As mobile computing is now becoming more and more popular, the security threats to mobile applications are also growing explosively. Mobile app flaws and security defects could open doors for hackers to break into them and access sensitive information. Most vulnerabilities should be addressed in the early stage of mobile software development. However, many software development professionals lack awareness of the importance of security vulnerability and the necessary security knowledge and skills at the development stage. The combination of the prevalence of mobile devices and the rapid growth of mobile threats has resulted in a shortage of secure software development professionals. Many schools offer mobile app development courses in computing curriculum; however, secure software development is not yet well represented in most schools' computing curriculum. This paper addresses the needs of authentic and active pedagogical learning materials for SSD and challenges of building Secure Software Development (SSD) capacity through effective, engaging, and investigative approaches. In this paper, we present an innovative authentic and active SSD learning approach through a collection of transferrable learning modules with hands-on companion labs based on the Open Web Application Security Project (OWASP) recommendations. The preliminary feedback from students is positive. Students have gained hands-on real world SSD learning experiences with Android mobile platform and also greatly promoted self-efficacy and confidence in their mobile SSD learning.
more »
« less
Authentic Learning Secure Software Development (SSD) in Computing Education
As mobile computing is now becoming more and
more popular, the security threats to mobile applications are
also growing explosively. Mobile app flaws and security defects
could open doors for hackers to break into them and access
sensitive information. Most vulnerabilities should be addressed
in the early stage of mobile software development. However,
many software development professionals lack awareness of the
importance of security vulnerability and the necessary security
knowledge and skills at the development stage. The
combination of the prevalence of mobile devices and the rapid
growth of mobile threats has resulted in a shortage of secure
software development professionals. Many schools offer mobile
app development courses in computing curriculum; however,
secure software development is not yet well represented in most
schools' computing curriculum. This paper addresses the needs
of authentic and active pedagogical learning materials for SSD
and challenges of building Secure Software Development (SSD)
capacity through effective, engaging, and investigative
approaches. In this paper, we present an innovative authentic
and active SSD learning approach through a collection of
transferrable learning modules with hands-on companion labs
based on the Open Web Application Security Project (OWASP)
recommendations. The preliminary feedback from students is
positive. Students have gained hands-on real world SSD
learning experiences with Android mobile platform and also
greatly promoted self-efficacy and confidence in their mobile
SSD learning.
more »
« less
- NSF-PAR ID:
- 10104312
- Date Published:
- Journal Name:
- IEEE Frontiers in Education (FIE) Conference
- Page Range / eLocation ID:
- 1-9
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of our software, and militate the consequence of damages of data loss caused by potential malicious attacking. However, many software developer professionals lack the necessary security knowledge and skills at the development stage and Secure Mobile Software Development (SMSD) is not yet well represented in current computing curriculum. In this paper we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We categorized the common mobile vulnerability for developers based on OWASP mobile security recommendations and developed detectors to meet the SMSD needs in industry and education.more » « less
-
The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of our software, and militate the consequence of damages of data loss caused by potential malicious attacking. However, many software developer professionals lack the necessary security knowledge and skills at the development stage and Secure Mobile Software Development (SMSD) is not yet well represented in current computing curriculum. In this paper we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We categorized the common mobile vulnerability for developers based on OWASP mobile security recommendations and developed detectors to meet the SMSD needs in industry and education.more » « less
-
As mobile computing is becoming more and more popular, the security threats to mobile applications are simultaneously increasing explosively. Most malicious activities hack the user’s private information, such as contact and location information, hijack the user’s transactions and communications, and exploit the confidential enterprise data stored in mobile databases or in cache on mobile devices. Database security is one of the most important security areas to be addressed. Many schools are integrating database security topics into database and cybersecurity education. This paper addresses the needs for pedagogical learning materials for database security education and the challenges of building database security capacity through effective, engaging, and investigative learning approaches, through transferrable and integratable mobile-based learning modules with hands-on companion labs based on the OWASP recommendations, such as input validation, data encryption, data sharing, auditing, and others. The primary goal of this learning approach is to create a motivating learning environment that encourages and engages all students in database security concepts and practices learning. The preliminary feedback from students was positive. Students gained hands-on real world learning experiences on Mobile Database Security (MDS) with Android mobile devices, which also greatly promoted students’ self-efficacy and confidence in their mobile security learning.more » « less
-
While the number of mobile and web applications is growing exponentially, the mobile and web security threat landscape is growing explosively. Malicious malware may attack vulnerable applications and obtain personal or enterprise confidential data anywhere and anytime. Most vulnerabilities should be addressed and fixed during the early stages of software development. However, many software development professionals lack the awareness of the importance of security vulnerabilities and the necessary knowledge and skills at the software development stage. This paper addresses the needs and challenges of the lack of pedagogical materials and real-world learning environment in ProActive Control for Software Security (PASS) through effective, engaging, and investigative authentic learning approaches.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/FIE.2018.8659217
