Analysis of Security Hotspots in Diploma 3 Information Technology Program's Final Project at Del Institute of Technology
Main Article Content
Abstract
This research investigates security hotspots in Del Institute of Technology students' final project particularly regarding the implementation of the Model-View-Controller (MVC) principles using PHP Laravel. A security hotspot was proposed to find patterns in program code sections that could be hotspots or possible vulnerabilities. Some security hotspot examples are misplacement of logic in the view instead of the controller, improper handling of file uploads in the controller, and various other errors. The research generated through this methodology offers insights into commonly overlooked vulnerable points in software development practices. Additionally, the study includes an analysis of 16 students' final projects, where data is collected, and controller and blade files are separated. This plugin, a result of previous research, is useful for assisting in secure coding, detecting security indicators, and preventing vulnerabilities. Eight security hotspots are created to help detect vulnerabilities in the code. Each line of code is then examined to determine its compatibility with each previously established security hotspot. Furthermore, we used a threshold of around 80% in this research based on IBM standards. The results will be evaluated in terms of accuracy and F1 score, allowing for the identification of which security hotspots are most frequently encountered in student final projects. This research is expected to contribute to the improvement of programming standards and security practices in software engineering, providing a better understanding for educators and developers.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.