Teaching Security in Introductory C-Programming Courses

[ES] The challenges in the age of digitalization demand that universities qualify their computer science and engineering graduates well with respect to IT Security (information technology security). In engineering education such lectures are often offered as an elective subject, only. We propose to teach security aspects with respect to robustness and correctness already in the introductory programming course and therefore to cover at least parts of the overall field of IT Security as a compulsory subject for all students. The paper describes the integration of some rules and recommendations from the SEI Cert C Coding Standard into our introductory C programming course and discusses our experience with the course over the last two years with respect to its contents, realization, evaluation and examination.Pawelczak, D. (2020). Teaching Security in Introductory C-Programming Courses. En 6th International Conference on Higher Education Advances (HEAd'20). Editorial Universitat Politècnica de València. (30-05-2020):595-603. https://doi.org/10.4995/HEAd20.2020.1111459560330-05-202

Static Analysis of Android Secure Application Development Process with FindSecurityBugs

Mobile devices have been growing more and more powerful in recent decades, evolving from a simple device for SMS messages and phone calls to a smart device that can install third party apps. People are becoming more heavily reliant on their mobile devices. Due to this increase in usage, security threats to mobile applications are also growing explosively. Mobile app flaws and security defects can provide opportunities for hackers to break into them and access sensitive information. Defensive coding needs to be an integral part of coding practices to improve the security of our code. We need to consider data protection earlier, to verify security early in the development lifecycle, rather than fixing the security holes after malicious attacks and data leaks take place. Early elimination of known security vulnerabilities will help us increase the security of our software, reduce the vulnerabilities in the programs, and mitigate the consequences and damage caused by potential malicious attacks. However, many software developer professionals lack the necessary security knowledge and skills at the development stage, and secure mobile software development is not yet well represented in most schools\u27 computing curriculum. In this paper, we present a static security analysis approach with the FindSecurityBugs plugin for Android secure mobile software development based on OWASP mobile security recommendations to promote secure mobile software development education and meet the emerging industrial and educational needs

Secure coding intention via protection motivation theory based survey

Abstract. According to studies, programming skills are obtained by a large number of persons but most of them lack the ability to produce secure software. This statement reflects the essence of this thesis and provides a direction to problem solving. The focus of this study is a research into the possibility of using a questionnaire prepared with the use of a protection motivation theory (PMT) to provide a indication of intention for software developers towards secure programming techniques. This study answers the following research question: Can secure programming intention be aroused with a PMT questionnaire? The questionnaire consists of three categories: background-, awareness-/knowledge- and PMT questions. Background questions are used to identify the focus group. Awareness and knowledge questions are used to provide secure coding information which is reflected by cognitive thinking via PMT questions. The questionnaire was built as web survey and distributed via professional social network. The questionnaire uses focused subject group working in micro and small enterprises (<50 employees). The study results are analysed against PMT components to validate focus group selection as a correct choice. Survey findings analysed in qualitative manner (partly in quantitative), indicates that majority of subjects created intention towards studying or using secure coding techniques. The focus group PMT analysis results shows that in each PMT section, at least over half indicated positive response into it. These results will provide a deeper research direction for how to promote secure coding