Open Access

ARTICLE

Secure Development Methodology for Full Stack Web Applications: Proof of the Methodology Applied to Vue.js, Spring Boot and MySQL

Kevin Santiago Rey Rodriguez, Julián David Avellaneda Galindo, Josep Tárrega Juan, Juan Ramón Bermejo Higuera^*, Javier Bermejo Higuera, Juan Antonio Sicilia Montalvo

School of Engineering and Technology, International University of La Rioja, Avda. de La Paz, 137, Logroño, 26006, La Rioja, Spain

* Corresponding Author: Juan Ramón Bermejo Higuera. Email:

Computers, Materials & Continua 2025, 85(1), 1807-1858. https://doi.org/10.32604/cmc.2025.067127

Received 25 April 2025; Accepted 17 July 2025; Issue published 29 August 2025

Abstract

In today’s rapidly evolving digital landscape, web application security has become paramount as organizations face increasingly sophisticated cyber threats. This work presents a comprehensive methodology for implementing robust security measures in modern web applications and the proof of the Methodology applied to Vue.js, Spring Boot, and MySQL architecture. The proposed approach addresses critical security challenges through a multi-layered framework that encompasses essential security dimensions including multi-factor authentication, fine-grained authorization controls, sophisticated session management, data confidentiality and integrity protection, secure logging mechanisms, comprehensive error handling, high availability strategies, advanced input validation, and security headers implementation. Significant contributions are made to the field of web application security. First, a detailed catalogue of security requirements specifically tailored to protect web applications against contemporary threats, backed by rigorous analysis and industry best practices. Second, the methodology is validated through a carefully designed proof-of-concept implementation in a controlled environment, demonstrating the practical effectiveness of the security measures. The validation process employs cutting-edge static and dynamic analysis tools for comprehensive dependency validation and vulnerability detection, ensuring robust security coverage. The validation results confirm the prevention and avoidance of security vulnerabilities of the methodology. A key innovation of this work is the seamless integration of DevSecOps practices throughout the secure Software Development Life Cycle (SSDLC), creating a security-first mindset from initial design to deployment. By combining proactive secure coding practices with defensive security approaches, a framework is established that not only strengthens application security but also fosters a culture of security awareness within development teams. This hybrid approach ensures that security considerations are woven into every aspect of the development process, rather than being treated as an afterthought.

---

Keywords

---