Hands-On Teaching of Software and Web Applications Security

Abstract

Well-educated and technically skilled engineers, developers and programmers of secure software and Web systems are in high demand in industry these days. As a result, there is a need for a design and development of learning content aimed, on one hand, at software and Web security concepts, models, methods, algorithms, schemes, technologies, techniques, and tools used to design, develop, deploy, and maintain highly secure software and Web systems. On the other hand, due to multiple reports by professional societies, agencies and consulting firms in information/data security, students should obtain deep knowledge and excellent hands-on technical skills for a reliable protection of real-world software, Web and computer information systems against advanced types of modern computer attacks (that are, sometime, called Attacks 2.0). The purpose of this paper is to present designed, developed and tested elements of “Software and Web Applications Security” undergraduate and graduate courses that are based on active hands-on teaching approach; it is focused on developed learning framework for each type of computer attack discussed. This framework includes 1) analysis of relevant vulnerabilities in software and Web systems; 2) an overview of computer attack; 3) demonstration of an attack in a real time in lab environment; 4) attack's step-by-step algorithm (procedure); 5) software implementation of an attack; 6) prevention of an attack and defense mechanism(s); 7) advanced types of an attack; and 8) relevant hands-on exercises.