Metrics
9 Record Views
Conference proceeding
White-box Fuzzing in the Wild: A Chaos Engineering Module for DevOps Security Education
Proceedings: 2025 IEEE 49th Annual Computers, Software, and Applications Conference COMPSAC 2025, pp.2387-2393
IEEE Annual International Computer Software and Applications Conference
Annual Computers, Software, and Applications Conference (COMPSAC), 49th (Toronto, Ontario, Canada, 07/08/2025–07/11/2025)
08/26/2025
Web of Science ID: WOS:001575960000326
Abstract
In today's fast-paced software development environments, DevOps has revolutionized the way teams build, test, and deploy applications by emphasizing automation, collaboration, and continuous integration/continuous delivery (CI/CD). However, with these advancements comes an increased need to address security proactively, giving rise to the DevSecOps movement, which integrates security practices into every phase of the software development lifecycle. DevOps security remains underrepresented in academic curricula despite its growing importance in the industry. To address this gap, this paper presents a hands-on learning module that combines Chaos Engineering and White- box Fuzzing to teach core principles of secure DevOps practices in an authentic, scenario-driven environment. Chaos Engineering allows students to intentionally disrupt systems to observe and understand their resilience, while White-box Fuzzing enables systematic exploration of internal code paths to discover corner- case vulnerabilities that typical tests might miss. The module was deployed across three academic institutions, and both pre- and post-surveys were conducted to evaluate its impact. Pre-survey data revealed that while most students had prior experience in software engineering and cybersecurity, the majority lacked exposure to DevOps security concepts. Post-survey responses gathered through ten structured questions showed highly positive feedback 66.7% of students strongly agreed, and 22.2% agreed that the hands-on labs improved their understanding of secure DevOps practices. Participants also reported increased confidence in secure coding, vulnerability detection, and resilient infrastructure design. These findings support the integration of experiential learning techniques like chaos simulations and white-box fuzzing into security education. By aligning academic training with real- world industry needs, this module effectively prepares students for the complex challenges of modern software development and operations.
Related links
Details
- Title
- White-box Fuzzing in the Wild
- Publication Details
- Proceedings: 2025 IEEE 49th Annual Computers, Software, and Applications Conference COMPSAC 2025, pp.2387-2393
- Resource Type
- Conference proceeding
- Conference
- Annual Computers, Software, and Applications Conference (COMPSAC), 49th (Toronto, Ontario, Canada, 07/08/2025–07/11/2025)
- Publisher
- IEEE; ieeexplore
- Series
- IEEE Annual International Computer Software and Applications Conference
- Number of pages
- 7
- Grant note
- National Science Foundation: 2310179, 2209637, 2421324, 2433800, 1946442
This research is funded by the National Science Foundation through grants NSF Award #2310179, #2209637, #2421324, #2433800, and #1946442. The views, conclusions, and recommendations presented in this material are those of the authors and do not necessarily represent the perspectives of the National Science Foundation.
- Copyright
- © 2025, IEEE
- Identifiers
- WOS:001575960000326; 99381484295106600
- Academic Unit
- Center for Cybersecurity and AI
- Language
- English