23 documents found, page 1 of 3
Serious game for industrial cybersecurity: Experiential learning through code r...
Iosif, A.; Lechner, U.; Pinto-Albuquerque, M.; Gasiba, T.Every stage of the industrial software development process is crucial for ensuring high-quality results in a time of increasing digitalization and complexity. Code review is a method to enhance software quality and also promote knowledge exchange among teams. It is generally accepted that the earlier that software bugs and vulnerabilities are caught during product development, the more costs can be saved. As su...
Use of programming aids in undergraduate courses
Peixoto, A.; Glória, A.; Silva, J. L.; Pinto-Albuquerque, M.; Brandão, T.; Nunes, L.The use of external tips and applications to help with programming assignments, by novice programmers, is a double-edged sword, it can help by showing examples of problem-solving strategies, but it can also prevent learning because recognizing a good solution is not the same skill as creating one. A study was conducted during the 2superscript{nd} semester of 23/24 in the course of Object Oriented Programming to...
Reflections on training next-gen industry workforce on secure software development
Gasiba, T. E.; Iosif, A.-C.; Suppan, S.; Lechner, U.; Pinto-Albuquerque, M.The increasing number of security incidents highlights the growing importance of cybersecurity, particularly in industrial environments. Education and awareness of secure coding practices are fundamental to secure products and services. In this paper, we explore the potential of CyberSecurity Challenges (CSCs), a serious game that is designed to raise awareness of industrial software developers about secure cod...
Raising awareness in the industry on secure code review practices
Iosif, A.-C.; Gasiba, T. E.; Lechner, U.; Pinto-Albuquerque, M.As products and services become increasingly digital and software increasingly complex, all aspects of an industrial software development lifecycle must contribute to quality. Code review serves as a means to address software quality and fosters knowledge exchange across teams. Nonetheless, code review practices require resources and often require more resources than planned, while the benefit of a code review ...
You are doing it wrong: On vulnerabilities in low code development platforms
Lourenço, M.; Gasiba, T. E.; Pinto-Albuquerque, M.Low-Code Development Platforms (LCDPs) are gaining more and more traction, even in the industrial context, as a means for anyone with less coding experience to develop and deploy applications. However, little is known about the vulnerabilities resulting from this new software development model. This paper aims to understand vulnerabilities in applications developed and deployed on these platforms. We show that ...
CATS: A serious game in industry towards stronger cloud security
Zhao, T.; Lechner, U.; Pinto-Albuquerque, M.; Ata, E.; Gasiba, T.Cloud computing has become a widely applied technology in the industry. Broad network access as a characteristic of cloud computing brings business value. It poses threats to cloud assets due to a greater attack surface than on-premises and other service models. Industry standards aim to regulate cloud security by enforcing best practices. To comply with the standards, practitioners in the industry are mandated...
An ontology-based model for evaluating cloud attack scenarios in CATS: A seriou...
Zhao, T.; Lechner, U.; Pinto-Albuquerque, M.; Ongu, D.In recent years, the market of cloud services has been growing rapidly. Consequently, cloud security has become a heavily discussed topic in the industry. If cloud assets are misconfigured, it can lead to severe security issues and be exposured to cybersecurity attacks. It is of great importance that industry practitioners understand the security challenges and their responsibilities to protect cloud assets. We...
I’m sorry Dave, I’m afraid I can’t fix your code: On ChatGPT, cybersecurity, an...
Gasiba, T. E.; Oguzhan, K.; Kessba, I.; Lechner, U.; Pinto-Albuquerque, M.Software security is an important topic that is gaining more and more attention due to the rising number of publicly known cybersecurity incidents. Previous research has shown that one way to address software security is by means of a serious game, the CyberSecurity Challenges, which are designed to raise awareness of software developers of secure coding guidelines. This game, which has been proven to be very s...
Cloud of assets and threats: A playful method to raise awareness for cloud secu...
Zhao, T.; Lechner, U.; Pinto-Albuquerque, M.; Ata, E.Cloud computing has become a convenient technology widely used in industry, providing profit and flexibility to companies. Many enterprises embrace cloud service by migrating their products and solutions from on-premise to cloud environments. Cloud assets and applications are vulnerable to security challenges if not adequately protected. Regulations, standards and guidelines aim to enforce cloud security contro...
A large-scale study on the security vulnerabilities of cloud deployments
Andrei-Cristian, I.; Gasiba, T. E.; Zhao, T.; Lechner, U.; Pinto-Albuquerque, M.As cloud deployments are becoming ubiquitous, the rapid adoption of this new paradigm may potentially bring additional cyber security issues. It is crucial that practitioners and researchers pose questions about the current state of cloud deployment security. By better understanding existing vulnerabilities, progress towards a more secure cloud can be accelerated. This is of paramount importance especially with...