Beruflich Dokumente
Kultur Dokumente
SIDE:
A Web-based Integrated Development Environment (IDE) for Teaching PHP
Secure Coding to Novice Programmers
Researchers: Abstract
Gerard Miller, Penelope DeFreitas, The problem of secure coding has received much attention over the last decade from many stakeholders of the
Aurell Liddell
Software Development Life Cycle (SDLC). Though the problem is of grave concern, many universities do not offer a
dedicated security track or any secure coding courses. Some universities offer security courses but see low enroll-
ment since these courses are not mandatory for all Computer Science students. When this occurs the poor coding
practices learn are then taken into industry hence being one of the reasons for software vulnerabilities in enterprise
applications.
We sought to discover the awareness of secure coding concepts among the University of Guyana Computer
Science faculty and students. Also, we built a web-based Integrated Development Environment (IDE) that uses static
analysis to detect simple vulnerabilities in PHP web applications. We targeted PHP web applications since they are
very pervasive. The study was centered on final year Bachelor of Science in Computer Science students since they
We report on the findings of the survey and simple evaluation of the tool we developed.
Keywords: Static Analysis, Secure Coding, Web-based IDE, Security Education, Integrated Development Environ-
ment.
Remarks
The study revealed need for focus on secure coding. In order to draw firm conclusions
on the usability and efficacy of SIDE, we need a conduct a longitudinal study and have
full participation from CSI faculty and students. We were able to determine the state of
affairs with respect to secure coding among CSI final year students. Given more time
we can explore more methods of implementing vulnerability detection and allow for Ob-
ject-Oriented support and larger code bases. All of our objectives can be fully achieved
once the limitation of user participation and time are addressed.
Figure 1: The conceptual model of Secure IDE