Collaborative Paradigm of Teaching Penetration Testing using
Real-World University Applications

D 2022

Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications

SUFATRIO, Sufatrio; Ee-Chien CHANG and Jan VYKOPAL

Basic information

Original name

Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications

Authors

SUFATRIO, Sufatrio; Ee-Chien CHANG and Jan VYKOPAL (203 Czech Republic, guarantor, belonging to the institution)

Edition

New York, NY, USA, Australasian Computing Education Conference (ACE '22), p. 114-122, 9 pp. 2022

Publisher

Association for Computing Machinery

Other information

Language

English

Type of outcome

Proceedings paper

Field of Study

10200 1.2 Computer and information sciences

Country of publisher

United States of America

Confidentiality degree

is not subject to a state or trade secret

Publication form

electronic version available online

References:

URL

RIV identification code

RIV/00216224:14610/22:00125587

Organization unit

Institute of Computer Science

ISBN

978-1-4503-9643-1

DOI

https://doi.org/10.1145/3511861.3511874

UT WoS

001074617200013

EID Scopus

2-s2.0-85125401806

Keywords in English

Collaborative teaching pedagogy; cybersecurity education; active learning

Abstract

In the original language

This paper shares our three years of experience in conducting collaborative-based cybersecurity teaching involving industrial-expertise sharing and an authentic-learning environment. Penetration testing (pen-testing) is widely adopted in the cybersecurity industry. It requires a wide range of skillsets, including non-technical aspects, which are not easy to be acquired in a standard lecture-style setting. While the fundamentals of the skillsets could be taught separately in different modules, an integrated pen-testing module using real-world target applications will provide students with a bird’s-eye view of security assessment in an authentic learning setting. There exist, however, challenges in providing a sustainable structured pen-testing module. These include the evolving industrial best practices and availability of authentic target environments. In this paper, we share our experience as well as best practices in designing and teaching a pen-testing module in our Bachelor of Computing degree program. The module unconventionally adopts a fruitful win-win collaborative paradigm. The students, guided along by professional pen-testers from the industry and academic instructors, pen-test our University’s operational applications selected by the University IT Department. With the completed six semesters to date, our students have tested various applications, including our University’s learning management system, student registration system, and student-hall dining system, which all manage sensitive data. We have received very positive feedback from the parties involved. This paper describes our module’s rationale, involved parties and roles, class arrangements and activities, as well as grading considerations. The paper also discusses encountered issues and our adopted solutions related to University application selection, student contribution assessment, and activity arrangements during the COVID-19 outbreak. Some notes are additionally given for others who are keen to offer similar modules using the same teaching pedagogy. Our experience thus demonstrates that, while provisioning industrial collaboration and authentic learning in education needs to address several technical and administrative issues, a collaborative based teaching paradigm can work well in a sustainable manner.

Links

EF16_019/0000822, research and development project

Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Cite

SUFATRIO, Sufatrio; Ee-Chien CHANG and Jan VYKOPAL. Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications. Online. In Australasian Computing Education Conference (ACE '22). New York, NY, USA: Association for Computing Machinery, 2022, p. 114-122. ISBN 978-1-4503-9643-1. Available from: https://doi.org/10.1145/3511861.3511874.

@inproceedings{1843495,
   author = {Sufatrio, Sufatrio and Chang, EeandChien and Vykopal, Jan},
   address = {New York, NY, USA},
   booktitle = {Australasian Computing Education Conference (ACE '22)},
   doi = {https://doi.org/10.1145/3511861.3511874},
   keywords = {Collaborative teaching pedagogy; cybersecurity education; active learning},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {New York, NY, USA},
   isbn = {978-1-4503-9643-1},
   pages = {114-122},
   publisher = {Association for Computing Machinery},
   title = {Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications},
   url = {https://dl.acm.org/doi/abs/10.1145/3511861.3511874},
   year = {2022}
}

TY  - CONF
ID  - 1843495
AU  - Sufatrio, Sufatrio - Chang, Ee-Chien - Vykopal, Jan
PY  - 2022
TI  - Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications
PB  - Association for Computing Machinery
CY  - New York, NY, USA
SN  - 9781450396431
KW  - Collaborative teaching pedagogy
KW  - cybersecurity education
KW  - active learning
UR  - https://dl.acm.org/doi/abs/10.1145/3511861.3511874
N2  - This paper shares our three years of experience in conducting collaborative-based cybersecurity teaching involving industrial-expertise sharing and an authentic-learning environment. Penetration testing (pen-testing) is widely adopted in the cybersecurity industry. It requires a wide range of skillsets, including non-technical aspects, which are not easy to be acquired in a standard lecture-style setting. While the fundamentals of the skillsets could be taught separately in different modules, an integrated pen-testing module using real-world target applications will provide students with a bird’s-eye view of security assessment in an authentic learning setting. There exist, however, challenges in providing a sustainable structured pen-testing module. These include the evolving industrial best practices and availability of authentic target environments. In this paper, we share our experience as well as best practices in designing and teaching a pen-testing module in our Bachelor of Computing degree program. The module unconventionally adopts a fruitful win-win collaborative paradigm. The students, guided along by professional pen-testers from the industry and academic instructors, pen-test our University’s operational applications selected by the University IT Department. With the completed six semesters to date, our students have tested various applications, including our University’s learning management system, student registration system, and student-hall dining system, which all manage sensitive data. We have received very positive feedback from the parties involved. This paper describes our module’s rationale, involved parties and roles, class arrangements and activities, as well as grading considerations. The paper also discusses encountered issues and our adopted solutions related to University application selection, student contribution assessment, and activity arrangements during the COVID-19 outbreak. Some notes are additionally given for others who are keen to offer similar modules using the same teaching pedagogy. Our experience thus demonstrates that, while provisioning industrial collaboration and authentic learning in education needs to address several technical and administrative issues, a collaborative based teaching paradigm can work well in a sustainable manner.
ER  -

SUFATRIO, Sufatrio; Ee-Chien CHANG and Jan VYKOPAL. Collaborative Paradigm of Teaching Penetration Testing using Real-World University Applications. Online. In \textit{Australasian Computing Education Conference (ACE '22)}. New York, NY, USA: Association for Computing Machinery, 2022, p.~114-122. ISBN~978-1-4503-9643-1. Available from: https://doi.org/10.1145/3511861.3511874.

Přehled o publikaci