Tutorial: A Lightweight Web Application for Software Vulnerability Demonstration

David Lee, Brandon Steed, Yi Liu, Onyeka Ezenwoye

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations


In cybersecurity education, it is critical to introduce students to security concepts and keep them aware of common software security weaknesses. However, the effectiveness of delivering such knowledge is complicated by the lack of practical security content and a case study that embeds contemporary security vulnerabilities for education.In this tutorial, we propose to introduce the participants to common web application vulnerabilities using a novel lightweight application case study that demonstrates software security weaknesses in a practical manner. With this tutorial, we will facilitate discussion about ways to expose students to security weaknesses, how to mitigate software vulnerabilities through secure software design and coding practices, as well as share ideas on how to improve the case study application.This three-part tutorial will first introduce the National Vulnerability Database. In addition, we will discuss the Common Weakness Enumeration and the relationship between vulnerabilities and weaknesses. We will then illustrate how the database is used to derive the common web application weaknesses. The second part of the tutorial will demonstrate the lightweight web application as a case study to illustrate the most common web application weaknesses. The participants will be guided on how to download and use the web application. This will include practical exercises of how to activate the built-in vulnerabilities that expose the common security weaknesses. Lastly, we will facilitate a discussion on the efficacy of the case study as a means for practical software vulnerability demonstration for education with a view on ways to enhance the case study.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE Secure Development Conference, SecDev 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages2
ISBN (Electronic)9781665431705
StatePublished - 2021
Event2021 IEEE Secure Development Conference, SecDev 2021 - Virtual, Online, United States
Duration: Oct 18 2021Oct 20 2021

Publication series

NameProceedings - 2021 IEEE Secure Development Conference, SecDev 2021


Conference2021 IEEE Secure Development Conference, SecDev 2021
Country/TerritoryUnited States
CityVirtual, Online


  • Vulnerability
  • Weakness
  • Web Application

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Tutorial: A Lightweight Web Application for Software Vulnerability Demonstration'. Together they form a unique fingerprint.

Cite this