Teaching the security mindset to CS1 students


In this 21st century technological world, the inherent problems of computer security are becoming increasingly important, and it is critical that our students gain the necessary skills and knowledge, early in their academic programs, to handle these problems. Specifically, the lack of security mindset is responsible for many overlooked and exploitable security bugs in the computer programs that these students design. While learning the security concepts generally requires a more advanced knowledge of computer science, learning the security mindset can be, and should be, addressed as early as CS 1. Although the primary focus of any traditional CS 1 course is that of basic programming concepts, we believe that teaching the security mindset in this course is valuable and effective. In this paper we discuss the course that we have taught for four terms-an introductory course that teaches the security mindset to beginner programmers. We start out by using the term-long incremental development of a security-sensitive program-the login program. Students develop the security mindset by thinking as both hackers and defenders, in order to catch and fix the logical and run-time errors that may lead to security breaches in the program.

DOI: 10.1145/2445196.2445299
View Slides

Extracted Key Phrases

Cite this paper

@inproceedings{Pournaghshband2013TeachingTS, title={Teaching the security mindset to CS1 students}, author={Vahab Pournaghshband}, booktitle={SIGCSE}, year={2013} }