15,317 research outputs found
Cybersecurity challenges: Serious games for awareness training in industrial environments
Awareness of cybersecurity topics, e.g., related to secure coding guidelines, enables software developers to write secure code. This awareness is vital in industrial environments for the products and services in critical infrastructures. In this work, we introduce and discuss a new serious game designed for software developers in the industry. This game addresses software developers’ needs and is shown to be well suited for raising secure coding awareness of software developers in the industry. Our work results from the experience of the authors gained in conducting more than ten CyberSecurity Challenges in the industry. The presented game design, which is shown to be well accepted by software developers, is a novel alternative to traditional classroom training. We hope to make a positive impact in the industry by improving the cybersecurity of products at their early production stages.info:eu-repo/semantics/acceptedVersio
CyberSecurity Challenges: Serious Games for Awareness Training in Industrial Environments
Awareness of cybersecurity topics, e.g., related to secure coding guidelines,
enables software developers to write secure code. This awareness is vital in
industrial environments for the products and services in critical
infrastructures. In this work, we introduce and discuss a new serious game
designed for software developers in the industry. This game addresses software
developers' needs and is shown to be well suited for raising secure coding
awareness of software developers in the industry. Our work results from the
experience of the authors gained in conducting more than ten CyberSecurity
Challenges in the industry. The presented game design, which is shown to be
well accepted by software developers, is a novel alternative to traditional
classroom training. We hope to make a positive impact in the industry by
improving the cybersecurity of products at their early production stages.Comment: Preprint accepted for publication at the 17. Deutscher
IT-Sicherheitskongress. arXiv admin note: substantial text overlap with
arXiv:2102.0534
Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry
Secure coding guidelines are essential material used to train and raise awareness of software developers on the topic of secure software development. In industrial environments, since developer time is costly, and training and education is part of non-productive hours, it is important to address and stress the most important topics first. In this work, we devise a method, based on publicly available real-world vulnerability databases and secure coding guideline databases, to rank important secure coding guidelines based on defined industry-relevant metrics. The goal is to define priorities for a teaching curriculum on raising cybersecurity awareness of software developers on secure coding guidelines. Furthermore, we do a small comparison study by asking computer science students from university on how they rank the importance of secure coding guidelines and compare the outcome to our results
Raising Security Awareness using Cybersecurity Challenges in Embedded Programming Courses
Security bugs are errors in code that, when exploited, can lead to serious
software vulnerabilities. These bugs could allow an attacker to take over an
application and steal information. One of the ways to address this issue is by
means of awareness training. The Sifu platform was developed in the industry,
for the industry, with the aim to raise software developers' awareness of
secure coding. This paper extends the Sifu platform with three challenges that
specifically address embedded programming courses, and describes how to
implement these challenges, while also evaluating the usefulness of these
challenges to raise security awareness in an academic setting. Our work
presents technical details on the detection mechanisms for software
vulnerabilities and gives practical advice on how to implement them. The
evaluation of the challenges is performed through two trial runs with a total
of 16 participants. Our preliminary results show that the challenges are
suitable for academia, and can even potentially be included in official
teaching curricula. One major finding is an indicator of the lack of awareness
of secure coding by undergraduates. Finally, we compare our results with
previous work done in the industry and extract advice for practitioners.Comment: Preprint accepted for publication at the First International
Conference on Code Quality (ICCQ 2021
CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments
Awareness of cybersecurity topics facilitates software developers to produce
secure code. This awareness is especially important in industrial environments
for the products and services in critical infrastructures. In this work, we
address how to raise awareness of software developers on the topic of secure
coding. We propose the "CyberSecurity Challenges", a serious game designed to
be used in an industrial environment and address software developers' needs.
Our work distils the experience gained in conducting these CyberSecurity
Challenges in an industrial setting. The main contributions are the design of
the CyberSecurity Challenges events, the analysis of the perceived benefits,
and practical advice for practitioners who wish to design or refine these
games.Comment: Preprint accepted for publication at the 16th International
Conference on Wirtschaftsinformati
Raising security awareness using cybersecurity challenges in embedded programming courses
Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.info:eu-repo/semantics/acceptedVersio
CyberSecurity challenges for software developer awareness training in industrial environments
Awareness of cybersecurity topics facilitates software developers to produce secure code. This awareness is especially important in industrial environments for the products and services in critical infrastructures. In this work, we address how to raise awareness of software developers on the topic of secure coding. We propose the “CyberSecurity Challenges”, a serious game designed to be used in an industrial environment and address software developers’ needs. Our work distills the experience gained in conducting these CyberSecurity Challenges in an industrial setting. The main contributions are the design of the CyberSecurity Challenges events, the analysis of the perceived benefits, and practical advice for practitioners who wish to design or refine these games.info:eu-repo/semantics/acceptedVersio
Idea-caution before exploitation:the use of cybersecurity domain knowledge to educate software engineers against software vulnerabilities
The transfer of cybersecurity domain knowledge from security experts (‘Ethical Hackers’) to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed
A serious game for teaching Java cybersecurity in the industry with an intelligent coach
Cybersecurity as been gaining more and more attention over the past years. Nowadays
we continue to see a rise in the number of known vulnerabilities and successful cyber-attacks.
Several studies show that one of the causes of these problems is the lack of awareness of software
developers. If software developers are not aware of how to write secure code they can
unknowingly add vulnerabilities to software. This research focuses on raising Java developers
cybersecurity awareness by employing a serious game type of approach. Our artifact, the
Java Cybersecurity Challenges, consist of programming exercises that intend to give software
developers hands-on experience with security related vulnerabilities in the Java programming
language. Our designed solution includes an intelligent coach that aims at helping players understand
the vulnerabilities and solve the challenges. The present research was conducted using
the Action Design Research methodology. This methodology allowed us to reach a useful solution,
to the encountered problem, by applying an iterative development approach. Our results
show that the developed final artifact is a good method to answer the defined problem and
has been accepted and incorporated in an industry training program. This work contributes to
researchers and practitioners through a detailed description on the implementation of an automatic
code analysis and feedback process to evaluate the security level of the Java Cybersecurity
Challenges.A cibersegurança tem vindo a ganhar mais importância nos últimos anos. Hoje em dia, continuamos
a ver um aumento no número de vulnerabilidades conhecidas e ataques cibernéticos
bem-sucedidos. Vários estudos mostram que uma das causas desses problemas é a falta de
consciência dos programadores de software em termos de segurança. Ao não estarem cientes de
como escrever código seguro, os programadores podem adicionar vulnerabilidades ao software
sem saber. Este estudo foca-se em aumentar a conciencia dos programadores de software de
Java, no que toca à segurança cibernética, através de uma abordagem baseada em jogos sérios.
O nosso artefacto Java Cybersecurity Challenges, consiste em exercícios de programação que
pretendem providenciar aos programadores de software com uma experiência prática sobre vulnerabilidades relacionadas à segurança da linguagem de programação Java. A solução desenvolvida
inclui um treinador inteligente que visa ajudar os jogadores a compreender as vulnerabilidades
e a resolver os exercícios. Esta pesquisa foi desenvolvida com base na metodologia
Action Design Research. Esta metodologia permitiu-nos chegar a uma solução útil, para o
problema encontrado, aplicando uma abordagem de desenvolvimento iterativa. Os nossos resultados
mostram que o artefacto desenvolvido é um bom método para responder ao problema
definido e foi aceite e incorporado num programa de treino da indústria. Este trabalho contribui
para investigadores e praticantes através de uma descrição detalhada sobre a implementação de
um processo de análise automática de código, bem como de feedback, para avaliar o nível de
segurança dos Java Cybersecurity Challenges
- …