduate participants, who are viewed as the primary target for this software.As part of a participant study involving the application, it was found that gamification elements were effective in increasing user engagement. Initial findings suggest potential for the integration of secure-code gamification in traditional pedagogical methods, but further investigation is required to strengthen this claim.