Abstract: Even experienced developers find it difficult to always write secure code. However, students and people who are learning to program in a language or environment for the first time need additional guidance to help them understand and learn how to use secure code. To this end, we created a chatbot with an authoritative knowledge base on secure programming to help teach student developers. We designed, implemented, and evaluated a novel chatbot with a knowledge base covering secure programming in PHP using the Rasa framework. In this paper, we present an experiment in which we evaluated user experience with the chatbot and compared it to other information sources, such as question and answer sites. Participants solved secure web programming problems in a custom web application developed for the experiment with the aid of either the chatbot or their choice of Internet resources. We found that students interacted with the chatbot throughout the experiment more than with other information sources to learn about security topics and solved web programming challenges. Although the perceived performance of the chatbot was lower than other systems, such as search engines, its low effort was ranked as a higher factor for adoption. Furthermore, although search engines and developer communities provide materials that were perceived as more accurate, users reported that screening resources requires additional effort in addition to the uncertainty of the quality. Also, responses about the overall user experience suggest that the chatbot can be utilized as a convenient support tool.
Download this article: CPPJ - V2 N2 Page 4.pdf
Recommended Citation: Walden, J., Atnafu, L., Caporusso, N., (2023). A Chatbot for Teaching Secure Programming. Cybersecurity Pedagogy and Practice Journal2(2) pp 4-16. http://CPPJ.org/2023-2/ ISSN : 2832-1006. A preliminary version appears in The Proceedings of EDSIGCON 2022