GGrantIndex
← Search

Collaborative Research: Supporting Secure Programming Education in the IDE

$183,589FY2011EDUNSF

University Of North Carolina At Charlotte, Charlotte NC

Investigators

Abstract

The objective of this project is to develop the Application Security IDE (ASIDE) plug-in for Eclipse that warns programmers of potential vulnerabilities in their code and assists them in addressing these vulnerabilities. The tool serves as an always available reminder and educational opportunity during any coding activities. The tool is designed to address input validation vulnerabilities; output encoding; authentication and authorization; and several race condition vulnerabilities. The goals of this project are: (a) develop and deploy a usable tool that can serve a wide range of students and courses; (b) improve student awareness and understanding of security vulnerabilities in software; (c) increase utilization of secure programming techniques in assignments; and (d) have minimal impact on other course objectives and instructors. ASIDE is used in a range of programming courses, from CS1 to advanced Web programming, at three universities. The project evaluates how students use the tool, the impact on assignments, students' vulnerability awareness, and the impact on the course instructors. The proposed approach investigates whether integrating educational support into an IDE overcomes some of these challenges and provides effective training throughout a student's education. The ASIDE plug-in can be utilized by a wide variety of students throughout their academic and professional careers. The tool is expected to be adopted by a wide audience and has the potential to improve the security knowledge of students at all levels. The project has a direct impact on students at multiple levels at different institutions, including an HBCU and an undergraduate liberal arts university. The ASIDE plug-in is available for download on the project's website.

View original record on NSF Award Search →