An Educational Intervention for Teaching Secure Coding Practices

Cybersecurity vulnerabilities are typically addressed through the implementation of various cybersecurity controls. These controls can be operational, technical or physical in nature. The focus of this paper is on technical controls with a specific focus on securing web applications. The secure coding practices used in this research are based on OWASP. An initial investigation found that there was a general lack of adherence to these secure coding practices by third year software development students doing their capstone project at a South African University. This research therefore focused on addressing this problem by developing an educational intervention to teach secure coding practices, specifically focusing on the data access layer of web applications developed in the .NET environment. Pre-tests and post-tests were conducted in order to determine the effectiveness of the intervention. Results indicated an increase in both knowledge and behaviour regarding the identified secure coding practices after exposure to the intervention.