International Journal of Information Technology & Computer Science ( IJITCS )
As an important teaching approach, interactive visualization tools can be used in both lecture and selfreflection in computer science education. We developed two visualization tools to demonstrate two types of web-based attacks: cross-site scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks. Both tools are developed using HTML5 technology and allow interaction with students to improve their understanding and learning of XSS and CSRF attacks. These tools are designed to be used in security and network related courses to illustrate how these two attacks can be realized easily. We have performed user study from students in computer science and their positive feedback helps to understand the effectiveness and usability of the tools. .
: interactive visualization; web security; cross-site scripting; cross- site request forgery
- GVU, 2002. Algorithm animation. Available at http://www.cc.gatech.edu/gvu/softviz/algoanim/
- Holliday, M. A. 2003. Animation of computer networking concepts, ACM Journal of Educational Resources in Computing, Vol. 3, No. 2, Article 2.
- Null, L. and Rao, K., 2005. CAMERA: Introducing memory concepts via visualization, In Proceedings of the 36th SIGCSE Technical Symposium, St. Louis, Missouri, Feburary 23-27, 2005, 96-100.
- Naps, T. L. et al. 2003a. Exploring the role of visualization and engagement in computer science education, ACM SIGCSE Bulletin, Vol. 35, Issue 2, 131-152, 2003.
- Grissom, S. et al. 2003. Algorithm visualization in CS education: comparing levels of student engagement, Proceedings of ACM 2003 Symposium on Software Visualization, 87-93, 2003.
- C. Bonwell, and J. Eison. “Active Learning: Creating Excitement in the Classroom,” ASHE-ERIC Higher Education Report 1, 1991.
- D. Schweitzer, W. Brown, “Interactive Visualization for the Active Learning Classroom,” In Proceedings of SIGCSE’07, March 7-10, 2007.
- Holliday, M. A. and Johnson, M. 2004. A web-based introduction to computer networks for non-majors - the protocol stack”, February, 2004. Available at:
- Elmqvist, N. 2004. ProtoViz: a simple security protocol visualization. report. Available at http://www.cs.chalmers.se/~elm/courses/security/report.pdf
- Schweitzer, D., Baird, L., Collins, M., Brown, W., AND Sherman, M. 2006. GRASP: A visualization tool for teaching security protocols, In Proceedings of the 10th Colloquium for Information Systems Security Education, June, 2006. 75 – 81.
- Gerhart, S. et al. 2005. Increasing security in aviation-oriented computing education: a modular approach, August 2005. Available at: http://nsfsecurity.pr.erau.edu/
- Deutsche Bank AG, CrypTool, available at: http://www.cryptool.org, accessed on January 29, 2009.
- Bishop, D. 2003. Introduction to Cryptography with Java Applets, Jones and Bartlett Publishers, Boston, 2003.
- Crandall, J.R., et al. 2002. Driving home the buffer overflow problem: a training module for programmers and managers, In Proceedings of National Colloquium for Information Systems Security Education (NCISSE 2002), Washington, 2002.
- Irvine, C. E. and Thompson, M. F. 2005. CyberCIEGE: gaming for information assurance, IEEE Security and Privacy, Vol. 3, Issue 3, 61- 64.
- L. Yu, L. Harrison, A. Lu, Z. Li, W. Wang, “3D Digital Legos for Teaching Security Protocols,” IEEE Transactions on Learning Technologies,
- XSS Made Simple- Flash Animation. URL: http://a4apphack.com/security/xss-made-simple-flash-animation, retrieved, retrieved March 11, 2014.
- C. A. Shaffer, T. L. Naps, and E. Fouh, “Truly interactive textbooks for computer science education,” Proceedings of the Sixth Program Visualization Workshop(PVW2011), Darmstadt, Germany, June 30- July 1, 2011.
- D. Clark, “HTML5: A Look Behind the Technology Changing the Web.” Wall Street Journal, Nov. 11, 2011.
- Gary Anthes, “HTML5 Leads a Web Revolution,” Communications of ACM, Vol. 55, No. 7, pp. 16-17, July 2012.
- SEED: Developing Instructional Laboratories for Computer Security Education. URL: http://www.cis.syr.edu/~wedu/seed/all_labs.html
- Cross-site Scripting, URL: https://www.owasp.org/index.php/Crosssite_ Scripting_(XSS)
- InterSecVis: Cross Site Scripting. URL: http://m6gatlinburg.com/tmp/xss/tmp/xss/xss.html, retrieved March 11, 2014.