@inproceedings{1c9211321d404303950a73639eeeac00,
title = "Can the security mindset make students better testers?",
abstract = "Writing secure code requires a programmer to think both as a defender and an attacker. One can draw a parallel between this model of thinking and techniques used in test-driven development, where students learn by thinking about how to effectively test their code and anticipate possible bugs. In this study, we analyzed the quality of both attack and defense code that students wrote for an assignment given in an introductory security class of 75 (both graduate and senior undergraduate levels) at NYU. We made several observations regarding students' behaviors and the quality of both their defensive and offensive code. We saw that student defensive programs (i.e., assignments) are highly unique and that their attack programs (i.e., test cases) are also relatively unique. In addition, we examined how student behaviors in writing defense programs correlated with their attack program's effectiveness. We found evidence that students who learn to write good defensive programs can write effective attack programs, but the converse is not true. While further exploration of causality is needed, our results indicate that a greater pedagogical emphasis on defensive security may benefit students more than one that emphasizes offense.",
keywords = "Access control, Python, Security, Testing",
author = "Sara Hooshangi and Richard Weiss and Justin Cappos",
note = "Publisher Copyright: Copyright {\textcopyright} 2015 ACM.; 46th SIGCSE Technical Symposium on Computer Science Education, SIGCSE 2015 ; Conference date: 04-03-2015 Through 07-03-2015",
year = "2015",
month = feb,
day = "24",
doi = "10.1145/2676723.2677268",
language = "English (US)",
series = "SIGCSE 2015 - Proceedings of the 46th ACM Technical Symposium on Computer Science Education",
publisher = "Association for Computing Machinery",
pages = "404--409",
editor = "Adrienne Decker and Kurt Eiselt and Jodi Tims and Carl Alphonce",
booktitle = "SIGCSE 2015 - Proceedings of the 46th ACM Technical Symposium on Computer Science Education",
}