Cluster Analysis of Security Threats in Web Applications: A Multiphase SDLC Analysis

ABSTRACT Security threats in web applications have increasingly become a major concern, particularly as modern web systems grow more complex and interconnected. Addressing these security challenges requires a comprehensive understanding of how threats are distributed across different phases of the software development life cycle (SDLC) and how various threat categories map to specific SDLC stages. Despite significant research into software security, a systematic and structured review focusing on the hierarchical relationships between SDLC phases, security threat categories, and specific threats remains scarce. This paper aims to fill this gap by conducting a clustering‐based systematic review of security threats in web applications. Using data from existing literature on software security threats, we applied hierarchical clustering, K‐means analysis, and co‐occurrence mapping to identify relationships between SDLC phases (Level 1), security threat categories (Level 2), and specific security threats (Level 3). The findings show that the development phase presents the highest risk, more so to threats like weaknesses in architectural security design and input validation issues. Using clustering techniques, we showed how some of the threats appeared in more than one SDLC stage and classified them within the categories of threats most closely associated with the SDLC stage. Taking into account these factors, we propose recommendations for software development process stakeholders allowing for the implementation of more consistent strategies of threat mitigation through the entire SDLC. Considering these observations, it can be concluded that there is an acute deficiency in development for globalization of software security measures towards web applications to control future security threats.