DIGITAL LIBRARY
APPLICATION TO EXAMINE SQL INJECTION VULNERABILITIES AS A TOOL IN COMPUTER SCIENCE EDUCATION
Lublin University of Technology (POLAND)
About this paper:
Appears in: INTED2018 Proceedings
Publication year: 2018
Pages: 7404-7409
ISBN: 978-84-697-9480-7
ISSN: 2340-1079
doi: 10.21125/inted.2018.1739
Conference name: 12th International Technology, Education and Development Conference
Dates: 5-7 March, 2018
Location: Valencia, Spain
Abstract:
Information security is one of the key factors in computer science education. This is due to the rapidly growing number and complexity of attacks. SQL injection (SQLI) attacks directed to get, modify or destroy data are some of the most popular, according to the Open Web Application Security Project organisation. Because of this, it was necessary to create an efficient tool to support computer science students in dealing with SQLI attacks and to teach them techniques of protecting applications against them. Such a tool was created at the Lublin University of Technology by Computer Science (CS) students.

It is an application prepared in various versions:
• Susceptible to SQLI attacks – this version has no protections implemented and supports users against SQLI attacks,
• With weak protections – this version allows for examining susceptibilities of improperly protected applications,
• With strong protection – allowing to demonstrate the level of protection and examine if it is possible to successfully protect an application against SQLI attacks.

In order to assess the prepared application’s usefulness in training, an examination was carried out. To evaluate the final result, we have put forward three working hypotheses:
H1: The application is easy to use and start learning.
H2: The application makes training easier and more effective.
H3: Using the application allows for a quick start of training and boosts the speed of training.

To confirm these hypotheses, we surveyed a group of CS students by asking them about their experiences in the research area. The students were questioned about their experiences with an application after some training in the SQLI attacks domain. The application used during the training and its assessment results are discussed in the paper.
Keywords:
Sql injection, computer science.