Secure Coding mailing list archives

Where Does Secure Coding Belong In the Curriculum?

From: ken at krvw.com (Kenneth Van Wyk)
Date: Wed, 26 Aug 2009 08:51:18 -0400

On Aug 25, 2009, at 8:16 PM, Olin Sibert wrote:

    Exploits are FUN.


I agree, at least to a point.  Whenever I work exploits into my  
workshops, the results are right on the mark.  So long as the exploits  
are balanced with just the right amount of remediations, it works great.

The key is to hook the students with the exploits, and then sprinkle  
in a "now here's how to do it _right_" discussion while they're still  
paying attention.  ;-)

And FWIW, I've found OWASP's WebGoat to be phenomenally effective at  
doing just that.  There are other similar tools out there as well, but  
the point is to give the class a safe sandbox to play in.

Cheers,

Ken

-----
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com

(This email is digitally signed with a free x.509 certificate from  
CAcert. If you're unable to verify the signature, try getting their  
root CA certificate at http://www.cacert.org -- for free.)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2252 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20090826/cbbbf29a/attachment-0001.bin

Current thread:

Where Does Secure Coding Belong In the Curriculum?, (continued)
- - - Where Does Secure Coding Belong In the Curriculum? Andy Steingruebl (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Pravir Chandra (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 26)
    - Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 26)
    - Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 26)
    - Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 26)
    - Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 27)
    - Message not available
    - Where Does Secure Coding Belong In the Curriculum? Olin Sibert (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Kenneth Van Wyk (Aug 26)
    - Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 26)
    - Where Does Secure Coding Belong In the Curriculum? Matt Bishop (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Matt Bishop (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 25)
    - Where Does Secure Coding Belong In the Curriculum? Mike Lyman (Aug 26)
    - Where Does Secure Coding Belong In the Curriculum? Mike Lyman (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Andy Steingruebl (Aug 21)
  - Where Does Secure Coding Belong In the Curriculum? Mike Lyman (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Bennett, Jason (Aug 26)