Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard

03/08/2021
by   Sarah Elder, et al.
0

Lack of security expertise among software practitioners is a problem with many implications. First, there is a deficit of security professionals to meet current needs. Additionally, even practitioners who do not plan to work in security may benefit from increased understanding of security. The goal of this paper is to aid software engineering educators in designing a comprehensive software security course by sharing an experience running a software security course for the eleventh time. Through all the eleven years of running the software security course, the course objectives have been comprehensive - ranging from security testing, to secure design and coding, to security requirements to security risk management. For the first time in this eleventh year, a theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). Based upon student performance on a final exploratory penetration testing project, this mapping may have increased students' depth of understanding of a wider range of security topics. The students efficiently detected 191 unique and verified vulnerabilities of 28 different Common Weakness Enumeration (CWE) types during a three-hour period in the OpenMRS project, an electronic health record application in active use.

READ FULL TEXT

page 1

page 7

research
09/04/2023

Designing a Security System Administration Course for Cybersecurity with a Companion Project

In the past few years, an incident response-oriented cybersecurity progr...
research
04/26/2022

XSS for the Masses: Integrating Security in a Web Programming Course using a Security Scanner

Cybersecurity education is considered an important part of undergraduate...
research
09/18/2023

Evaluating the Impact of ChatGPT on Exercises of a Software Security Course

Along with the development of large language models (LLMs), e.g., ChatGP...
research
11/01/2018

Senior Project Management System: Requirements, Specification, and Design Issues

Senior project is a typical essential course in computing educational pr...
research
03/25/2020

Towards an Insightful Computer Security Seminar

In this paper we describe our experience in designing and evaluating our...
research
02/12/2021

Learning Software Quality Assurance with Bricks

Software Quality Assurance (SQA) and Software Process Improvement (SPI) ...

Please sign up or login with your details

Forgot password? Click here to reset