Abstract
Since web browsers have become essential to accomplishing everyday tasks, developing secure web applications has become a priority in order to protect user data, corporate databases and critical infrastructure against cyber-crimes . This research presents a game-like (gamification) approach to teach key concepts and skills on how to develop secure web applications. Gamification draws on motivational models, one of psychological theories. Gamification design has great potential over traditional education where we often find students demotivated and lecturers failing to engage them in learning activities. This research created game-like learning modules to teach top vulnerabilities and countermeasures for these top vulnerabilities in secure web developments including SQL injection, broken authentication and session management, cross site scripting, insecure direct object references, etc. In this paper, each module is self-contained with a module background, sample module questions, and the expected learning outcomes of each module.
Included in
Curriculum and Instruction Commons, Engineering Education Commons, Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons
SSETGami: Secure Software Education Through Gamification
Since web browsers have become essential to accomplishing everyday tasks, developing secure web applications has become a priority in order to protect user data, corporate databases and critical infrastructure against cyber-crimes . This research presents a game-like (gamification) approach to teach key concepts and skills on how to develop secure web applications. Gamification draws on motivational models, one of psychological theories. Gamification design has great potential over traditional education where we often find students demotivated and lecturers failing to engage them in learning activities. This research created game-like learning modules to teach top vulnerabilities and countermeasures for these top vulnerabilities in secure web developments including SQL injection, broken authentication and session management, cross site scripting, insecure direct object references, etc. In this paper, each module is self-contained with a module background, sample module questions, and the expected learning outcomes of each module.
Comments
This material is based upon work supported by the National Science Foundation under Grant No. 1623624 and 1663105. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.