Natalie Coull scite author profile

Innovation in Teaching and Learning in Information and Computer

Duncan

2011

The problems associated with learning and teaching first year University Computer Science (CS1) programming classes are summarized showing that various support tools and techniques have been developed and evaluated. From this review of applicable support the paper derives ten requirements that a support tool should have in order to improve CS1 student success rate with respect to learning and understanding.

The Gamification of Cybersecurity Training

Donald

Ferguson

et al. 2017

Due to the rapidly and continued evolving nature of technology, there is a constant need to update police officers' training in cyber security to ensure that the UK continues to be a secure place to live and do business. Rather than deliver traditional classroom-based training, our project assesses the effectiveness of the delivery of cyber security through the use of games based learning to simulate cybercrimes and provide training in incident response. The aim of our research is to transform the delivery of first responder training in tackling cybercrime. Through the use of a Game Jam and subsequent prototype development, we have trialed training materials that are based on serious games technology. The game poses a common incident reported to the police, for example the problem of a virtual person receiving offensive messages via Facebook and the training reflects the dialogue with that person and the technical steps to ensure that a copy of the evidence has been preserved for further investigation. Evaluation has been conducted with local police officers. Overall, this approach to the large-scale provision of training (potentially to a whole force) is shown to offer potential.

BlackWatch: Increasing Attack Awareness within Web Applications

Hall¹,

Shepherd

2019

Future Internet

Web applications are relied upon by many for the services they provide. It is essential that applications implement appropriate security measures to prevent security incidents. Currently, web applications focus resources towards the preventative side of security. Whilst prevention is an essential part of the security process, developers must also implement a level of attack awareness into their web applications. Being able to detect when an attack is occurring provides applications with the ability to execute responses against malicious users in an attempt to slow down or deter their attacks. This research seeks to improve web application security by identifying malicious behaviour from within the context of web applications using our tool BlackWatch. The tool is a Python-based application which analyses suspicious events occurring within client web applications, with the objective of identifying malicious patterns of behaviour. Based on the results from a preliminary study, BlackWatch was effective at detecting attacks from both authenticated, and unauthenticated users. Furthermore, user tests with developers indicated BlackWatch was user friendly, and was easy to integrate into existing applications. Future work seeks to develop the BlackWatch solution further for public release.

Idea-Caution Before Exploitation: The Use of Cybersecurity Domain Knowledge to Educate Software Engineers Against Software Vulnerabilities

Nafees

Ferguson

et al. 2017

The transfer of cybersecurity domain knowledge from security experts ('Ethical Hackers') to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed.