• About
  • Policies
  • What is open access
  • Library
  • Contact
Advanced search
      View Item 
      •   BUIR Home
      • Scholarly Publications
      • Faculty of Engineering
      • Department of Computer Engineering
      • View Item
      •   BUIR Home
      • Scholarly Publications
      • Faculty of Engineering
      • Department of Computer Engineering
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      Understanding security vulnerabilities in student code: A case study in a non-security course

      Thumbnail
      Embargo Lift Date: 2023-12-14
      View / Download
      3.8 Mb
      Author(s)
      Yilmaz, Tolga
      Ulusoy, Özgür
      Date
      2021-12-14
      Source Title
      The Journal of Systems and Software
      Print ISSN
      0164-1212
      Electronic ISSN
      1873-1228
      Publisher
      Elsevier Inc.
      Volume
      185
      Pages
      111150- 1 - 111150- 11
      Language
      English
      Type
      Article
      Item Usage Stats
      5
      views
      1
      downloads
      Abstract
      Secure coding education is quite important for students to acquire the skills to quickly adapt to the evolving threats towards the software they are expected to create once they graduate. Educators are also more aware of this situation and incorporate teaching security in their respective fields. An effective application of this is only possible by cultivating the teaching and learning perspectives. Understanding the security awareness and practice of students is useful as an initial step to create a baseline for teaching methods and content. In this paper, we first survey to investigate how students approach security and what could motivate them to learn and apply security practices. Then, we analyze the source code for 6 semesters of coding assignments for 2 tasks using a source code vulnerability analysis tool. In our analysis, we report the types of vulnerabilities and various aspects between them while incorporating the effect of student grades. We then explore the lexical and structural features of security in student code using data analysis and machine learning. For the lexical analysis, we build a classifier to extract informative features and for the structural analysis, we utilize Syntax Trees to represent code and perform clustering in terms of structural features where clusters themselves yield different vulnerability levels.
      Keywords
      Secure coding education
      Source code analysis
      Data mining
      Vulnerability analysis
      Permalink
      http://hdl.handle.net/11693/111260
      Published Version (Please cite this version)
      https://doi.org/10.1016/j.jss.2021.111150
      Collections
      • Department of Computer Engineering 1561
      Show full item record

      Browse

      All of BUIRCommunities & CollectionsTitlesAuthorsAdvisorsBy Issue DateKeywordsTypeDepartmentsCoursesThis CollectionTitlesAuthorsAdvisorsBy Issue DateKeywordsTypeDepartmentsCourses

      My Account

      Login

      Statistics

      View Usage StatisticsView Google Analytics Statistics

      Bilkent University

      If you have trouble accessing this page and need to request an alternate format, contact the site administrator. Phone: (312) 290 2976
      © Bilkent University - Library IT

      Contact Us | Send Feedback | Off-Campus Access | Admin | Privacy