A Comprehensive Undergraduate Application Security Project

The importance of teaching application security at an undergraduate level is well-understood. However, comprehensive coverage of application security must cover a vast range of topics from system administration to secure software development. In our experience, providing students with hands-on experience poses a challenge: either the entire project is limited to a specific area, such as system administration, or the project consists of disconnected assignments each covering one area. Neither option is satisfactory as both fail to address an important learning outcome of any security course: securing computing infrastructure requires a comprehensive approach. In this paper, we describe a semester-long project for an undergraduate application security course that (a) provides students with a comprehensive view of security and (b) reinforces the theoretical skills with intensive hands-on experience. The project consists of several independent assignments that enable students to accomplish smaller tasks as they implement a fully integrated solution. The project requires limited laboratory facilities and utilizes software tools and and technologies that are freely available to academic institutions.