A Course Module On Application Logic Flaws

Software security is extremely important, and even thoroughly tested code may still have exploitable vulnerabilities. Some of these vulnerabilities are caused by logic flaws. Due to the nature of application or business logic, few automated tools can test for these types of security issues. Therefore, it is important for students to learn how to reduce the number of logic flaws when developing software, and how to test for them manually. A course module with a case study was created to teach students about this topic. Case-based teaching methods are used because it allows students to better apply learned skills to real world industrial settings, and there is a lack of case studies available for current software engineering curriculum. The course module includes an introduction, a quiz on the reading, an animated PowerPoint about the case, and a set of discussion questions. The introduction covers what logic flaws are, reducing logic flaws during software development, and how to test for them manually. The case is about eCommerce merchant software Bigcommerce using PayPal Express to collect payment. A flaw lets attackers complete an expensive order using the payment intended for a cheaper order. An animation was created to trace the HTTP interactions and back-end code representing the steps of the exploit from this case, and explain the manual testing method used to discover the exploit. A set of discussion questions has students apply this method to similar code, to find potential vulnerabilities and then fix them. This course module was taught in COMP 727 Secure Software Engineering at North Carolina A&T State University in the Spring 2015 semester. A pre-survey and post-survey on the learning objectives shows students felt they improved their knowledge and skills relating to application logic flaws. A quiz based on the reading shows students understood the material. The quality of student discussions was very high. Discussion question results were graded using a rubric, and three-quarters of the class received an 85% grade or higher. Overall, this case study was effective at teaching students about application logic flaws. It will be made available to other universities, and can be easily integrated into existing curriculum

Python Coding amongst Undergraduate Student Teachers in a Nigeria Post-Secondary Institution: An Exploratory Study

This study explored coding errors, determined how preservice teachers in Obafemi Awolowo University (OAU) debugged coding error and investigated reasons for the errors. This was with an intention to assess preservice teachers learning and understanding of python programming in OAU. The study adopted exploratory research design with the population of all undergraduate students in Faculty of Education in OAU. Out of the population, 10 preservice teachers were interviewed to understand the nature of the study. The interviews were audio recorded, transcribed and thematically analysed. The study findings revealed four major errors committed in python programming by student teachers in the university. The finding further categorized approaches adopted by the students in debugging python programming errors into seven. Amongst these seven, ‘help from friends and internet’ were predominant while the least was ‘doing it again’. The undergraduate students’ teachers advanced six reasons for the errors often faced while learning programming. The paper concluded that undergraduate student teachers confront errors while learning python programming. It was strongly recommended that the pedagogy of computer programming should be taught inhouse to improve programming learning among undergraduate student teachers

Collaborative Growth Toward Discovery: Becoming Stronger through Change

The radical act of replacing a traditional OPAC and ILS with a hosted library services platform (LSP) and web-scale discovery (WSD) system creates the impetus for libraries to rethink core workflows and practices. Both of these tools have the potential to greatly improve access to library collections and enhance user experience, but only if the implementation is a collaborative effort between different stakeholders, technical experts and subject librarians, grounded in a thoughtful selection process that emphasizes user needs. Furthermore, because this model removes the traditional OPAC, subject librarians must take on the challenge of understanding the tool and work as partners with backend technical experts as well as the vendor so that they are not left out of providing research assistance as algorithms replace some traditional library skills. Grounded in the literature of collaborative learning and librarian attitudes towards discovery systems, this chapter describe the process of creating a culture of collaboration centered on user needs. Such a model is central to the process of evaluation and implementation of a LSP and a WSD service, particularly in the context of a university with multiple campuses and diverse users. We established a well-structured collaboration model from the systems evaluation phase, and continued to apply the model to the implementation phase. In 2010, the initial solution was to keep a traditional OPAC, and implement WorldCat Local as article discovery tool while doing in-depth user studies and gathering feedback from subject librarians to create a data-driven decision making habit. In 2014, we determined that Alma and Primo should replace the current Voyager ILS and WorldCat Local. The implementation process started in January 2015 and will go live in July 2015. The chapter will share the journey of creating a collaborative model and implementing unified resource management and discovery

Debugging: The Key to Unlocking the Mind of a Novice Programmer?

Novice programmers must master two skills to show lasting success: writing code and, when that fails, the ability to debug it. Instructors spend much time teaching the details of writing code but debugging gets significantly less attention. But what if teaching debugging could implicitly teach other aspects of coding better than teaching a language teaching debugging? This paper explores a new theoretical framework, the Theory of Applied Mind for Programming (TAMP), which merges dual process theory with Jerome Bruner’s theory of representations to model the mind of a programmer. TAMP looks to provide greater explanatory power in why novices struggle and suggest pedagogy to bridge gaps in learning. This paper will provide an example of this by reinterpreting debugging literature using TAMP as a theoretical guide. Incorporating new view theoretical viewpoints from old studies suggests a “debugging-first” pedagogy can supplement existing methods of teaching programming and perhaps fill some of the mental gaps TAMP suggests hamper novice programmers

eXtended Reality for Education and Training

L'abstract è presente nell'allegato / the abstract is in the attachmen