Source Code Analysis for Secure Programming Practices
Abstract: As the security landscape evolves and infosec professionals work to keep apace, modern day instructors face the issue of adequately equipping a new generation for this dynamic landscape. Cybersecurity, as a discipline, is currently going through an unprecedented boom, bringing attention to issues that are growing in importance. Using static analysis tools such as FindBugs, and an add-on of this tool, FindSecurityBugs, this project thoroughly analyzed Java source code in the textbooks used at a collegiate level. The analysis consisted of testing significant code snippets in the books with respect to Java Development Kit (JDK) 9/10. Through this static security-oriented analysis of programming examples exercised at the collegiate level, we determine whether currently taught fundamental programming practices are keeping pace with the dynamic landscape. It will also guide the instructors to better shape teaching programming from a security perspective as cybersecurity affects every software component in any computing system.
Judging Forms – Official judges only