About this paper

Appears in:
Pages: 7404-7409
Publication year: 2018
ISBN: 978-84-697-9480-7
ISSN: 2340-1079
doi: 10.21125/inted.2018.1739

Conference name: 12th International Technology, Education and Development Conference
Dates: 5-7 March, 2018
Location: Valencia, Spain

APPLICATION TO EXAMINE SQL INJECTION VULNERABILITIES AS A TOOL IN COMPUTER SCIENCE EDUCATION

G. Koziel, B. Krawczynski, J. Marucha, P. Wojcicki, S. Skulimowski

Lublin University of Technology (POLAND)
Information security is one of the key factors in computer science education. This is due to the rapidly growing number and complexity of attacks. SQL injection (SQLI) attacks directed to get, modify or destroy data are some of the most popular, according to the Open Web Application Security Project organisation. Because of this, it was necessary to create an efficient tool to support computer science students in dealing with SQLI attacks and to teach them techniques of protecting applications against them. Such a tool was created at the Lublin University of Technology by Computer Science (CS) students.

It is an application prepared in various versions:
• Susceptible to SQLI attacks – this version has no protections implemented and supports users against SQLI attacks,
• With weak protections – this version allows for examining susceptibilities of improperly protected applications,
• With strong protection – allowing to demonstrate the level of protection and examine if it is possible to successfully protect an application against SQLI attacks.

In order to assess the prepared application’s usefulness in training, an examination was carried out. To evaluate the final result, we have put forward three working hypotheses:
H1: The application is easy to use and start learning.
H2: The application makes training easier and more effective.
H3: Using the application allows for a quick start of training and boosts the speed of training.

To confirm these hypotheses, we surveyed a group of CS students by asking them about their experiences in the research area. The students were questioned about their experiences with an application after some training in the SQLI attacks domain. The application used during the training and its assessment results are discussed in the paper.
@InProceedings{KOZIEL2018APP,
author = {Koziel, G. and Krawczynski, B. and Marucha, J. and Wojcicki, P. and Skulimowski, S.},
title = {APPLICATION TO EXAMINE SQL INJECTION VULNERABILITIES AS A TOOL IN COMPUTER SCIENCE EDUCATION},
series = {12th International Technology, Education and Development Conference},
booktitle = {INTED2018 Proceedings},
isbn = {978-84-697-9480-7},
issn = {2340-1079},
doi = {10.21125/inted.2018.1739},
url = {http://dx.doi.org/10.21125/inted.2018.1739},
publisher = {IATED},
location = {Valencia, Spain},
month = {5-7 March, 2018},
year = {2018},
pages = {7404-7409}}
TY - CONF
AU - G. Koziel AU - B. Krawczynski AU - J. Marucha AU - P. Wojcicki AU - S. Skulimowski
TI - APPLICATION TO EXAMINE SQL INJECTION VULNERABILITIES AS A TOOL IN COMPUTER SCIENCE EDUCATION
SN - 978-84-697-9480-7/2340-1079
DO - 10.21125/inted.2018.1739
PY - 2018
Y1 - 5-7 March, 2018
CI - Valencia, Spain
JO - 12th International Technology, Education and Development Conference
JA - INTED2018 Proceedings
SP - 7404
EP - 7409
ER -
G. Koziel, B. Krawczynski, J. Marucha, P. Wojcicki, S. Skulimowski (2018) APPLICATION TO EXAMINE SQL INJECTION VULNERABILITIES AS A TOOL IN COMPUTER SCIENCE EDUCATION, INTED2018 Proceedings, pp. 7404-7409.
User:
Pass: