Teaching a Hands-On CTF-Based Web Application Security Course-Reference-Cited by-同舟云学术

Teaching a Hands-On CTF-Based Web Application Security Course

Published:2022-10-29 Issue:21 Volume:11 Page:3517
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Ksiezopolski Bogdan^ORCID,Mazur Katarzyna^ORCID,Miskiewicz Marek^ORCID,Rusinek Damian^ORCID

Abstract

American philosopher John Dewey, in one of his most famous theories about the hands-on approach to learning, said that practical problem-solving and theoretical teaching should go hand-in-hand. This means students must interact with their environment to adapt and learn. Today, we almost take for granted that laboratory classes are an essential part of teaching science and engineering. Specific to cybersecurity, an integral piece of any training is the opportunity to work in an interactive hands-on environment: problem-solving skills are best developed in this fashion. In this paper, we present a hands-on web application security course based on OWASP Top 10 that allows students to learn through real-life experience. The virtual laboratories provided in our course simulate common vulnerabilities and issues mapped directly from OWASP Top 10, allowing students to be well-prepared for most of the critical security risks to web applications that arise in the real world. To examine how practical knowledge affects the learning experience and to measure the effectiveness of the proposed solution, we gathered learning data (such as the number of tries and the execution time for each exercise) from our cybersecurity course applied to a group of students at our university. Then, we examined correlations between students’ results and gathered statistics. In our research, we made use of a CTF-based approach, which is known as a valuable pedagogical tool for providing students with real-life problems and helping them gain more practical skills, knowledge, and expertise in the cybersecurity field.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/11/21/3517/pdf

Reference20 articles.

1. Cybersecurity: Trends, issues, and challenges;Cabaj;EURASIP J. Inf. Secur.,2018

2. Cybersecurity Skills Development in the EU—The Certification of Cybersecurity Degrees and ENISA’s Higher Education Database, 2019.

3. Švábenský, V., Vykopal, J., and Čeleda, P. What Are Cybersecurity Education Papers about? A Systematic Literature Review of SIGCSE and ITiCSE Conferences. Proceedings of the 51st ACM Technical Symposium on Computer Science Education.

4. Top 10 the Most Critical Web Application Security Risks. 2022.

5. Marciniak, J., Wójtowicz, A., Kolodziejczak, B., Szczepanski, M., and Stachowiak, A. Impact of Course Scheduling on Student Performance in Remote Learning. Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Teaching Cybersecurity to Engineering Students: A New Perspective Through Literature Review;2024 4th International Conference on Innovative Research in Applied Science, Engineering and Technology (IRASET);2024-05-16

2. Developing a Cybersecurity Training Environment through the Integration of OpenAI and AWS;Applied Sciences;2024-01-13

3. HackMySelf: Decrypting Cookies to Show the Theft of Personal Data in University Students;Lecture Notes in Networks and Systems;2024

4. KubeDeceive Unveiling Deceptive Approaches to Protect Kubernetes Clusters;2023-12-21