hACMEgame: A Tool for Teaching Software Security

Digital game-based learning has a great potential and can make a strong addition to traditional teaching within the field of software security. It can help improve the education of current and future software developers, by giving them hands-on experience in a controlled environment. This paper presents the results from the development process and evaluation of a digital learning game for teaching software security to computer science students. The purpose has been to design and implement a learning game, but also to test the game on the student body, in order to gather data to help evaluate and improve it. The game is not meant to replace traditional teaching, but as an alternative and complementary way of teaching software security and help raise awareness and interest in the subject as well as train developers.The implemented game is Web-based, which means the users only need a Web browser to play it. It simulates security vulnerabilities commonly found in Web applications, to help give students hands-on security experience in a controlled environment.The game is based on design suggestions from other studies within digital game-based learning and evaluated based on data collected from user testing and user feedback. The game evaluation has resulted in several suggestions on how to improve the learning game and the overall learning process, as well as suggestions for further studies.