4 research outputs found

    Secure Coding in Five Steps

    Get PDF
    Software vulnerabilities have become a severe cybersecurity issue. There are numerous resources of industry best practices available, but it is still challenging to effectively teach secure coding practices. The resources are not designed for classroom usage because the amount of information is overwhelming for students. There are efforts in academia to introduce secure coding components into computer science curriculum, but a big gap between industry best practices and workforce skills still exists. Unlike many existing efforts, we focus on both the big picture of secure coding and hands-on projects. To achieve these two goals, we present five learning steps that we have been revising over the last four years. Our evaluation shows that the approach reduces complexity and encourages students to use secure coding practice in their future projects

    Gamifying Software Security Education and Training via Secure Coding Duels in Code Hunt

    No full text
    ABSTRACT Sophistication and flexibility of software development make it easy to leave security vulnerabilities in software applications for attackers. It is critical to educate and train software engineers to avoid introducing vulnerabilities in software applications in the first place such as adopting secure coding mechanisms and conducting security testing. A number of websites provide training grounds to train people's hacking skills, which are highly related to security testing skills, and train people's secure coding skills. However, there exists no interactive gaming platform for instilling gaming aspects into the education and training of secure coding. To address this issue, we propose to construct secure coding duels in Code Hunt, a high-impact serious gaming platform released by Microsoft Research. In Code Hunt, a coding duel consists of two code segments: a secret code segment and a player-visible code segment. To solve a coding duel, a player iteratively modifies the player-visible code segment to match the functional behaviors of the secret code segment. During the duel-solving process, the player is given clues as a set of automatically generated test cases to characterize sample functional behaviors of the secret code segment. The game aspect in Code Hunt is to recognize a pattern from the test cases, and to re-engineer the player-visible code segment to exhibit the expected behaviors. Secure coding duels proposed in this work are coding duels that are carefully designed to train players' secure coding skills, such as sufficient input validation and access control

    How Could Serious Games Support Secure Programming? Designing a Study Replication and Intervention

    Get PDF
    While developing and deploying software continue to be more broadly accessible, so is the problem caused by these systems' security not being considered enough by their developers and maintainers. We propose to address this developer-centred security issue with serious games (games for which entertainment is not the main purpose) as a means to motivate developers to consider security threats when developing. We have developed a serious game around secure and non-secure programming exercises to investigate if serious gamification helps to improve attitudes or ability with secure programming. We detail the design choices of the game and how it relates to the programming tasks. In particular we present the design choices we made with the intention to replicate a prior study and discuss the tension that arose between replication and intervention. We discuss the results of a pilot study we conducted and present the steps we plan to take going forward into larger studies

    Software Engineering Education and Games: A Systematic Literature Review

    Get PDF
    The trend in using games in elementary level education also spreads through higher education levels and specific domains such as engineering. Recently, researchers have shown an increased interest in the usage of games in software engineering. In this paper, we are presenting a systematic review and analysis of 350 papers regarding games in software engineering education that was published in the last fifteen years. After applying our inclusion criteria and manual inspection of these studies, we have ended up with 53 primary papers. Based on a systematic process, we reported and discussed our findings with possible future research directions. The main results of this study indicate that the studies are accumulated around 5 categories: Games that learners/students play, games that learners/students develop as projects, curriculum proposals, developing/coming up with new approaches, tools, frameworks or suggestions and others
    corecore