Collaborative Paradigm of Teaching Penetration Testing using
Real-World University Applications

D 2022

Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications

SUFATRIO, Sufatrio, Ee-Chien CHANG a Jan VYKOPAL

Základní údaje

Originální název

Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications

Autoři

SUFATRIO, Sufatrio, Ee-Chien CHANG a Jan VYKOPAL (203 Česká republika, garant, domácí)

Vydání

New York, NY, USA, Australasian Computing Education Conference (ACE '22), od s. 114-122, 9 s. 2022

Nakladatel

Association for Computing Machinery

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL

Kód RIV

RIV/00216224:14610/22:00125587

Organizační jednotka

Ústav výpočetní techniky

ISBN

978-1-4503-9643-1

DOI

http://dx.doi.org/10.1145/3511861.3511874

UT WoS

001074617200013

Klíčová slova anglicky

Collaborative teaching pedagogy; cybersecurity education; active learning

Štítky

rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 26. 3. 2024 15:46, Mgr. Alena Mokrá

Anotace

V originále

This paper shares our three years of experience in conducting collaborative-based cybersecurity teaching involving industrial-expertise sharing and an authentic-learning environment. Penetration testing (pen-testing) is widely adopted in the cybersecurity industry. It requires a wide range of skillsets, including non-technical aspects, which are not easy to be acquired in a standard lecture-style setting. While the fundamentals of the skillsets could be taught separately in different modules, an integrated pen-testing module using real-world target applications will provide students with a bird’s-eye view of security assessment in an authentic learning setting. There exist, however, challenges in providing a sustainable structured pen-testing module. These include the evolving industrial best practices and availability of authentic target environments. In this paper, we share our experience as well as best practices in designing and teaching a pen-testing module in our Bachelor of Computing degree program. The module unconventionally adopts a fruitful win-win collaborative paradigm. The students, guided along by professional pen-testers from the industry and academic instructors, pen-test our University’s operational applications selected by the University IT Department. With the completed six semesters to date, our students have tested various applications, including our University’s learning management system, student registration system, and student-hall dining system, which all manage sensitive data. We have received very positive feedback from the parties involved. This paper describes our module’s rationale, involved parties and roles, class arrangements and activities, as well as grading considerations. The paper also discusses encountered issues and our adopted solutions related to University application selection, student contribution assessment, and activity arrangements during the COVID-19 outbreak. Some notes are additionally given for others who are keen to offer similar modules using the same teaching pedagogy. Our experience thus demonstrates that, while provisioning industrial collaboration and authentic learning in education needs to address several technical and administrative issues, a collaborative based teaching paradigm can work well in a sustainable manner.

Návaznosti

EF16_019/0000822, projekt VaV

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Citovat

SUFATRIO, Sufatrio, Ee-Chien CHANG a Jan VYKOPAL. Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications. Online. In Australasian Computing Education Conference (ACE '22). New York, NY, USA: Association for Computing Machinery, 2022, s. 114-122. ISBN 978-1-4503-9643-1. Dostupné z: https://dx.doi.org/10.1145/3511861.3511874.

@inproceedings{1843495,
   author = {Sufatrio, Sufatrio and Chang, EeandChien and Vykopal, Jan},
   address = {New York, NY, USA},
   booktitle = {Australasian Computing Education Conference (ACE '22)},
   doi = {http://dx.doi.org/10.1145/3511861.3511874},
   keywords = {Collaborative teaching pedagogy; cybersecurity education; active learning},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {New York, NY, USA},
   isbn = {978-1-4503-9643-1},
   pages = {114-122},
   publisher = {Association for Computing Machinery},
   title = {Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications},
   url = {https://dl.acm.org/doi/abs/10.1145/3511861.3511874},
   year = {2022}
}

TY  - JOUR
ID  - 1843495
AU  - Sufatrio, Sufatrio - Chang, Ee-Chien - Vykopal, Jan
PY  - 2022
TI  - Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications
PB  - Association for Computing Machinery
CY  - New York, NY, USA
SN  - 9781450396431
KW  - Collaborative teaching pedagogy
KW  - cybersecurity education
KW  - active learning
UR  - https://dl.acm.org/doi/abs/10.1145/3511861.3511874
N2  - This paper shares our three years of experience in conducting collaborative-based cybersecurity teaching involving industrial-expertise sharing and an authentic-learning environment. Penetration testing (pen-testing) is widely adopted in the cybersecurity industry. It requires a wide range of skillsets, including non-technical aspects, which are not easy to be acquired in a standard lecture-style setting. While the fundamentals of the skillsets could be taught separately in different modules, an integrated pen-testing module using real-world target applications will provide students with a bird’s-eye view of security assessment in an authentic learning setting. There exist, however, challenges in providing a sustainable structured pen-testing module. These include the evolving industrial best practices and availability of authentic target environments. In this paper, we share our experience as well as best practices in designing and teaching a pen-testing module in our Bachelor of Computing degree program. The module unconventionally adopts a fruitful win-win collaborative paradigm. The students, guided along by professional pen-testers from the industry and academic instructors, pen-test our University’s operational applications selected by the University IT Department. With the completed six semesters to date, our students have tested various applications, including our University’s learning management system, student registration system, and student-hall dining system, which all manage sensitive data. We have received very positive feedback from the parties involved. This paper describes our module’s rationale, involved parties and roles, class arrangements and activities, as well as grading considerations. The paper also discusses encountered issues and our adopted solutions related to University application selection, student contribution assessment, and activity arrangements during the COVID-19 outbreak. Some notes are additionally given for others who are keen to offer similar modules using the same teaching pedagogy. Our experience thus demonstrates that, while provisioning industrial collaboration and authentic learning in education needs to address several technical and administrative issues, a collaborative based teaching paradigm can work well in a sustainable manner.
ER  -

SUFATRIO, Sufatrio, Ee-Chien CHANG a Jan VYKOPAL. Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications. Online. In \textit{Australasian Computing Education Conference (ACE '22)}. New York, NY, USA: Association for Computing Machinery, 2022, s.~114-122. ISBN~978-1-4503-9643-1. Dostupné z: https://dx.doi.org/10.1145/3511861.3511874.

Podrobný výpis o publikaci