An Educational Intervention for Teaching Secure Coding Practices - Information Security Education
Conference Papers Year : 2019

An Educational Intervention for Teaching Secure Coding Practices

Abstract

Cybersecurity vulnerabilities are typically addressed through the implementation of various cybersecurity controls. These controls can be operational, technical or physical in nature. The focus of this paper is on technical controls with a specific focus on securing web applications. The secure coding practices used in this research are based on OWASP. An initial investigation found that there was a general lack of adherence to these secure coding practices by third year software development students doing their capstone project at a South African University. This research therefore focused on addressing this problem by developing an educational intervention to teach secure coding practices, specifically focusing on the data access layer of web applications developed in the .NET environment. Pre-tests and post-tests were conducted in order to determine the effectiveness of the intervention. Results indicated an increase in both knowledge and behaviour regarding the identified secure coding practices after exposure to the intervention.
Fichier principal
Vignette du fichier
485999_1_En_1_Chapter.pdf (809.27 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02365736 , version 1 (15-11-2019)

Licence

Identifiers

Cite

Vuyolwethu Mdunyelwa, Lynn Futcher, Johan Van Niekerk. An Educational Intervention for Teaching Secure Coding Practices. 12th IFIP World Conference on Information Security Education (WISE), Jun 2019, Lisbon, Portugal. pp.3-15, ⟨10.1007/978-3-030-23451-5_1⟩. ⟨hal-02365736⟩
141 View
115 Download

Altmetric

Share

More