Design of Secure Coding Challenges for Cybersecurity Education in the Industry

Gasiba, Tiago Espinha; Lechner, Ulrike; Pinto-Albuquerque, Maria; Zouitni, Alae

doi:10.1007/978-3-030-58793-2_18

Cited by 11 publications

(20 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…i.e., code that is free from known vulnerabilities and adheres to secure coding policies. Previous work introduced the CyberSecurity Challenges from a theoretical point-of-view [11,16] and focused on particular aspects [15]. The current work extends previous publications by a presentation of a unified view on the design process, tailoring to the industry's needs and the perceived usefulness of the CSC events.…”

Section: Introductionmentioning

confidence: 59%

See 1 more Smart Citation

CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments

Gasiba

Lechner

Pinto-Albuquerque

2021

Lecture Notes in Information Systems and Organisation

Self Cite

View full text Add to dashboard Cite

Awareness of cybersecurity topics facilitates software developers to produce secure code. This awareness is especially important in industrial environments for the products and services in critical infrastructures. In this work, we address how to raise awareness of software developers on the topic of secure coding. We propose the "CyberSecurity Challenges", a serious game designed to be used in an industrial environment and address software developers' needs. Our work distills the experience gained in conducting these CyberSecurity Challenges in an industrial setting. The main contributions are the design of the CyberSecurity Challenges events, the analysis of the perceived benefits, and practical advice for practitioners who wish to design or refine these games.

show abstract

Section: Introductionmentioning

confidence: 59%

“…The present work uses serious games to achieve the goal of raising secure coding awareness of software developers in the industry. Previous work on selected design aspects and a smaller empirical basis on the CSC includes [11][12][13][14][15][16][17].…”

Section: Related Workmentioning

confidence: 99%

CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments

Gasiba

Lechner

Pinto-Albuquerque

2021

Lecture Notes in Information Systems and Organisation

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [6], Gasiba et al study the requirements that a game designer should follow in order to target the game to software developers in the industry. In a further work [8], the authors provide six concrete and different challenge types to be used in this kind of CTF event. One of these is the "code entry" challenge type, where the proposed idea is that player interacts through a web interface with a back-end by modifying vulnerable code until all the coding guidelines are fulfilled, thus solving the challenge.…”

Section: Standards Industry and Academic Effortsmentioning

confidence: 99%

“…Gasiba et. al [8] propose, in a similar work, six different challenge types. These challenges, which are also a form of programming exercises, are executed in the context of a serious game of the type CTF and target software developers in the industry.…”

Section: Related Workmentioning

confidence: 99%

“…In [8], the authors present a type of challenge for CTFs in the industry which is called code-entry challenge (CEC). The main idea of this type of challenge, is for the Player to be given a software development project that contains code that does not follow secure coding guidelines (SCG) and secure software development best practices (BP) and also contains security vulnerabilities.…”

Section: Problem Statementmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity Awareness Platform with Virtual Coach and Automated Challenge Assessment

Gasiba

Lechner

Pinto-Albuquerque

et al. 2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Over the last years, the number of cyber-attacks on industrial control systems has been steadily increasing. Among several factors, proper software development plays a vital role in keeping these systems secure. To achieve secure software, developers need to be aware of secure coding guidelines and secure coding best practices. This work presents a platform geared towards software developers in the industry that aims to increase awareness of secure software development. The authors also introduce an interactive game component, a virtual coach, which implements a simple artificial intelligence engine based on the laddering technique for interviews. Through a survey, a preliminary evaluation of the implemented artifact with real-world players (from academia and industry) shows a positive acceptance of the developed platform. Furthermore, the players agree that the platform is adequate for training their secure coding skills. The impact of our work is to introduce a new automatic challenge evaluation method together with a virtual coach to improve existing cybersecurity awareness training programs. These training workshops can be easily held remotely or off-line.

show abstract

An Investigation into Educational Process Models for Teaching Secure Programming

Mdunyelwa

Futcher

Niekerk

2022

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

Design of Secure Coding Challenges for Cybersecurity Education in the Industry

Cited by 11 publications

References 15 publications

CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments

CyberSecurity Challenges for Software Developer Awareness Training in Industrial Environments

Cybersecurity Awareness Platform with Virtual Coach and Automated Challenge Assessment

An Investigation into Educational Process Models for Teaching Secure Programming

Contact Info

Product

Resources

About