XSS for the Masses: Integrating Security in a Web Programming Course
using a Security Scanner
- URL: http://arxiv.org/abs/2204.12416v1
- Date: Tue, 26 Apr 2022 16:20:36 GMT
- Title: XSS for the Masses: Integrating Security in a Web Programming Course
using a Security Scanner
- Authors: Lwin Khin Shar, Christopher M. Poskitt, Kyong Jin Shim, Li Ying
Leonard Wong
- Abstract summary: Cybersecurity education is an important part of undergraduate computing curricula.
Many institutions teach it only in dedicated courses or tracks.
An alternative approach is to integrate cybersecurity concepts across non-security courses.
- Score: 3.387494280613737
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Cybersecurity education is considered an important part of undergraduate
computing curricula, but many institutions teach it only in dedicated courses
or tracks. This optionality risks students graduating with limited exposure to
secure coding practices that are expected in industry. An alternative approach
is to integrate cybersecurity concepts across non-security courses, so as to
expose students to the interplay between security and other sub-areas of
computing. In this paper, we report on our experience of applying the security
integration approach to an undergraduate web programming course. In particular,
we added a practical introduction to secure coding, which highlighted the OWASP
Top 10 vulnerabilities by example, and demonstrated how to identify them using
out-of-the-box security scanner tools (e.g. ZAP). Furthermore, we incentivised
students to utilise these tools in their own course projects by offering bonus
marks. To assess the impact of this intervention, we scanned students' project
code over the last three years, finding a reduction in the number of
vulnerabilities. Finally, in focus groups and a survey, students shared that
our intervention helped to raise awareness, but they also highlighted the
importance of grading incentives and the need to teach security content
earlier.
Related papers
- Global Challenge for Safe and Secure LLMs Track 1 [57.08717321907755]
The Global Challenge for Safe and Secure Large Language Models (LLMs) is a pioneering initiative organized by AI Singapore (AISG) and the CyberSG R&D Programme Office (CRPO)
This paper introduces the Global Challenge for Safe and Secure Large Language Models (LLMs), a pioneering initiative organized by AI Singapore (AISG) and the CyberSG R&D Programme Office (CRPO) to foster the development of advanced defense mechanisms against automated jailbreaking attacks.
arXiv Detail & Related papers (2024-11-21T08:20:31Z) - Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication.
Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z) - Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report [1.099532646524593]
Training new cybersecurity professionals is a challenging task due to the broad scope of the area.
We propose a solution: integrating a real-world bug bounty programme into cybersecurity curriculum.
We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course.
arXiv Detail & Related papers (2024-04-18T09:53:49Z) - Software Repositories and Machine Learning Research in Cyber Security [0.0]
The integration of robust cyber security defenses has become essential across all phases of software development.
Attempts have been made to leverage topic modeling and machine learning for the detection of these early-stage vulnerabilities in the software requirements process.
arXiv Detail & Related papers (2023-11-01T17:46:07Z) - Cybersecurity as a Crosscutting Concept Across an Undergrad Computer
Science Curriculum: An Experience Report [1.6317061277457001]
We advocate to integrate cybersecurity as a crosscutting concept in Computer Science curricula.
The security education was incorporated within CS courses using a partnership between the responsible course instructor and a security expert.
We conducted a post-course survey to collect student perceptions, and semi-supervised interviews with responsible course instructors and the security expert to gauge their experience.
arXiv Detail & Related papers (2023-10-11T16:07:42Z) - Teaching DevOps Security Education with Hands-on Labware: Automated Detection of Security Weakness in Python [4.280051038571455]
We introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses.
To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and post lab sections.
arXiv Detail & Related papers (2023-08-14T16:09:05Z) - Want to Raise Cybersecurity Awareness? Start with Future IT
Professionals [0.4893345190925178]
Our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public.
The course offers simple, actionable steps that anyone can use to implement defensive countermeasures.
To measure the course impact, we administered it to 138 computer science undergraduates within a compulsory information security and cryptography course.
arXiv Detail & Related papers (2023-07-14T20:07:27Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - Learning Barrier Certificates: Towards Safe Reinforcement Learning with
Zero Training-time Violations [64.39401322671803]
This paper explores the possibility of safe RL algorithms with zero training-time safety violations.
We propose an algorithm, Co-trained Barrier Certificate for Safe RL (CRABS), which iteratively learns barrier certificates, dynamics models, and policies.
arXiv Detail & Related papers (2021-08-04T04:59:05Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.