Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report
- URL: http://arxiv.org/abs/2404.12043v1
- Date: Thu, 18 Apr 2024 09:53:49 GMT
- Title: Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report
- Authors: Kamil Malinka, Anton Firc, Pavel Loutocký, Jakub Vostoupal, Andrej Krištofík, František Kasl,
- Abstract summary: Training new cybersecurity professionals is a challenging task due to the broad scope of the area.
We propose a solution: integrating a real-world bug bounty programme into cybersecurity curriculum.
We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course.
- Score: 1.099532646524593
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: To keep up with the growing number of cyber-attacks and associated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into cybersecurity curriculum. This innovative approach aims to fill the gap in practical cybersecurity education and also brings additional positive benefits. To evaluate our idea, we include the proposed solution to a secure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively affects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.
Related papers
- A Case Study in Gamification for a Cybersecurity Education Program: A Game for Cryptography [0.0]
Gamification offers an innovative approach to provide practical hands-on experiences.
This paper presents a real-world case study of a gamified cryptography teaching tool.
arXiv Detail & Related papers (2025-02-10T17:36:46Z) - Open Problems in Machine Unlearning for AI Safety [61.43515658834902]
Machine unlearning -- the ability to selectively forget or suppress specific types of knowledge -- has shown promise for privacy and data removal tasks.
In this paper, we identify key limitations that prevent unlearning from serving as a comprehensive solution for AI safety.
arXiv Detail & Related papers (2025-01-09T03:59:10Z) - Applications of Positive Unlabeled (PU) and Negative Unlabeled (NU) Learning in Cybersecurity [0.0]
This paper explores the relatively underexplored application of Positive Unlabeled (PU) Learning and Negative Unlabeled (NU) Learning in the cybersecurity domain.
The paper identifies key areas of cybersecurity--such as intrusion detection, vulnerability management, malware detection, and threat intelligence--where PU/NU learning can offer significant improvements.
We propose future directions to advance the integration of PU/NU learning in cybersecurity, offering solutions that can better detect, manage, and mitigate emerging cyber threats.
arXiv Detail & Related papers (2024-12-09T04:55:10Z) - Attack Atlas: A Practitioner's Perspective on Challenges and Pitfalls in Red Teaming GenAI [52.138044013005]
generative AI, particularly large language models (LLMs), become increasingly integrated into production applications.
New attack surfaces and vulnerabilities emerge and put a focus on adversarial threats in natural language and multi-modal systems.
Red-teaming has gained importance in proactively identifying weaknesses in these systems, while blue-teaming works to protect against such adversarial attacks.
This work aims to bridge the gap between academic insights and practical security measures for the protection of generative AI systems.
arXiv Detail & Related papers (2024-09-23T10:18:10Z) - Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication.
Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z) - Teaching DevOps Security Education with Hands-on Labware: Automated Detection of Security Weakness in Python [4.280051038571455]
We introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses.
To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and post lab sections.
arXiv Detail & Related papers (2023-08-14T16:09:05Z) - Want to Raise Cybersecurity Awareness? Start with Future IT
Professionals [0.4893345190925178]
Our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public.
The course offers simple, actionable steps that anyone can use to implement defensive countermeasures.
To measure the course impact, we administered it to 138 computer science undergraduates within a compulsory information security and cryptography course.
arXiv Detail & Related papers (2023-07-14T20:07:27Z) - XSS for the Masses: Integrating Security in a Web Programming Course
using a Security Scanner [3.387494280613737]
Cybersecurity education is an important part of undergraduate computing curricula.
Many institutions teach it only in dedicated courses or tracks.
An alternative approach is to integrate cybersecurity concepts across non-security courses.
arXiv Detail & Related papers (2022-04-26T16:20:36Z) - Proceedings of the Artificial Intelligence for Cyber Security (AICS)
Workshop at AAAI 2022 [55.573187938617636]
The workshop will focus on the application of AI to problems in cyber security.
Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
arXiv Detail & Related papers (2022-02-28T18:27:41Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.