Writing Secure Code
Secure Coding: Principles and Practices
Secure Coding: Principles and Practices
The Security Development Lifecycle
The Security Development Lifecycle
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Moving beyond security tracks: integrating security in cs0 and cs1
Proceedings of the 39th SIGCSE technical symposium on Computer science education
The CERT C Secure Coding Standard
The CERT C Secure Coding Standard
Teach Them When They Aren't Looking: Introducing Security in CS1
IEEE Security and Privacy
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
Evaluating interactive support for secure programming
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Hi-index | 0.00 |
Software flaws are a root cause of many of today's information security vulnerabilities. Current curricula emphasis on traditional information security issues does not address this root cause. We propose educating students on secure programming techniques through interactive tool support in the Integrated Development Environment (IDE). We believe this approach can complement other curricula efforts by teaching and providing continuous reinforcement of practices throughout programming tasks. In this paper, we evaluate our prototype tool, ASIDE, which provides instant security warnings, detailed explanations of vulnerabilities, and code generation. We report the results of an observational study on 20 students from an advanced Web programming course. The results provide early evidence that our tool could potentially help students learn about and practice secure programming in the context of their programming assignments.