ABSTRACT
Security topics have been taught for some time at universities. The most common approach has been to teach a required topic, and then introduce a security module later in the course. We have been promoting the notion of teaching security at the same time as main course's material. We found that this helps students to accept the idea of writing secure code at an early stage and encourages them to focus on the security issues before they start coding. We proposed teaching secure practices as the default model presented to the students, facilitating the adoption of those practices. Over a period of one year we promoted the concept among our colleagues both in our school and at teaching conferences. This paper is a report that shows where we are one year after of implementation of Teaching with Security in Mind.
- Carrier-Sensitive Routing User Guide http://www.cisco.com/en/US/products/sw/voicesw/ps4371/products_user_guide_book09186a00801e88f0.htmlGoogle Scholar
- Cenzic: Web Application Security Trends Report, Q1-Q2, 2009 http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdfGoogle Scholar
- Bandhakavi, S., Bisht, P., Madhusudan, P., Venkatakrishnan, V. "CANDID: Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations," In Proceedings of ACM Conference on Computer and Communications Security 2007. pp 12--24 Google ScholarDigital Library
- Walden, J. "Integrating Web Application Security into the IT Curriculum," In Proceedings of the 9th ACM SIGITE conference on Information technology education. pp 187--192 Google ScholarDigital Library
- Guimaraes, M., Murray, M. "Using animation courseware in the teaching of database security," In proceedings of SIGITE 2007. pp 253--258 Google ScholarDigital Library
- Google Code Search http://www.google.com/codesearchGoogle Scholar
- Boyarsky, J. Batching Select Statements in JDBC http://www.javaranch.com/journal/200510/Journal200510.jsp#a2Google Scholar
Index Terms
- Is teaching with security in mind working?
Recommendations
Teaching with security in mind
ACM-SE 47: Proceedings of the 47th Annual Southeast Regional ConferenceSecurity topics have been taught for some time at universities. The most common approach has been to teach a required topic, and then introduce a security module later in the course. We are promoting the notion of teaching security at the same time as ...
Teaching information systems security courses: A hands-on approach
It has become imperative for companies, governments, and organizations to understand how to guard against hackers, outsiders, and even disgruntled employees who threaten their information security, integrity and daily business operations. To address ...
Design of a computer security teaching and research laboratory (abstract only)
SIGCSE '12: Proceedings of the 43rd ACM technical symposium on Computer Science EducationTo enhance the learning process a certain amount of hands-on experience is desirable to supplement the theory portion of computer security-related courses. This includes courses in information assurance, database security, computer security and computer ...
Comments