Tutorial: A Lightweight Web Application for Software Vulnerability Demonstration

David Lee, Brandon Steed, Yi Liu, Onyeka Ezenwoye

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    1 Scopus citations

    Abstract

    In cybersecurity education, it is critical to introduce students to security concepts and keep them aware of common software security weaknesses. However, the effectiveness of delivering such knowledge is complicated by the lack of practical security content and a case study that embeds contemporary security vulnerabilities for education.In this tutorial, we propose to introduce the participants to common web application vulnerabilities using a novel lightweight application case study that demonstrates software security weaknesses in a practical manner. With this tutorial, we will facilitate discussion about ways to expose students to security weaknesses, how to mitigate software vulnerabilities through secure software design and coding practices, as well as share ideas on how to improve the case study application.This three-part tutorial will first introduce the National Vulnerability Database. In addition, we will discuss the Common Weakness Enumeration and the relationship between vulnerabilities and weaknesses. We will then illustrate how the database is used to derive the common web application weaknesses. The second part of the tutorial will demonstrate the lightweight web application as a case study to illustrate the most common web application weaknesses. The participants will be guided on how to download and use the web application. This will include practical exercises of how to activate the built-in vulnerabilities that expose the common security weaknesses. Lastly, we will facilitate a discussion on the efficacy of the case study as a means for practical software vulnerability demonstration for education with a view on ways to enhance the case study.

    Original languageEnglish (US)
    Title of host publicationProceedings - 2021 IEEE Secure Development Conference, SecDev 2021
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages5-6
    Number of pages2
    ISBN (Electronic)9781665431705
    DOIs
    StatePublished - 2021
    Event2021 IEEE Secure Development Conference, SecDev 2021 - Virtual, Online, United States
    Duration: Oct 18 2021Oct 20 2021

    Publication series

    NameProceedings - 2021 IEEE Secure Development Conference, SecDev 2021

    Conference

    Conference2021 IEEE Secure Development Conference, SecDev 2021
    Country/TerritoryUnited States
    CityVirtual, Online
    Period10/18/2110/20/21

    Keywords

    • Vulnerability
    • Weakness
    • Web Application

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Software
    • Information Systems and Management
    • Safety, Risk, Reliability and Quality

    Fingerprint

    Dive into the research topics of 'Tutorial: A Lightweight Web Application for Software Vulnerability Demonstration'. Together they form a unique fingerprint.

    Cite this