Developing Hands-on Labs for Source Code Vulnerability Detection with AI

As the role of information and communication technologies gradually increases in our lives, source code security becomes a significant issue to protect against malicious attempts. Furthermore, with the advent of data-driven techniques, there is now a growing interest in leveraging machine learning and natural language processing (NLP) as a source code assurance method to build trustworthy systems. Therefore, training our future software developers to write secure source code is in high demand. In this thesis, we propose a framework including learning modules and handson labs to guide future IT professionals towards developing secure programming habits and mitigating source code vulnerabilities at the early stages of the software development lifecycle. In this thesis, our goal is to design learning modules with a set of hands-on labs that will introduce students to secure programming practices using source code and log file analysis tools to predict/identify vulnerabilities. In a Secure Coding Education framework called (SeCodEd) we will (1) improve students' skills and awareness on source code vulnerabilities, detection tools, and mitigation techniques; (2) integrate concepts of source code vulnerabilities from Function, API, and library level to bad programming habits and practices; (3) leverage deep learning, NLP and static analysis tools for log file analysis to introduce the root cause of source code vulnerabilities.