XSS for the Masses: Integrating Security in a Web Programming Course using a Security Scanner
| العنوان: | XSS for the Masses: Integrating Security in a Web Programming Course using a Security Scanner |
|---|---|
| المؤلفون: | Lwin Khin Shar, Christopher M. Poskitt, Kyong Jin Shim, Li Ying Leonard Wong |
| سنة النشر: | 2022 |
| مصطلحات موضوعية: | Software Engineering (cs.SE), FOS: Computer and information sciences, Computer Science - Computers and Society, Computer Science - Software Engineering, Computer Science - Cryptography and Security, Computers and Society (cs.CY), ComputingMilieux_COMPUTERSANDEDUCATION, Cryptography and Security (cs.CR) |
| الوصف: | Cybersecurity education is considered an important part of undergraduate computing curricula, but many institutions teach it only in dedicated courses or tracks. This optionality risks students graduating with limited exposure to secure coding practices that are expected in industry. An alternative approach is to integrate cybersecurity concepts across non-security courses, so as to expose students to the interplay between security and other sub-areas of computing. In this paper, we report on our experience of applying the security integration approach to an undergraduate web programming course. In particular, we added a practical introduction to secure coding, which highlighted the OWASP Top 10 vulnerabilities by example, and demonstrated how to identify them using out-of-the-box security scanner tools (e.g. ZAP). Furthermore, we incentivised students to utilise these tools in their own course projects by offering bonus marks. To assess the impact of this intervention, we scanned students' project code over the last three years, finding a reduction in the number of vulnerabilities. Finally, in focus groups and a survey, students shared that our intervention helped to raise awareness, but they also highlighted the importance of grading incentives and the need to teach security content earlier. Accepted by the 27th annual conference on Innovation and Technology in Computer Science Education (ITiCSE 2022) |
| اللغة: | English |
| URL الوصول: | https://explore.openaire.eu/search/publication?articleId=doi_dedup___::dd7c06676ee42ab8f93c8bc75f95f862 http://arxiv.org/abs/2204.12416 |
| حقوق: | OPEN |
| رقم الأكسشن: | edsair.doi.dedup.....dd7c06676ee42ab8f93c8bc75f95f862 |
| قاعدة البيانات: | OpenAIRE |
| الوصف غير متاح. |