SlideShare a Scribd company logo

Exercise Perceptions: Experience Report From A Secure Software Development Course

Download as PPTX, PDF
Akond Rahman, profile picture
Akond Rahman

The document presents an experiential report on a secure software development course, highlighting students' perceptions of various exercises conducted during the semester. It includes both positive and negative feedback on the exercises, students' motivations for enrollment, and the implications of exercise diversity. Additionally, it provides links to public repositories for exercise materials and discusses limitations in generalizability and sample size.

Education
Related topics:
Information SecurityInsights on Software Development
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Exercise Perceptions: Experience Report From A Secure Software Development Course Dibyendu Brinto Bose 1 Akond Rahman Hossain Shahriar Sep 10, 2021
Introduction 2 U.S. White House Executive Order Workforce Development
Introduction 3 Bounty payout is highest for software Top vulnerabilities from 2020 are software-related
Introduction 4 CEROC CS @ TnTech
Secure Software Development 5 Exercises Lectures Semester-long Projects
Secure Software Development: Exercises 6 Exercises • Eight exercises • Exercises assigned after lectures • 14 week semester • 12 student course
Exercise List 7 Git Hooks for Automated Security Static Analysis Logging Location Privacy Violations in Android Projects Validation of Security Requirements
Exercise List 8 Security Weaknesses Security Static Analysis for Adversarial Machine Learning Taint Analysis White-box Fuzzing
Methodology 9 Answer to RQ1 Answer to RQ2 Answer to RQ3 Survey Gradebook Analysis
Findings: Motivation 10 Academic Requirements (2 out of 12) Gain Research Background (3 out of 12) Career Development (7 out of 12)
Findings 11 0 2 4 6 8 10 12 Exercise Project Lecture Respondent Count Material Best-suited for Enrollment Motivation
Findings: Positive Perceptions 12 Program Comprehension Practicality Lecture Reinforcement
Findings: Positive Perceptions (Contd.) 13 Skillset Development Sense of Accomplishment Self Evaluation
Findings: Positive Perceptions (Contd.) 14 Exercise Positive Perception Git Hook Skillset Development, Practicality Logging Skillset Development, Lecture Reinforcement, Program Comprehension, Practicality Privacy Violation Skillset Development, Practicality Security Requirements Skillset Development, Practicality Security Smells Skillset Development, Lecture Reinforcement, Practicality, Sense of Accomplishment Adversarial Machine Learning Practicality Taint Analysis Skillset Development, Program Comprehension, Practicality, Self Evaluation Fuzzing Skillset Development, Lecture Reinforcement, Practicality, Sense of Accomplishment , Self Evaluation
Findings: Negative Perceptions 15 Limiting Documentation Lack of Background Artifact Management
Findings: Negative Perceptions (Contd.) 16 Exercise Negative Perception Git Hook None Logging Lack of Background, Artifact Management Privacy Violation Limiting Documentation Security Requirements None Security Smells Lack of Background, Artifact Management Adversarial Machine Learning Artifact Management Taint Analysis Lack of Background, Artifact Management Fuzzing Artifact Management
Implications 17 • Students prefer real-world exercises • Good and bad of exercise diversity • Curious case of taint analysis: background on program analysis and recursion
- A list of positive perceptions related to exercises in the ’Secure Software Development’ course. - A list of negative perceptions related to exercises in the ’Secure Software Development’ course. - A list of students’ motivations to enroll in the ’Secure Software Development’ course. - A publicly available repository of materials to conduct necessary exercises. Our Contribution 18
- https://github.com/paser-group/continuous-secsoft/ - https://hub.docker.com/repository/docker/akondrahman/sec -soft-edu-materials Our Contribution (Contd.) 19
- Rater bias - Small sample of 12 students - Generalizability Limitations 20
Summary 21 arahman@tntech.edu akondrahman.github.io @akondrahman Findings: Motivation 8 Academic Requirements (2 out of 12) Gain Research Background (3 out of 12) Career Development (7 out of 12) Findings: Positive Perceptions 10 Program Comprehension Practicality Lecture Reinforcement Introduction 2 U.S. White House Executive Order State of Tennessee CEROC Workforce Development

More Related Content

PPTX
How Do Students Feel About Automated Security Static Analysis Exercises?
Akond Rahman
 
PPTX
Promise 2011: "Empirical validation of human factors on predicting issue reso...
CS, NcState
 
PPTX
Ease2017 - Operationalizing the Experience Factory for Effort Estimation in A...
Davide Taibi
 
PPTX
Learning to learn
Constance de Quatrebarbes
 
PPTX
Task v Process CEISEE May 2016
clive rosen
 
PDF
Customized software testing and Regression testing
ITM Universe - Vadodara
 
PDF
DevOps for Humans
Noah Zoschke
 
PPTX
Adoption of Software Testing in Open Source Projects - A Preliminary Study on...
Pavneet Singh Kochhar
 
How Do Students Feel About Automated Security Static Analysis Exercises?
Akond Rahman
 
Promise 2011: "Empirical validation of human factors on predicting issue reso...
CS, NcState
 
Ease2017 - Operationalizing the Experience Factory for Effort Estimation in A...
Davide Taibi
 
Learning to learn
Constance de Quatrebarbes
 
Task v Process CEISEE May 2016
clive rosen
 
Customized software testing and Regression testing
ITM Universe - Vadodara
 
DevOps for Humans
Noah Zoschke
 
Adoption of Software Testing in Open Source Projects - A Preliminary Study on...
Pavneet Singh Kochhar
 

Similar to Exercise Perceptions: Experience Report From A Secure Software Development Course (20)

PPT
Whittaker How To Break Software Security - SoftTest Ireland
David O'Dowd
 
PDF
Injecting simplicity not SQL RSA Europe 2010
Security Ninja
 
PDF
Application Assessment Techniques
Denim Group
 
PDF
Software Mining and Software Datasets
Tao Xie
 
PPT
Software Security in the Real World
Mark Curphey
 
PDF
Beyond security testing
Cu Nguyen
 
PPTX
Metrics for Security Effort Prioritization
Chris Theisen
 
PDF
Salesforce New Jersey User Group - Security Awareness
InternetCreations
 
PPTX
Agile and Secure SDLC
Nazar Tymoshyk, CEH, Ph.D.
 
PPTX
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
PDF
Human Factors in Security: Toward Security-Conscious Development
VMware Tanzu
 
PPT
Testingfor Sw Security
ankitmehta21
 
PPTX
Secure App Aspirations: Why it is very difficult in the real world
Ollie Whitehouse
 
PPTX
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Dilum Bandara
 
PPT
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
gealehegn
 
PPTX
Enumerating software security design flaws throughout the ssdlc cosac - 201...
John M. Willis
 
PPTX
Enumerating software security design flaws throughout the SSDLC
John M. Willis
 
PPSX
Introduction to threat_modeling
Prabath Siriwardena
 
PPTX
Built-in Security Mindfulness for Software Developers
Phú Phùng
 
PPT
Software Security Engineering
Marco Morana
 
Whittaker How To Break Software Security - SoftTest Ireland
David O'Dowd
 
Injecting simplicity not SQL RSA Europe 2010
Security Ninja
 
Application Assessment Techniques
Denim Group
 
Software Mining and Software Datasets
Tao Xie
 
Software Security in the Real World
Mark Curphey
 
Beyond security testing
Cu Nguyen
 
Metrics for Security Effort Prioritization
Chris Theisen
 
Salesforce New Jersey User Group - Security Awareness
InternetCreations
 
Agile and Secure SDLC
Nazar Tymoshyk, CEH, Ph.D.
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
Human Factors in Security: Toward Security-Conscious Development
VMware Tanzu
 
Testingfor Sw Security
ankitmehta21
 
Secure App Aspirations: Why it is very difficult in the real world
Ollie Whitehouse
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Dilum Bandara
 
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
gealehegn
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
John M. Willis
 
Enumerating software security design flaws throughout the SSDLC
John M. Willis
 
Introduction to threat_modeling
Prabath Siriwardena
 
Built-in Security Mindfulness for Software Developers
Phú Phùng
 
Software Security Engineering
Marco Morana
 
Ad

More from Akond Rahman (12)

PPTX
Under-reported Security Defects in Kubernetes Manifests
Akond Rahman
 
PPTX
Shhh!: Secret Management Practices for Infrastructure as Code
Akond Rahman
 
PPTX
Synthesizing Program Execution Time Discrepancies in Julia Used for Scientifi...
Akond Rahman
 
PPTX
Source Code Properties of Defective Infrastructure as Code Scripts
Akond Rahman
 
PPTX
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Akond Rahman
 
PPTX
What Questions Do Programmers Ask About Configuration as Code?
Akond Rahman
 
PPTX
Comprehension Effort and Programming Activities: Related? Or Not Related?
Akond Rahman
 
PPTX
Characterizing Defective Configuration Scripts Used for Continuous Deployment
Akond Rahman
 
PDF
Predicting Android Application Security and Privacy Risk With Static Code Met...
Akond Rahman
 
PDF
Which Factors Influence Practitioners' Usage of Build Automation Tools?
Akond Rahman
 
PPTX
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...
Akond Rahman
 
PPTX
Synthesizing Continuous Deployment Practices in Software Development
Akond Rahman
 
Under-reported Security Defects in Kubernetes Manifests
Akond Rahman
 
Shhh!: Secret Management Practices for Infrastructure as Code
Akond Rahman
 
Synthesizing Program Execution Time Discrepancies in Julia Used for Scientifi...
Akond Rahman
 
Source Code Properties of Defective Infrastructure as Code Scripts
Akond Rahman
 
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Akond Rahman
 
What Questions Do Programmers Ask About Configuration as Code?
Akond Rahman
 
Comprehension Effort and Programming Activities: Related? Or Not Related?
Akond Rahman
 
Characterizing Defective Configuration Scripts Used for Continuous Deployment
Akond Rahman
 
Predicting Android Application Security and Privacy Risk With Static Code Met...
Akond Rahman
 
Which Factors Influence Practitioners' Usage of Build Automation Tools?
Akond Rahman
 
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...
Akond Rahman
 
Synthesizing Continuous Deployment Practices in Software Development
Akond Rahman
 
Ad

Recently uploaded (20)

PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 

Exercise Perceptions: Experience Report From A Secure Software Development Course