Ecir Ugur KUCUKSILLE

Work place: Computer Engineering of Süleyman Demirel Universoty, Isparta, Turkey

E-mail: ecirkucuksille@sdu.edu.tr

Website:

Research Interests: Computer systems and computational processes, Artificial Intelligence, Data Structures and Algorithms

Biography

Ecir Uğur Küçüksille: He was born in Isparta in 1976. He was graduated from Computer Systems Teaching Department in Faculty of Technical Education in Gazi University. He completed his master’s degree in The Department of Machine Learning in Institute of Science in Süleyman Demirel University. He completed his Phd in The Department of Business/Quantative Methods in Institute of Social Sciences in Süleyman Demirel University. He has been working as a Asscociate Professor in The Department of Computer Engineering in Faculty of Engineering in Süleyman Demirel University. He has also worked on Computer, Security, and Artificial Intelligence.

Author Articles
SASMEDU: Security Assessment Method of Software in Engineering Education

By Guncel SARIMAN Ecir Ugur KUCUKSILLE

DOI: https://doi.org/10.5815/ijitcs.2018.07.01, Pub. Date: 8 Jul. 2018

Security and usability of web and mobile applications where users share their personal information have become to be a factor about which users should be careful. Rapid increase of developers, programming at early ages, desire for earning money by working freelance have caused widespread  use of web and mobile applications and an increase of codes which contain vulnerabilities. Safe and good software development is also based on software lessons given to the students in high school or college years. This paper presents a developed testing and evaluation software in order to find out the leakages in the web applications which was developed by using asp.net, php and java languages. It is aimed that the developed analysis tool was designed to be used by engineering students as a training tool, in security courses by trainees and by programmers for testing. Within the scope of the study, security tests of web projects were carried out with static code analysis method in input control, metric analysis and style control phases. For testing the developed software tool, student web projects were used which were downloaded from "www.freestudentprojects.com" website. 10 test projects were tested in the stages of input control, metric analysis and style control. According to the results of the analysis, the errors were concentrated on Structural Query Language Injection and Cross Site Scripting attacks, which were developed by the students due to the lack of security audit in the projects.

[...] Read more.
Other Articles