Effective Secure Coding Teaching Through Gamification

Image result for gamification

Effective ways to teach a technology nowadays is through gamification or a fun documentation. I have been to several workshops with Google and Amazon and they both used styles that are unconventional to teach and have the community try their cloud products.

Google during Google Cloud Summit, hosted an event called Cloud Hero (https://www.gc-launch.com/cloud-hero) for the community to have a hands-on at its Google Cloud Platform products through gamification. Participants were asked to wear capes (like a hero!) and asked to join a game room, desktop PC provided. Everyone would start on time and would be scored upon completion of tasks and speed. Participants are tasked to do certain things per GCP product to advance the game. Scores are shown live on a big screen and you can see the lead scorers. It was fun, challenging, and definitely learned a lot.

Amazon on the other hand hosted an AWS workshop (https://aws.amazon.com/getting-started/projects/build-modern-app-fargate-lambda-dynamodb-python/). This was a smaller event and participants just needed to follow tutorials for each AWS product that was short and sweet and made use of mythical creatures web application.

The two events have similarities in terms of having an engaging speaker and resource persons to help out participants. They emphasize on fun and minimal technical jargon.

One of our schoolmate in City University of Seattle had a small project, which is a capture-the-flag game Python web application that is designed to test your cyber security investigative skills.

A gamification study was made in 2013 and focused on the following topics: Validating User Input; Array Range Checking; Buffer Overflow; Operator Precedence; Rounding Errors; Returning Values and Handling Errors; Numeric Overflow/Underflow. The result of the study was the students were able to make clear correlation between game levels and information assurance concepts (Adamo-Villani, Oania & Cooper, 2013).

We may be able to execute a simple interactive game for a classroom setup. Tackling topics such as SDLC, SDL, threat modelling, attack surface, etc. With the hopes of students to retain the importance of security in every phase of SDLC and importance of software security more than application security with the latter costing more due to development of patches to patch vulnerabilities (Ransome & Misra, 2014).

Researchers were able to overcome perception that security was not important in SDLC. Not so much. The attendees wanted a balance between hands-on and theory. I believe that a gamification of hands-on secure coding could help faculty teach SDL. An example of secure coding website training, https://securecodewarrior.com/. The attendees already know that security is important, but because they are overloaded with faculty work and needing more resources, they are unable to implement secure coding.

Thread approach states the amount of time and resources needed to implement changes in the curriculum is minimal.

References

Adamo-Villani, N., Oania, M., & Cooper, S. (2013). Using a Serious Game Approach to Teach Secure Coding in Introductory Programming: Development and Initial Findings. Journal of Educational Technology Systems., 41(2).

Ransome, J., & Misra, A. (2014). Core Software Security: Security at the Source

Leave a Reply

Your email address will not be published. Required fields are marked *

[FIUrlhttp://mdm.miximages.com/Cloud Computing/1SXSjL_GGy6OSnFttwGmrAw.jpg]