Abstract
We have developed a complete set of open-source tutorials and hands-on lab exercises, called Secure WEb dEvelopment Teaching (SWEET), to introduce security concepts and practices for web and Java application development. SWEET provides introductory tutorials, teaching modules utilizing virtualized hands-on exercises, and project ideas in web and Java application security. In addition, SWEET provides pre-configured virtual computer for laboratory exercises. This paper describes the SWEET design and resources in general and its Java security module in particular. SWEET has been integrated into computing courses at multiple universities and it has supported innovative student projects like a secure web-based online trader simulator.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lawton, G.: Web 2.0 Creates Security Challenges. IEEE Computer (October 2007)
Andrews, M., Whittaker, J.A.: How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Addison-Wesley (2006)
Fisher, M.: Developer’s Guide to Web Application Security. Syngress (July 2006)
Garfinkel, S.: Web Security, Privacy and Commerce, 2nd edn. O’Reilly (2002)
Shah, S.: Web 2.0 Security - Defending Ajax, Ria, and Soa. Charles River (December 2007)
Stuttard, D., Pinto, M.: The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws. Wiley (2007)
Graff, M.G., van Wyk, K.R.: Secure Coding: Principles & Practices. O’Reilly (2003)
Grembi, J.: Secure Software Development: A Security Programmer’s Guide. Delmar Cengage Learning (2008)
Whitman, M.E., Mattord, H.J.: Hands-on Information Security Lab Manual. Thomson Course Technology, Boston (2005)
Du, W., Wang, R.: SEED: A Suite of Instructional Laboratories for Computer Security Education. ACM Journal on Educational Resources in Computing 8(1) (2008); The SEED project is also accessible at, http://www.cis.syr.edu/~wedu/seed/
Komaroff, M., Baldwin, K.: DoD Software Assurance Initiative (September 13, 2005)
The Open Web Application Project (OWASP), Software Assurance Maturity Model, Version 1.0, http://www.opensamm.org/ (released March 25, 2009)
McGraw, G., Chess, B.: Building Security In Maturity Model version 2, BSIMM2 (May 2010), http://bsimm2.com/
McGraw, G.: Software Security: Building Security. Addison-Wesley (2006)
Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press (2006)
Chen, L.-C., Lin, C.: Combining Theory with Practice in Information Security Education. In: Proceedings of the 11th Colloquium for Information Systems Security Education, Boston, June 4-7 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag GmbH Berlin Heidelberg
About this paper
Cite this paper
Tao, L., Chen, LC. (2012). Effective Web and Java Security Education with the SWEET Course Modules/Resources. In: Thaung, K. (eds) Advanced Information Technology in Education. Advances in Intelligent and Soft Computing, vol 126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25908-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-25908-1_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25907-4
Online ISBN: 978-3-642-25908-1
eBook Packages: EngineeringEngineering (R0)