Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Systematic Mapping Study on Teaching of Security Concepts in Programming Courses

Alina Torbunova, Adnan Ashraf, Ivan Porres

TL;DR

This systematic mapping study surveys how cybersecurity concepts are taught within programming courses in higher education. By reviewing 24 peer-reviewed publications from 2010–2023, it classifies security content into general knowledge, issues, negative impacts, and countermeasures, and analyzes how curricula, frameworks, programming environments, and evaluation methods are used. The study finds a strong trend toward combining multiple security knowledge areas, with OWASP Top 10 and ACM Curricula among the most cited frameworks, and notes a bias toward Java and other traditional languages over Python. It provides guidelines to improve future work and highlights opportunities for holistic security frameworks and security education in advanced programming contexts, including Python-focused pedagogy. Overall, the work offers a structured view of the current state and practical directions to strengthen cybersecurity education in programming disciplines.

Abstract

Context: To effectively defend against ever-evolving cybersecurity threats, software systems should be made as secure as possible. To achieve this, software developers should understand potential vulnerabilities and apply secure coding practices. To prepare these skilled professionals, it is important that cybersecurity concepts are included in programming courses taught at universities. Objective: To present a comprehensive and unbiased literature review on teaching of cybersecurity concepts in programming courses taught at universities. Method: We perform a Systematic Mapping Study. We present six research questions, define our selection criteria, and develop a classification scheme. Results and Conclusions: We select 24 publications. Our results show a wide range of research contributions. We also outline guidelines and identify opportunities for future studies. The guidelines include coverage of security knowledge categories and evaluation of contributions. We suggest that future studies should cover security issues, negative impacts, and countermeasures, as well as apply evaluation techniques that examine students' knowledge. The opportunities for future studies are related to advanced courses, security knowledge frameworks, and programming environments. Furthermore, there is a need of a holistic security framework that covers the security concepts identified in this study and is suitable for education.

A Systematic Mapping Study on Teaching of Security Concepts in Programming Courses

TL;DR

This systematic mapping study surveys how cybersecurity concepts are taught within programming courses in higher education. By reviewing 24 peer-reviewed publications from 2010–2023, it classifies security content into general knowledge, issues, negative impacts, and countermeasures, and analyzes how curricula, frameworks, programming environments, and evaluation methods are used. The study finds a strong trend toward combining multiple security knowledge areas, with OWASP Top 10 and ACM Curricula among the most cited frameworks, and notes a bias toward Java and other traditional languages over Python. It provides guidelines to improve future work and highlights opportunities for holistic security frameworks and security education in advanced programming contexts, including Python-focused pedagogy. Overall, the work offers a structured view of the current state and practical directions to strengthen cybersecurity education in programming disciplines.

Abstract

Context: To effectively defend against ever-evolving cybersecurity threats, software systems should be made as secure as possible. To achieve this, software developers should understand potential vulnerabilities and apply secure coding practices. To prepare these skilled professionals, it is important that cybersecurity concepts are included in programming courses taught at universities. Objective: To present a comprehensive and unbiased literature review on teaching of cybersecurity concepts in programming courses taught at universities. Method: We perform a Systematic Mapping Study. We present six research questions, define our selection criteria, and develop a classification scheme. Results and Conclusions: We select 24 publications. Our results show a wide range of research contributions. We also outline guidelines and identify opportunities for future studies. The guidelines include coverage of security knowledge categories and evaluation of contributions. We suggest that future studies should cover security issues, negative impacts, and countermeasures, as well as apply evaluation techniques that examine students' knowledge. The opportunities for future studies are related to advanced courses, security knowledge frameworks, and programming environments. Furthermore, there is a need of a holistic security framework that covers the security concepts identified in this study and is suitable for education.
Paper Structure (25 sections, 1 figure, 12 tables)

This paper contains 25 sections, 1 figure, 12 tables.

Table of Contents

  1. Introduction
  2. Study design
  3. Search strategy
  4. Search Terms
  5. Databases
  6. Search Strings
  7. Inclusion and exclusion criteria
  8. Study selection procedure
  9. Quality Assessment Checklist and Procedure
  10. Data Extraction Strategy
  11. Schedule
  12. Results
  13. Security Concepts (RQ1)
  14. General security knowledge
  15. Security issues
  16. ...and 10 more sections

Figures (1)

  • Figure 1: Security knowledge categories covered in studies