Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

Gamifying Cybersecurity Course Content for Entry Level Students

The growing shortage of skilled professionals in cybersecurity and forensics has increased global demand for information systems professionals. In an effort to identify and attract more students to cybersecurity and forensics programs, the authors developed a game engine along with a GUI-based game creator to generate a sequence of entertaining, engaging, and educational games, suitable for forensics and cybersecurity courses. This multi-partner project is funded in part by the National Science Foundation under Award DUE-1400567. This paper introduces the design and development of a browser-based educational game framework using game-based learning approach. Several digital forensic games will be introduced to demonstrate how students will conduct forensic investigation by following narrative and storylines of the game via interactive dialogs and using real tools and technologies. The GUI-based game creator allows educators to create and develop new educational games in any subject field by only focusing on game content

A Novel Framework to Teach Hands-on Laboratory Exercises in Blockchains

With the growing demand for blockchain developers there are few hands-on labs/ modules available for training current students, the future developer professionals. Our goal is to develop series of hands-on labs that would address every application of blockchain and thus provide practical tools to educate Cybersecurity professionals and equip them to address the cyber security in blockchain. The labs developed will be a part of a new Cyber Security educational framework. There will be a modularized approach to the lab development, to focus development on the skills for each aspect of blockchain and app. The labs will also include integration of all the aspects of blockchain, along with its application. This approach will help students to systematically learn and comprehend the fundamental concepts. The labs would be built based on real-life scenarios, to enhance their ability to understand and solve real-life cybersecurity problems. This integrated approach would expose the students to the cost to risk involved at each stage of the blockchain application, arming them with required information to educate the management

Crafting a Degree, Empowering Students, Securing a Nation: The Creation of a Modern Cyber Security Degree for the 21st Century

To create the next generation of skilled university graduates that would help in filling the national need for cybersecurity, digital forensics, and mobile computing professionals, a team of minority/under-represented graduate students, the University Upward Bound Program (a federally funded program and part of the U.S. Department of Education; one of 967 programs nationwide) staff, and faculty from the Computer Science (CS) department got together and proposed a focused 10-week long funded summer camp for two local high schools with the following objectives: 1. Provide graduate students to instruct in the areas of` mobile application development, forensics and cyber Security 2. Provide CS one-on-one mentors for students while conducting their work-based learning experience in Computer Science 3. Assign hands-on interdisciplinary projects that emphasize the importance of STEM fields when using and developing software applications. 4. Promote and develop soft skills among participants including leadership, communications skills, and teamwork. 5. The proposal was funded, and the summer camps were conducted in the summer of 2019 with participation of more than 40 students from two local high schools. 6. The paper will present our efforts in each of the above areas: 7. The criteria/application/selection of high school student based on interest and needs. 8. The criteria/specification for purchased equipment 9. The selection and hiring of graduate students as instructors who can not only teach, but also serve as role models for the incoming students. 10. The development of course material into two parts: foundational material required by everyone, and specialized material where the student selects his/her area of interest. Presented results will show how the summer-camps benefited the students through the focused instruction given by graduate students, and how the students gained valuable knowledge and problem-solving skills in certain STEM fields. 11. The mentorship provided by the CS faculty to the instructors and the students through scheduled visits and agile approach for the software projects assigned. 12. The development of soft skills: how the planned social activities helped in honing the students software skills and allowed them to interact with people from all over the world (through faculty mentorship, conference attendance, project presentation), and prepared them academically and socially for their upcoming university experience. By presenting our study, we hope that other institutions who are considering summer camps can benefit from our experience by adopting best practices while avoiding pitfall

Web Based Cyber Forensics Training For Law Enforcement

Training and education are two of the most important aspects within cyber forensics. These topics have been of concern since the inception of the field. Training law enforcement is particularly important to ensure proper execution of the digital forensics process. It is also important because the proliferation of technology in to society continues to grow at an exponential rate. Just as technology is used for good there are those that will choose to use it for criminal gains. It is critical that Law Enforcement have the tools and training in cyber forensics. This research looked to determine if web based training was a feasible platform for cyber forensics training. A group of Indiana State Police Troopers were asked to participate in an online study where they were presented cyber forensics training material. That study showed that there was statistical significance between the treatment groups and the control group. The results from the study showed that web based training is an effective means to train a large group of law enforcement officers

The zombies strike back: Towards client-side beef detection

A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive approaches aimed at hardening network perimeters and detecting common threats based on traffic analysis have not been found successful in the context of BeEF detection. This paper presents a proof-of-concept approach to BeEF detection in its own operating environment – the web browser – based on global context monitoring, abstract syntax tree fingerprinting and real-time network traffic analysis