More Like this

1. Authentic Learning on DevOps Security with Labware: Git Hooks To Facilitate Automated Security Static Analysis

   Rahman, Md_Mostafizur; Barek, Md_Abdul; Akter, Mst_Shapna; Riad, Abm_Kamrul_Islam; Rahman, Md_Abdur; Shahriar, Hossain; Rahman, Akond; Wu, Fan (July 2024, Proc. of The 48th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2024))

   This paper presents an innovative approach to DevOps security education, addressing the dynamic landscape of cybersecurity threats. We propose a student-centered learning methodology by developing comprehensive hands-on learning modules. Specifically, we introduce labware modules designed to automate static security analysis, empowering learners to identify known vulnerabilities efficiently. These modules offer a structured learning experience with pre-lab, hands-on, and post-lab sections, guiding students through DevOps concepts and security challenges. In this paper, we introduce hands-on learning modules that familiarize students with recognizing known security flaws through the application of Git Hooks. Through practical exercises with real-world code examples containing security flaws, students gain proficiency in detecting vulnerabilities using relevant tools. Initial evaluations conducted across educational institutions indicate that these hands-on modules foster student interest in software security and cybersecurity and equip them with practical skills to address DevOps security vulnerabilities. 

   more » « less
2. Teaching DevOps Security Education with Hands-on Labware: Automated Detection of Security Weakness in Python

   Akter, Mst Shapna; Shahriar, Hossain; Rodriguez-Cardenas, Juanjose; Rahman, Md Mostafizur; Rahman, Akond; Wu, Fan (November 2023, Proceedings of the Information Systems and Computing Academic Professionals (ISCAP) Conference)

   The field of DevOps security education necessitates innovative approaches to effectively address the ever evolving challenges of cybersecurity. Adopting a student-centered approach, there is the need for the design and development of a comprehensive set of hands-on learning modules. In this paper, we introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses, based on taint tracking to accurately pinpoint vulnerable code. To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and post-lab sections. They all provide introduction to specific DevOps topics and software security problems at hand, followed by practicing with real world code examples having security issues to detect them using tools. The initial evaluation results from a number of courses across multiple schools show that the hands-on modules are enhancing the interests among students on software security and cybersecurity, while preparing them to address DevOps security vulnerabilities. 

   more » « less
3. Teaching DevOps Security Education with Hands-on Labware: Automated Detection of Security Weakness in Python

   Akter, M; Rodriguez-Cardenas, J; Shahriar, H; Rahman, A; Wu, F (November 2023, ISCAP)

   The field of DevOps security education necessitates innovative approaches to effectively address the ever evolving challenges of cybersecurity. Adopting a student-centered approach, there is the need for the design and development of a comprehensive set of hands-on learning modules. In this paper, we introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses, based on taint tracking to accurately pinpoint vulnerable code. To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and post-lab sections. They all provide introduction to specific DevOps topics and software security problems at hand, followed by practicing with real world code examples having security issues to detect them using tools. The initial evaluation results from a number of courses across multiple schools show that the hands-on modules are enhancing the interests among students on software security and cybersecurity, while preparing them to address DevOps security vulnerabilities. 

   more » « less
4. Teaching DevOps Security Education with Hands-on Labware: Automated Detection of Security Weakness in Python

   Akter, Mst_Shapna; Hossain, Shahriar; Rodriguez-Cardenas, Juanjose; Rahman, Md_Mostafizur; Rahman, Akond; Wu, Fan (November 2023, Proceedings of the Information Systems and Computing Academic Professionals (ISCAP) Conference)

   The field of DevOps security education necessitates innovative approaches to effectively address the ever evolving challenges of cybersecurity. Adopting a student-centered approach, there is the need for the design and development of a comprehensive set of hands-on learning modules. In this paper, we introduce hands-on learning modules that enable learners to be familiar with identifying known security weaknesses, based on taint tracking to accurately pinpoint vulnerable code. To cultivate an engaging and motivating learning environment, our hands-on approach includes a pre-lab, hands-on and postlab sections. They all provide introduction to specific DevOps topics and software security problems at hand, followed by practicing with real world code examples having security issues to detect them using tools. The initial evaluation results from a number of courses across multiple schools show that the hands-on modules are enhancing the interests among students on software security and cybersecurity, while preparing them to address DevOps security vulnerabilities. 

   more » « less
5. White-box Fuzzing in the Wild: A Chaos Engineering Module for DevOps Security Education

   Rahman, Md Mostafizur; Rashid, Md Bajlur; Barek, Md Abdul; Riad, ABM Kamrul; Rahman, Md Abdur; Shahriar, Hossain; Rahman, Akond; Wu, Fan; Francia, Guillermo; Faruk, Md Jobair; et al (July 2025, IEEE)

   In today’s fast-paced software development environments, DevOps has revolutionized the way teams build, test, and deploy applications by emphasizing automation, collaboration, and continuous integration/continuous delivery (CI/CD). However, with these advancements comes an increased need to address security proactively, giving rise to the DevSecOps movement, which integrates security practices into every phase of the software development lifecycle. DevOps security remains underrepresented in academic curricula despite its growing importance in the industry. To address this gap, this paper presents a handson learning module that combines Chaos Engineering and Whitebox Fuzzing to teach core principles of secure DevOps practices in an authentic, scenario-driven environment. Chaos Engineering allows students to intentionally disrupt systems to observe and understand their resilience, while White-box Fuzzing enables systematic exploration of internal code paths to discover cornercase vulnerabilities that typical tests might miss. The module was deployed across three academic institutions, and both pre- and post-surveys were conducted to evaluate its impact. Pre-survey data revealed that while most students had prior experience in software engineering and cybersecurity, the majority lacked exposure to DevOps security concepts. Post-survey responses gathered through ten structured questions showed highly positive feedback 66.7% of students strongly agreed, and 22.2% agreed that the hands-on labs improved their understanding of secure DevOps practices. Participants also reported increased confidence in secure coding, vulnerability detection, and resilient infrastructure design. These findings support the integration of experiential learning techniques like chaos simulations and white-box fuzzing into security education. By aligning academic training with realworld industry needs, this module effectively prepares students for the complex challenges of modern software development and operations. 

   more » « less