CANDID: preventing sql injection attacks using dynamic candidate evaluations
Proceedings of the 14th ACM conference on Computer and communications security
Using animation courseware in the teaching of database security
Proceedings of the 8th ACM SIGITE conference on Information technology education
Integrating web application security into the IT curriculum
SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Hi-index | 0.00 |
Security topics have been taught for some time at universities. The most common approach has been to teach a required topic, and then introduce a security module later in the course. We are promoting the notion of teaching security at the same time as main course's material. This helps students to adopt to the idea of writing secure code at an early stage and encourages them to focus on the security issues before beginning coding. While this method has clear advantages, it is not easy to implement in practice. This is partly a result of the faculty's luck of awareness about security issues, and the perception of security as an advanced topic. We see security as an extension of the basic concept of input validation, and so a very basic topic. We also propose teaching secure practices as the default model presented to the students, facilitating the adoption of those practices.