Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Human Aspects of Information Security and Assurance

HAISA 2022: Human Aspects of Information Security and Assurance pp 77–90Cite as

An Investigation into Educational Process Models for Teaching Secure Programming

  • Conference paper
  • First Online:

  • 528 Accesses

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 658))

Abstract

Despite the many advantages that software applications provide in our daily lives, there are also numerous threats that target vulnerabilities in these applications. There is therefore a demand for new technologies and approaches to secure software development. Educational institutions are responsible for equipping computing graduates with the requisite secure programming knowledge, skills and abilities. However, despite various curricula guidelines being provided by the ACM and other professional bodies, many educational institutions have not successfully implemented such changes within their curricula. One of the problems is that the available curricula guidelines focus more on what secure programming concepts should be taught, rather than how. This paper therefore investigates how educational process models could be used for teaching secure programming. It further identifies various themes and sub-themes from different educational process models and argues how these can be used to teach secure programming.

The financial assistance of the National Research Foundation (NRF) towards this research is hereby acknowledged. Opinions expressed and conclusions arrived at, are those of the author, and are not necessarily to be attributed to the NRF.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Auch, M., Weber, M., Mandl, P., Wolff, C.: Similarity-based analyses on software applications: a systematic literature review. J. Syst. Softw. 168, 110669 (2020). https://doi.org/10.1016/j.jss.2020.110669

    Article  Google Scholar 

  2. Gasiba, T., Lechner, U., Cuellar, J., Zouitni, A.: Ranking secure coding guidelines for software developer awareness training in the industry. OpenAccess Ser. Inform. 81(11), 1–11 (2020)

    Google Scholar 

  3. Sabin, M., Alrumaih, H., Impagliazzo, J., Lunt, B., Zhang, M.: ACM/IEEE. 2017 information technology curricula 2017: curriculum guidelines for baccalaureate degree programs in information technology. Technical report (2017)

    Google Scholar 

  4. I.E. Commission and S. S. Division, SANS 27034-1: 2013 South African National Standard Information technology—Security techniques—Application security Part 1: Overview and concepts (2013)

    Google Scholar 

  5. Lunt, B., Sabin, M., Hala, A., Impagliazzo, J., Zhang, M.: Information technology curricula 2017. Association for Computing Machinery (ACM) IEEE Computer Society, Technical report (2017)

    Google Scholar 

  6. Anderson, R.: Thematic content analysis (TCA). Descriptive Present. Qual. Data 15, 1–4 (2007)

    Google Scholar 

  7. Xiao, Y., Watson, M.: Guidance on conducting a systematic literature review. J. Plan. Educ. Res. 39(1), 93–112 (2019)

    Article  Google Scholar 

  8. Cairns, A.H., et al.: Using semantic lifting for improving educational process models discovery and analysis. In: CEUR Workshop Proceedings, vol. 1293, pp. 150–161 (2014)

    Google Scholar 

  9. Caulfield, J.: How to do thematic analysis—a step-bystep guide & examples. Scribbr, pp. 1–9 (2020). https://www.scribbr.com/methodology/thematic-analysis/

  10. Nowell, L.S., Norris, J.M., White, D.E., Moules, N.J.: Thematic analysis: striving to meet the trustworthiness criteria. Int J Qual Methods 16(1), 1–13 (2017)

    Article  Google Scholar 

  11. Nehouse, W., Keith, S., Scribner, B., Witte, G.: NIST 2017 national initiative for cybersecurity education (NICE) cybersecurity workforce framework. Technicl report, November 2017. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

  12. Gasiba, T., Lechner, U., Rezabek, F., Pinto-Albuquerque, M.: Cybersecurity games for secure programming education in the industry: gameplay analysis. In: Queirós, R., Portela, F., Pinto, M. (eds.) First International Computer Programming Education Conference (2020)

    Google Scholar 

  13. Nance, K., Hay, B., Fairbanks, A., Bishop, M.: Secure coding education: are we making progress?, pp. 83–88 (2012)

    Google Scholar 

  14. Gasiba, T., Lechner, U., Pinto-Albuquerque, M., Zouitni, A.: Design of secure coding challenges for cybersecurity education in the industry. In: Shepperd, M., Brito e Abreu, F., Rodrigues da Silva, A., Pérez-Castillo, R. (eds.) QUATIC 2020. CCIS, vol. 1266, pp. 223–237. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58793-2_18

    Chapter  Google Scholar 

  15. Burley, D., Bishop, M., Buck, S., Ekstrom, J., Futcher, L.: Cybersecurity Curricula 2017, no. December (2018)

    Google Scholar 

  16. Carneiro, D., Silva, R.: Game elements, motivation and programming learning: a case study. In: First International Computer Programming Education Conference (2020)

    Google Scholar 

  17. Zuzana, K., Iveta, D.: Using code review at school and at the programming club. In: First International Computer Programming Education Conference (2020)

    Google Scholar 

  18. Espinha Gasiba, T., Lechner, U., Pinto-Albuquerque, M., Mendez, D.: Is secure coding education in the industry needed? An investigation through a large scale survey, no. February, pp. 241–252 (2021)

    Google Scholar 

  19. Bishop, M., et al.: Cybersecurity curricular guidelines. In: Bishop, M., Futcher, L., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2017. IAICT, vol. 503, pp. 3–13. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58553-6_1

    Chapter  Google Scholar 

  20. Dark, M.J., Lauren, S., Ngambeki, I., Bishop, M.: Effect of the secure programming clinic on learners’ secure programming practices (2016)

    Google Scholar 

  21. Taylor, B., Bishop, M., Hawthorne, E., Nance, K.: Teaching secure coding- the myths and the realities. In: Proceeding of the 44th ACM Technical Symposium on Computer Science Education (SIGCSE 2013), no. March 2013, pp. 281–282 (2013)

    Google Scholar 

  22. Conde, V., Queirós, R.: First International Computer Programming Education Conference Ricardo Queirós Filipe Portela Mário Pinto (2020)

    Google Scholar 

  23. Bishop, M., Dai, J., Dark, M., Ngambeki, I., Nico, P., Zhu, M.: Evaluating secure programming knowledge. In: Bishop, M., Futcher, L., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2017. IAICT, vol. 503, pp. 51–62. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58553-6_5

    Chapter  Google Scholar 

  24. Mdunyelwa, V., Futcher, L., Van Niekerk, J.: A framework for teaching secure coding practices through a blended learning approach (2020)

    Google Scholar 

  25. OWASP: OWASP Top 10 Web Application Security Risks. Technical report (2020). https://owasp.org/www-project-top-ten/

  26. SANS Institute: 2011 CWE/SANS Top 25 Most Dangerous Software Errors. SANS Institute, pp. 1–25 (2011). http://cwe.mitre.org/top25/#CWE-78

  27. Rindell, K., Ruohonen, J., Holvitie, J., Hyrynsalmi, S., Leppänen, V.: Security in agile software development: a practitioner survey. Inf. Softw. Technol. 131(November 2020), 106488 (2021)

    Google Scholar 

  28. Ardis, M., Budgen, D., Hislop, G.W., Offutt, J., Sebern, M., Visser, W.: SE 2014: curriculum guidelines for undergraduate degree programs in software engineering. Computer 48(11), 106–109 (2015)

    Article  Google Scholar 

  29. Scholte, T., Balzarotti, D., Kirda, E.: Have things changed now? An empirical study on input validation vulnerabilities in web applications. Comput. Secur. 31(3), 344–356 (2012)

    Article  Google Scholar 

  30. Espinha Gasiba, T., Lechner, U., Pinto-Albuquerque, M.: Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach. Cybersecurity 3(1), 1–23 (2020)

    Article  Google Scholar 

  31. SANS/CWE: CWE - 2019 CWE Top 25 Most Dangerous Software Errors. Technical report (2019). https://cwe.mitre.org/top25/

  32. The Acunetix Team: Acunetix Web Application Vulnerability Report 2019. Technical report (2020)

    Google Scholar 

  33. IBM: Security Cost of Data Breach (2019). https://www.ibm.com/downloads/cas/

  34. Ruan, Y.: Educational process modelling with workflow and time petri nets. Ph.D. dissertation (2005)

    Google Scholar 

  35. Beck, C.E., Schornack, G.R.: Systems Model of Educational Processes. Encyclopedia of Distance Learning, 2nd edn., pp. 2008–2016 (2011)

    Google Scholar 

  36. Rashty, D.: eLearning processes models, pp. 1–7 (1998)

    Google Scholar 

  37. Armstrong, J.R.: An educational process model for use in research. J. Exp. Educ. 39(1), 2–7 (1970)

    Article  Google Scholar 

  38. Huitt, W.: A transactional framework of the teaching/learning process: a summary (2003). http://www.edpsycinteractive.org/materials/mdltlp.html

  39. Tujarov, H., Avramova, S., Kalchev, S., Stefanova, M.: Educational process model. In: Proceedings of the 9th International Conference on Computer Systems and Technologies and Workshop for PhD Students in Computing, CompSysTech 2008, no. January 2008 (2008)

    Google Scholar 

  40. Adkins, M., Nitsch, W.: Student retention in online education. In: Encyclopedia of distance learning (1944)

    Google Scholar 

  41. Dees, D.M., Ingram, A., Kovalik, C., Allen, M., Mcclelland, A., Justice, L.: A transactional model of college teaching. Int. J. Teach. Learn. High. Educ. 19(2), 130–139 (2007)

    Google Scholar 

  42. Kwek, C.L., Lau, T.C., Tan, H.P.: Education quality process model and its influence on students’ perceived service quality. Int. J. Bus. Manag. 5(8), 154 (2010)

    Google Scholar 

  43. Münch, J., Armbrust, O., Kowalczyk, M., Soto, M.: Descriptive process models, no. March (2012)

    Google Scholar 

  44. Bloom, B.S., Engelhart, M.D., Furst, E.J., Hill, W.H., Krathwohl, D.R.: The Classification of Educational Goals (1956)

    Google Scholar 

  45. Fawcett, G., Juliana, M.: Teaching in the digital age. In: Designing Instruction for Technology-Enhanced Learning, pp. 71–82 (2015). http://opentextbc.ca/teachinginadigitalage/%5Cn, http://services.igiglobal.com/resolvedoi/resolve.aspx?doi=10.4018/978-1-930708-28-0.ch004

  46. Mdunyelwa, V.S., Van Niekerk, J.F., Futcher, L.A.: Secure coding practices in the software development capstone project. In: Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017) Secure, no. HAISA, pp. 282–291 (2017)

    Google Scholar 

  47. Mdunyelwa, V., Futcher, L., van Niekerk, J.: An educational intervention for teaching secure coding practices. In: Drevin, L., Theocharidou, M. (eds.) WISE 2019. IAICT, vol. 557, pp. 3–15. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23451-5_1

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nelson Mandela University, Port Elizabeth, South Africa

    Vuyolwethu Mdunyelwa, Lynn Futcher & Johan van Niekerk

  2. Noroff University College, Kristiansand, Norway

    Johan van Niekerk

Authors
  1. Vuyolwethu Mdunyelwa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lynn Futcher
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Johan van Niekerk
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vuyolwethu Mdunyelwa .

Editor information

Editors and Affiliations

  1. University of Plymouth, Plymouth, UK

    Nathan Clarke

  2. University of Nottingham, Nottingham, UK

    Steven Furnell

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mdunyelwa, V., Futcher, L., van Niekerk, J. (2022). An Investigation into Educational Process Models for Teaching Secure Programming. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2022. IFIP Advances in Information and Communication Technology, vol 658. Springer, Cham. https://doi.org/10.1007/978-3-031-12172-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-12172-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-12171-5

  • Online ISBN: 978-3-031-12172-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation