nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

A Framework for Integrating Secure Coding Principles into Undergraduate Programming Curricula

verfasst von : Sandile Ngwenya, Lynn Futcher

Erschienen in: ICT Education

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The rise of the use of the internet has led to significant growth in software applications for conducting business, entertainment and socialising, which in turn has led to a higher rate of attacks on software applications. This problem has led to industry requiring software developers skilled in developing software in a secure manner. The problem that industry faces is that many software development graduates do not have the requisite knowledge in secure programming. Academia should thus address these needs of industry by integrating secure coding principles into undergraduate programming curricula. In South Africa, however, this is often not formally done. This paper suggests some secure coding principles that could be integrated into programming curricula, together with various integration approaches and related challenges. It presents a framework for integrating secure coding principles into undergraduate programming curricula to ensure the formal planning and ‘buy-in’ of academic staff at all levels. The purpose of the framework is to guide computing faculties about ‘what’ secure coding principles to teach and ‘where’ to teach them.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel An Approach to Teaching Secure Programming in the .NET Environment

Nächstes Kapitel Developing a Digital Forensics Curriculum: Exploring Trends from 2007 to 2017

Less hierarchic models of academic organisation are known in the universities of other countries where the professors of a discipline constitute a ‘subject group’ without a formal director. Nonetheless, our curricular proposals can be implemented by such collaborative professoral ‘subject groups’ as well.

ACM: Key Education Activities. https://www.acm.org/education/about-education

Agama, E., Chi, H.: A framework for teaching secure coding practices to STEM students with mobile devices. In: Proceedings of the ACM Southeast Regional Conference, pp. 1–4 (2014)

Aratyn, T., Kazerooni, S.: Secure Web Application Framework Manifesto (2010)

Aziz, N.A., Shamsuddin, S.N.Z., Hassan, N.A.: Inculcating secure coding for beginners. In: Proceedings of the ICIC International Conference on Informatics and Computing, pp. 164–168 (2016)

Bangani, S., Futcher, L., van Niekerk, J.: An approach to teaching secure programming in the .NET environment. In: Tait, B., et al. (eds.) SACLA 2019. CCIS, vol. 1136, pp. 35–49 (2020)

Burley, D., Bishop, M., Buck, S., Ekstrom, J., Futcher, L., Gibson, D.: Cybersecurity Curricula. Technical report (2017)

Choudhury, A.J., Kumar, P., Sain, M., Lim, H., Hoon, J.L.: A strong user authentication framework for cloud computing. In: Proceedings of the APSCC IEEE Asia-Pacific Services Computing Conference, pp. 110–115 (2011)

Dark, M.J., Lauren, S., Ngambeki, I., Bishop, M.: Effect of the secure programming clinic on learners’ secure programming practices (2016)

Dark, M.J., Ngambeki, I., Bishop, M., Belcher, S.: Teach the hands, train the mind — a secure programming clinic. In: Proceedings of the 19th Colloquium for Information Systems Security Education (2015)

10.

Duong, T., Rizzo, J.: Cryptography in the web: the case of cryptographic design flaws in ASP.NET. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 481–489 (2011)

11.

Gomana, L.G.: Towards a framework for the integration of information security into undergraduate computing curricula. Masters dissertation, Nelson Mandela Metropolitan Univ. (2017)

12.

Ingham, K.L.: Implementing a successful secure coding continuing education curriculum for industry: challenges and successful strategies. In: Proceedings of Software Engineering Education and Training Workshops, pp. 1–11 (2006)

13.

Javascript. https://www.w3schools.com/js/jsvalidation.asp

14.

Khomokhoana, P.J., Nel, L.: Decoding source code comprehension: bottlenecks experienced by senior computer science students. In: Tait, B., et al. (eds.) SACLA 2019. CCIS, vol. 1136, pp. 17–32 (2020)

15.

Kindy, D.A., Pathan, A.S.K.: A survey on SQL injection: vulnerabilities, attacks, and prevention techniques. In: Proceedings of the ISCE International Symposium on Consumer Electronics, pp. 468–471 (2011)

16.

Lunt, B., et al.: Information technology: curriculum guidelines for undergraduate degree programs in information technology. ACM/IEEE Joint Technical report (2008)

17.

Orey, M., Forehand, M.: Emerging perspectives on learning, teaching, and technology (2011)

18.

OWASP: Secure coding practices quick reference guide. Technical report (2010)

19.

Sabin, M., et al.: Information technology curricula. Technical report. ACM (2017)

20.

Sadeghi, A.R., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial Internet of Things. In: Proceedings of the DAC Design Automation Conference, pp. 1–6 (2015)

21.

Starr, C., Manaris, B., Stalvey, R.: Bloom’s taxonomy revisited: specifying assessable learning objectives in computer science. In: Proceedings of the 39th SIGCSE Technical Symposium on Computer Science Education, p. 22 (2008)

22.

Taylor, B., Bishop, M., Hawthorne, E., Nance, K.: Teaching secure coding: the myths and the realities. In: Proceedings of the 44th ACM Technical Symposium on Computer Science Education, pp. 281–282 (2013)

23.

The joint task force on computing curricula: curriculum guidelines for undergraduate programs in computer science. ACM Technical report (2013)

24.

Visaggio, C., Blasio, L.C.: Session management vulnerabilities in today’s web. IEEE Secur. Priv. 8(5), 48–56 (2010)CrossRef

25.

Whitney, M., Richter, H.L., Chu, B., Zhu, J.: Embedding secure coding instruction into the IDE: a field study in an advanced CS course. In: Proceedings of the 46th ACM Technical Symposium on Computer Science Education, SIGCSE 2015 pp. 60–65 (2015)

Titel: A Framework for Integrating Secure Coding Principles into Undergraduate Programming Curricula
verfasst von: Sandile Ngwenya
Lynn Futcher
Verlag: Springer International Publishing
Buch: ICT Education
Print ISBN: 978-3-030-35628-6

Electronic ISBN: 978-3-030-35629-3

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-35629-3_4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner