SWEET & SEED – Online Learning Resources

SWEET (Secure WEb dEvelopment Teaching): http://www.csis.pace.edu/~lchen/sweet/

WHAT IS SWEET?

SWEET (Secure WEb dEvelopment Teaching) is a set of portable teaching modules for secure web development. SWEET features eight teaching modules, six project modules and a virtualized web development platform that allows instructors to conduct hands-on laboratory exercises. The purpose of this project is to enhance the learning experience of computing students through standardized teaching modules and environment in secure web development. We have adopted this teaching tool to introduce web security concepts in both undergraduate and graduate courses. Each SWEET teaching module will be enough for a three-hour class containing lecture materials and hands-on laboratory exercises that are relevant to the contents in the lectures.

WHAT IS VIRTUALIZATION?

SWEET utilizes virtualization technology for laboratory exercises. The virtualization of a computer means to run emulator software, like VMware Player or Microsoft Virtual PC, on a computer (host computer or physical computer) to emulate another desired computer (virtual computer). A virtual computer is implemented by a folder of 2-8 GB files, and the emulator runs these files to emulate the virtual computer as a computer window or the complete computer desktop. To the users a virtual computer is just the same as the physical one. The virtual and host computers can have different operating systems, and share data and Internet access. The users can work on multiple virtual computers and the host computer at the same time. The users can install new applications on the virtual computer as on a physical one. A virtual computer can run most operating systems including all versions of Windows and Linux.

OBJECTIVES & GOALS

The objectives of this project are to generate a new teaching tool in secure web development for undergraduate students in computing field, to create a portable teaching laboratory in both Pace and CUNY, to evaluate the effectiveness of the teaching tool in improving students’ learning experiences, and to foster collaboration relationship among Pace, CUNY and industry partners. The goals of this project are to train a new generation of computing professionals who would understand and be able to solve security problems occurred in web development. We are expecting to attract more undergraduate students studying in computing by providing a new, interesting and innovative teaching tool in secure web development.

---

SEED: Vulnerability and Attack Labs: http://www.cis.syr.edu/~wedu/seed/all_labs.html/

Vulnerability and Attack Labs

People learn from mistakes. In security education, we study mistakes that lead to software vulnerabilities. Studying mistakes from the past not only help students understand why systems are vulnerable, why a “seemly-benign” mistake can turn into a disaster, and why many security mechanisms are needed. More importantly, it also helps students learn the common patterns of vulnerabilities, so they can avoid making similar mistakes in the future. Moreover, using vulnerabilities as case studies, students can learn the principles of secure design, secure programming, and security testing.

Design/Implementation Labs

The objective of the design/implementation labs is to provide students with opportunities to apply security principles in designing and implementing systems. They help students achieve learning by system development.

Exploration Labs

The objective of the exploration labs is two-fold: the first is to enhance students’ learning via observation, playing and exploration, so they can see what security principles “feel” like in a real system; the second objective is to provide students with opportunities to apply security principles in analyzing and evaluatingsystems. The exploration labs provide a feasible means by which the students have “a direct encounter with the phenomena being studied rather than merely thinking about the encounter, or only considering the possibility of doing something about it”.