Implementation of Generative Language Models (GLM) in Cyber Exercise Secure Coding using Prompt Engineering

  • Jeckson Sidabutar Politeknik Siber dan Sandi Negara
  • Alfido Osdie Badan Siber dan Sandi Negara
DOI: https://doi.org/10.29207/resti.v9i2.6012
Keywords: Cyber Exercise, Generative Language Models, Prompt Engineering, Secure Coding

Abstract

With the advancement of technology, the need for secure software is becoming increasingly urgent due to the rise in vulnerabilities in applications. In 2022, the National Cyber and Encryption Agency (BSSN) recorded 2,348 cases of web defacement, with one of the main causes being the lack of attention to secure coding practices during software development. This study explores the utilization of Generative Language Models (GLMs), such as ChatGPT, in secure coding training to enhance developers' skills. GLMs were implemented in a cybersecurity platform designed specifically for secure coding training, also serving as learning assistants that users can interact with during the cyber exercise. The study results show that the cyber exercise using GLMs significantly improved users' secure coding skills, as evidenced by comparing pre-test and post-test scores, indicating an increase in knowledge and proficiency in secure coding practices.

Downloads

Download data is not yet available.

References

B. Dash, M. F. Ansari, P. Sharma, and A. Ali, “Threats and Opportunities with AI-based Cyber Security Intrusion Detection: A Review,” Int. J. Softw. Eng. Appl., vol. 13, Sep. 2022, doi: 10.5121/ijsea.2022.13502.

H. Hanif, M. H. N. B. M. Nasir, M. F. A. Razak, A. Firdaus, and N. B. Anuar, “The rise of software vulnerability: Taxonomy of software vulnerabilities detection and machine learning approaches,” J. Netw. Comput. Appl., vol. 179, p. 103009, 2021, [Online]. Available: https://api.semanticscholar.org/CorpusID:232145287

BSSN, LANSKAP KEAMANAN SIBER 2022. 2022.

Evan Data Corp, “The State of Developer-Driven Security Survey,” 2022.

Secure Code Warrior, “Where does secure code sit on the list of development team priorities?” Accessed: Nov. 03, 2023. [Online]. Available: https://www.securecodewarrior.com/article/where-is-secure-code-in-development-team-priorities

BSSN, Peraturan BSSN Nomor 4 Tahun 2021. 2021.

International Organization for Standardization, ISO 27001:2022 : Information security, cybersecurity, and privacy protection-Information security management systems-Requirements, 3rd ed. 2022. [Online]. Available: https://www.iso.org/standard/27001

T. F. Heston and C. Khun, “Prompt Engineering in Medical Education,” International Medical Education, vol. 2, no. 3. pp. 198–205, 2023. doi: 10.3390/ime2030019.

P. Denny et al., “Computing Education in the Era of Generative AI,” Commun. ACM, vol. 67, no. 2, pp. 56–67, Jan. 2024, doi: 10.1145/3624720.

R. Khoury, A. Avila, J. Brunelle, and B. Camara, How Secure is Code Generated by ChatGPT? 2023. doi: 10.1109/SMC53992.2023.10394237.

W. Lepuschitz, M. Merdan, G. Koppensteiner, R. Balogh, and D. Obdržálek, Robotics in Education: Methodologies and Technologies. 2021. doi: 10.1007/978-3-030-67411-3.

B. Yetiştiren, I. Özsoy, M. Ayerdem, and E. Tüzün, Evaluating the Code Quality of AI-Assisted Code Generation Tools: An Empirical Study on GitHub Copilot, Amazon CodeWhisperer, and ChatGPT. 2023. doi: 10.48550/arXiv.2304.10778.

L. Blessing and A. Chakrabarti, DRM, a Design Research Methodology. 2009. doi: 10.1007/978-1-84882-587-1.

International Organization for Standardization, “ISO 22398:2013 Sécurité sociétale — Lignes directrices pour exercice,” 2013. [Online]. Available: https://www.iso.org/fr/standard/50294.html

A. Ayala, F. Cruz, D. Campos, R. Rubio, B. Fernandes, and R. Dazeley, A Comparison of Humanoid Robot Simulators: A Quantitative Approach. 2020. doi: 10.1109/ICDL-EpiRob48136.2020.9278116.

L. Huang, H. Zhang, R. Li, Y. Ge, and J. Wang, “AI Coding: Learning to Construct Error Correction Codes,” IEEE Trans. Commun., vol. 68, no. 1, pp. 26–39, 2020, doi: 10.1109/TCOMM.2019.2951403.

E. Suprapto, “User Acceptance Testing (UAT) Refreshment PBX Outlet Site BNI Kanwil Padang,” J. Civronlit Unbari, vol. 6, p. 54, Oct. 2021, doi: 10.33087/civronlit.v6i2.85.

W. Wulandari, N. Nofiyani, and H. Hasugian, “USER ACCEPTANCE TESTING (UAT) PADA ELECTRONIC DATA PREPROCESSING GUNA MENGETAHUI KUALITAS SISTEM,” J. Mhs. Ilmu Komput., vol. 4, pp. 20–27, Mar. 2023, doi: 10.24127/ilmukomputer.v4i1.3383.

T. Little et al., “The retrospective pretest–posttest design redux: On its validity as an alternative to traditional pretest–posttest measurement,” Int. J. Behav. Dev., vol. 44, p. 016502541987797, Oct. 2019, doi: 10.1177/0165025419877973.

A. Selvaraj, R. E. Zhang, L. Porter, and A. G. Soosai Raj, Live Coding: A Review of the Literature. 2021. doi: 10.1145/3430665.3456382.

L. Conklin and G. Robinson, CODE REVIEW GUIDE RELEASE V2. 2017.

Published
2025-04-16
How to Cite
Sidabutar, J., & Osdie, A. (2025). Implementation of Generative Language Models (GLM) in Cyber Exercise Secure Coding using Prompt Engineering. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 9(2), 334 - 342. https://doi.org/10.29207/resti.v9i2.6012
Issue
Vol 9 No 2 (2025): April 2025
Section
Information Systems Engineering Articles

Copyright (c) 2025 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Copyright in each article belongs to the author

  1. The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
  2. Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;