<![CDATA[The increasing number of attacks on web applications necessitates strengthening secure programming competencies among computer science students. However, cybersecurity learning is often constrained by ethical and legal limitations, as direct testing on real-world systems is not permissible. This study designed and implemented a web-based cybersecurity training platform that provides a simulated vulnerability environment for secure programming practice. The methodology covers learning needs analysis, system design, vulnerability module implementation, and integration of defensive coding features. The platform operates as an online virtual laboratory accessible via www.kampuscyber.unaux.com, with modules addressing SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), File Upload Vulnerability, Insecure Direct Object Reference (IDOR), Command Injection, Directory Traversal, Weak Authentication, and Insecure Cookie handling. Each module maps programming errors directly to their security consequences, paired with defensive coding solutions. The evaluation involved 15 students enrolled in a cybersecurity training program. Across 10 modules, students achieved a 79.33% success rate in completing exploitation tasks and 65.33% in providing secure programming solutions — a gap that points to the greater difficulty of defensive over offensive competency. These findings indicate that the platform offers a safe and controlled environment for web vulnerability learning and mitigation practice, and may serve as an ethical alternative for practice-based secure programming education without exposing real-world systems to risk.]]>
Copyrights © 2026
