1 / 16

Teaching Secure e-Commerce through Building Real-World Sites

Teaching Secure e-Commerce through Building Real-World Sites. Ryan Garlick. CSCE 4560 / 5560 – Spring 2013. Cross listed course 21 undergrads 13 graduate students. Course Content. All content presented via real-world examples of working sites Google Analytics Amazon feeds

destiny-weber
Download Presentation

Teaching Secure e-Commerce through Building Real-World Sites

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Teaching Secure e-Commerce through Building Real-World Sites Ryan Garlick

  2. CSCE 4560 / 5560 – Spring 2013 • Cross listed course • 21 undergrads • 13 graduate students

  3. Course Content • All content presented via real-world examples of working sites • Google Analytics • Amazon feeds • SSL certificate • Domain / DNS • phpMyAdmin • Cart software • FTP • Project Management – MS Project / Pivotal Tracker

  4. Prep Work / CHEATING • I had access to existing e-commerce sites for examples • ACM students for t-shirts, running the UG site • Drone project in a directed study dovetailed with the Grad site • Asked the students if anyone had ideas… • Some good ones – Farmer’s Food Delivery

  5. Details • Students pick the site • I bought the SSL certificate / domain / hosting • Totals around $100 for the year • If it gets up and running, students to implement it?

  6. Methodologies • Here’s our problem, now let’s learn the tools we need to solve it. • Ex: Bitcoin • Everything is results based – students choose the tools to get there

  7. Teams • First day… pick a team • Security • Payment • Database / Backup • Business • Graphics • Products / Cart • And… A Project Manager

  8. Students Decide • I had to break a few ties, but in general students picked their group. • Student choose a site • And a cart platform

  9. The Project Manager • Choose carefully. • A good PM makes or breaks the team. • Pull them aside early and visit with them about: • Management techniques – make me the bad guy • Effective delegation

  10. The PM • If your group is fragmenting, or not getting anything done, he or she will be held responsible.

  11. Evaluation • Presentations by each team • What I stress: “Show me what you did on the site”. • OK if it’s not visible on the front end, but you need to do something on the site, not just “research” • During the showdown, points are awarded to a team for inflicting harm on the other team’s site. • Undergrads get a 2x modifier

  12. The Showdown • Application layer only – no LOIC to DDOS • Only things that someone outside the class would have access to • Social engineering is allowed • Encouraged to look for cart / SQL weaknesses • Nothing destructive until the last day • Database / Backup team responsible for restoring

  13. Topics • XSS, SQL Injection • Inner workings of Shopping Carts / Sessions • SSL and Payment Gateways • SEO, Google Analytics • SQL and how it relates to the Cart / PHP • Payment - must implement Bitcoin • Graphics Templates for each cart • Team Management

  14. Sites • Undergrads www.cse.unt.edu/projects/ecommerce/ • Grads DroneCam.tv

  15. Results so far • Anecdotally more enthusiasm • Security teams are really getting into it • When you tell them their grade depends on defending the site and bringing the other team down • Usual group project problems • The do-nothings and the fragmenters • Essentially plagiarism-proof

  16. Caveats • Vet your Project Manager • Some students took it too seriously, wouldn’t give passwords to their team members who needed them for fear of security leaks • Try to cull the do-nothings early • Have fun

More Related