TY - GEN
T1 - Tutorial
T2 - 2021 IEEE Secure Development Conference, SecDev 2021
AU - Lee, David
AU - Steed, Brandon
AU - Liu, Yi
AU - Ezenwoye, Onyeka
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - In cybersecurity education, it is critical to introduce students to security concepts and keep them aware of common software security weaknesses. However, the effectiveness of delivering such knowledge is complicated by the lack of practical security content and a case study that embeds contemporary security vulnerabilities for education.In this tutorial, we propose to introduce the participants to common web application vulnerabilities using a novel lightweight application case study that demonstrates software security weaknesses in a practical manner. With this tutorial, we will facilitate discussion about ways to expose students to security weaknesses, how to mitigate software vulnerabilities through secure software design and coding practices, as well as share ideas on how to improve the case study application.This three-part tutorial will first introduce the National Vulnerability Database. In addition, we will discuss the Common Weakness Enumeration and the relationship between vulnerabilities and weaknesses. We will then illustrate how the database is used to derive the common web application weaknesses. The second part of the tutorial will demonstrate the lightweight web application as a case study to illustrate the most common web application weaknesses. The participants will be guided on how to download and use the web application. This will include practical exercises of how to activate the built-in vulnerabilities that expose the common security weaknesses. Lastly, we will facilitate a discussion on the efficacy of the case study as a means for practical software vulnerability demonstration for education with a view on ways to enhance the case study.
AB - In cybersecurity education, it is critical to introduce students to security concepts and keep them aware of common software security weaknesses. However, the effectiveness of delivering such knowledge is complicated by the lack of practical security content and a case study that embeds contemporary security vulnerabilities for education.In this tutorial, we propose to introduce the participants to common web application vulnerabilities using a novel lightweight application case study that demonstrates software security weaknesses in a practical manner. With this tutorial, we will facilitate discussion about ways to expose students to security weaknesses, how to mitigate software vulnerabilities through secure software design and coding practices, as well as share ideas on how to improve the case study application.This three-part tutorial will first introduce the National Vulnerability Database. In addition, we will discuss the Common Weakness Enumeration and the relationship between vulnerabilities and weaknesses. We will then illustrate how the database is used to derive the common web application weaknesses. The second part of the tutorial will demonstrate the lightweight web application as a case study to illustrate the most common web application weaknesses. The participants will be guided on how to download and use the web application. This will include practical exercises of how to activate the built-in vulnerabilities that expose the common security weaknesses. Lastly, we will facilitate a discussion on the efficacy of the case study as a means for practical software vulnerability demonstration for education with a view on ways to enhance the case study.
KW - Vulnerability
KW - Weakness
KW - Web Application
UR - http://www.scopus.com/inward/record.url?scp=85124338327&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85124338327&partnerID=8YFLogxK
U2 - 10.1109/SecDev51306.2021.00014
DO - 10.1109/SecDev51306.2021.00014
M3 - Conference contribution
AN - SCOPUS:85124338327
T3 - Proceedings - 2021 IEEE Secure Development Conference, SecDev 2021
SP - 5
EP - 6
BT - Proceedings - 2021 IEEE Secure Development Conference, SecDev 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 October 2021 through 20 October 2021
ER -