International Journal of Internet, Broadcasting and Communication

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Scenario-based Web Application Security Education Method

  • Gilja So (Department of Cyber Security Youngsan University)
  • Received : 2023.06.25
  • Accepted : 2023.07.06
  • Published : 2023.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Web application security education that can provide practical experience is needed to reduce damage caused by the recent increase in web application vulnerabilities and to strengthen security. In this paper, we proposed a scenario-based web application education method, applied the proposed method to classes, and analyzed the results. In order to increase the effectiveness of scenario-based education, a real-life practice environment to perform scenarios and instructions to be performed by learners are needed. As an example of the proposed method, instructions to be performed by learners from the viewpoint of the attacker and the victim were shown in a practice environment to teach XSS and SQL injection vulnerabilities. After applying the proposed method to the class for students majoring in cyber security, when the lecture evaluation results were analyzed, it was shown that the learner's interest, understanding, and major ability all improved.

Keywords

Acknowledgement

This work was supported by Youngsan University Research Fund of 2022.

References

  1. H.H Jin and H.K Kim, " A Study on Web Vulnerability Risk Assessment Model Based on Attack Results: Focused on Cyber Kill Chain" The Journal of The Korea Institute of Information Security & Cryptology, VOL.31, NO.4, pp.779-791, Aug 2021. DOI: https://doi.org/10.13089/JKIISC.2021.31.4.779
  2. OWASP(Open Worldwide Application Security) https://owasp.org/
  3. WASC(Web Application Security Consortium) http://www.webappsec.org/
  4. SANS Institute https://www.sans.org
  5. KISA (Korea Internet & Security Agency) https://www.kisa.or.kr/
  6. K.W Kim and J.D Kim, "An Analysis of Research Trends in Information Security Education", The Journal of The Korea Institute of Information Security & Cryptology VOL.26, NO.2, pp.489-499, Apr 2016. DOI: http://dx.doi.org/10.13089/JKIISC.2016.26.2.489
  7. Li-Chiou Chen, Lixin Tao, Xiangdong Li and Chienting Lin, "A Tool for Teaching Web Application Security", in Proc. 14th Colloquium for Information Systems Security Education, ,Baltimore, Maryland, pp. 17-24, June 7-9, 2010.
  8. Jieun Kwak, "Analysis of Curriculum of Teaching Security Course in Meister and Specialized High School and Design of Educational Software for Practicing Web and Network Security Attack", Thesis. Ewha Womans University, Korea, 2019.
  9. Byunghee Jeong, "The Development of Virtualization Environment and Scenario-based Network Security Practice Model", Thesis, Korea National University of Education Chung-Buk, KOREA,
  10. Yujae Hong, "A Study on the Improvement of Website Security Vulnerabilities", Thesis, Dankook University, Korea, 2020.
  11. Z. C. Schreuders, T. Shaw, M.Shan-A-Khuda, G. Ravichandran, J.Keighley, and M. Ordean, "Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events," in 2017 USENIX$ Workshop on Advances in Security Education (ASE), 2017.
  12. Suman Nam, Seungmin Lee and Youngsun Park, "Development of Information Security Practice Contents for Ransomware Attacks in Digital Twin-Based Smart Factories", The Journal of The Korea Institute of Information Security & Cryptology, Vol. 31, N0. 5, pp. 1001-1010, Oct 2021. DOI: https://doi.org/10.13089/JKIISC.2021.31.5.1001
  13. Donghyeok Lee and Namje Park, "Hacking Training Plan for Cyber Security in Industry 4.0", The Journal of KIIT. Vol. 15, No. 5, pp. 47-56, May 2017. DOI: http://dx.doi.org/10.14801/jkiit.2017.15.5.47
  14. WebGoat https://owasp.org/www-project-webgoat/
  15. Acunetix https://www.acunetix.com/