Sabato Nocera, Simone Romano, R. Francese, G. Scanniello
{"title":"安全培训:计划在Web应用程序的开发管道中使用SAT","authors":"Sabato Nocera, Simone Romano, R. Francese, G. Scanniello","doi":"10.1109/ICSE-SEET58685.2023.00010","DOIUrl":null,"url":null,"abstract":"We designed a prospective empirical investigation to study our STW (Software Technologies for the Web) course with respect to the training of bachelor students in the context of software security when developing e-commerce Web apps. To that end, we devised the following steps: (i) studying the state of the students enrolled in the STW course in the a.y. (academic year) 2021-22; (ii) defining a training plan for the a.y. 2022-23; and (iii) acting the plan and measuring the differences (if any) between the students of the a.y. 2021-22 and 2022-23. In this idea paper, we present the results of the former two steps, as well as the evaluation strategy of the proposed training plan. We observed that security concerns are widespread in the code of the Web apps the students of the STW course (a.y. 2021-22) developed. Therefore, we plan (second step) to ask the students of the STW course (a.y. 2022-23) to use in their development pipeline a Static Analysis Tool (SAT) to detect security concerns.","PeriodicalId":68155,"journal":{"name":"软件产业与工程","volume":"16 1","pages":"40-45"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Training for Security: Planning the Use of a SAT in the Development Pipeline of Web Apps\",\"authors\":\"Sabato Nocera, Simone Romano, R. Francese, G. Scanniello\",\"doi\":\"10.1109/ICSE-SEET58685.2023.00010\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We designed a prospective empirical investigation to study our STW (Software Technologies for the Web) course with respect to the training of bachelor students in the context of software security when developing e-commerce Web apps. To that end, we devised the following steps: (i) studying the state of the students enrolled in the STW course in the a.y. (academic year) 2021-22; (ii) defining a training plan for the a.y. 2022-23; and (iii) acting the plan and measuring the differences (if any) between the students of the a.y. 2021-22 and 2022-23. In this idea paper, we present the results of the former two steps, as well as the evaluation strategy of the proposed training plan. We observed that security concerns are widespread in the code of the Web apps the students of the STW course (a.y. 2021-22) developed. Therefore, we plan (second step) to ask the students of the STW course (a.y. 2022-23) to use in their development pipeline a Static Analysis Tool (SAT) to detect security concerns.\",\"PeriodicalId\":68155,\"journal\":{\"name\":\"软件产业与工程\",\"volume\":\"16 1\",\"pages\":\"40-45\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"软件产业与工程\",\"FirstCategoryId\":\"1089\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSE-SEET58685.2023.00010\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"软件产业与工程","FirstCategoryId":"1089","ListUrlMain":"https://doi.org/10.1109/ICSE-SEET58685.2023.00010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Training for Security: Planning the Use of a SAT in the Development Pipeline of Web Apps
We designed a prospective empirical investigation to study our STW (Software Technologies for the Web) course with respect to the training of bachelor students in the context of software security when developing e-commerce Web apps. To that end, we devised the following steps: (i) studying the state of the students enrolled in the STW course in the a.y. (academic year) 2021-22; (ii) defining a training plan for the a.y. 2022-23; and (iii) acting the plan and measuring the differences (if any) between the students of the a.y. 2021-22 and 2022-23. In this idea paper, we present the results of the former two steps, as well as the evaluation strategy of the proposed training plan. We observed that security concerns are widespread in the code of the Web apps the students of the STW course (a.y. 2021-22) developed. Therefore, we plan (second step) to ask the students of the STW course (a.y. 2022-23) to use in their development pipeline a Static Analysis Tool (SAT) to detect security concerns.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
