This workshop will take place at the 35th IEEE International Conference on Software Engineering Education and Training (CSEE2023. Homepage: https://conf.researchr.org/home/cseet-2023 CSEE2023 Workshops Homepage https://conf.researchr.org/track/cseet-2023/cseet-workshop
Workshop Goals
Secure Code Warrior Survey Finds 86% of Developers Do Not View Application Security As a Top Priority. Research by Osterman found that 81% of developers admit to knowingly releasing vulnerable applications.
How do we provide resources and teach in a way that improves our security culture and makes it more engaging, rather than a difficult chore?
The workshop aims to gather together researchers and practitioners to discuss experiences in secure software development and promote a secure development culture. The goal of this workshop is to help software developers learn and practice secure development practices in a fun and engaging way. By the end of the workshop, participants should have a better understanding of common security vulnerabilities and how to avoid them in their code.
Introduction to Secure Development Practices: The workshop will start with an introduction to the importance of secure development practices, the consequences of security vulnerabilities, and the basics of secure coding.
Threat Modeling: Participants will learn about threat modeling and how to identify potential security threats in their applications. They will also learn how to prioritize threats based on their severity and likelihood.
Secure Coding: The workshop will cover best practices for writing secure code, including input validation, secure authentication, and access control. Participants will also learn about common vulnerabilities, such as SQL injection and cross-site scripting, and how to prevent them.
Secure Code Reviews: Participants will learn how to conduct a secure code review to identify security vulnerabilities in their code. They will also learn how to provide constructive feedback to their peers.
Secure Software Development Lifecycle: The workshop will cover the different phases of the secure software development lifecycle, including planning, design, implementation, testing, and maintenance. Participants will learn how to integrate security into each phase of the development process.
Gamification of Secure Development Practices: To make the workshop more engaging, participants will be encouraged to participate in gamification activities, such as challenges and competitions. This will help them apply the concepts they have learned and make the learning experience more enjoyable.
By the end of the workshop, participants will have a better understanding of secure development practices and how to teach the concepts to encourage a strong security culture within engineering teams. They will also have gained practical experience through the gamification activities, which will help them to engage software engineers and bring the topic of secure software development to life!
Jessie is an award winning Software Engineer at CybSafe, Co-Founder and Co-host of Glowing in Tech. She is a key part of the Leadership Team for Coding Black Females. She’s delivered technical talks for companies including LeadDev, codebar, General Assembly, Docker, Girls into Coding & Daily Dev. She has instructed and delivered courses on behalf of companies such as Love Circular, CybSafe, Coding Black Females and UBS.