Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course

Charles Koutcheme; Artturi Tilanterä; Aleksi Peltonen; Arto Hellas; Lassi Haaranen

doi:10.1145/3502718.3524748

Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course

Charles Koutcheme, Artturi Tilanterä, Aleksi Peltonen, Arto Hellas, Lassi Haaranen

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

1 Sitaatiot (Scopus)

68 Lataukset (Pure)

Abstrakti

Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment.

Alkuperäiskieli	Englanti
Otsikko	ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education
Kustantaja	ACM
Sivut	75-81
Sivumäärä	7
ISBN (elektroninen)	978-1-4503-9201-3
DOI - pysyväislinkit	https://doi.org/10.1145/3502718.3524748
Tila	Julkaistu - 7 heinäk. 2022
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	Annual Conference on Innovation and Technology in Computer Science Education - University College Dublin, Dublin, Irlanti Kesto: 8 heinäk. 2022 → 13 heinäk. 2022 Konferenssinumero: 27 https://iticse.acm.org/2022/

Julkaisusarja

Nimi	Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE
Kustantaja	ACM
Vuosikerta	1
ISSN (painettu)	1942-647X

Conference

Conference	Annual Conference on Innovation and Technology in Computer Science Education
Lyhennettä	ITiCSE
Maa/Alue	Irlanti
Kaupunki	Dublin
Ajanjakso	08/07/2022 → 13/07/2022
www-osoite	https://iticse.acm.org/2022/

Pääsy asiakirjaan

10.1145/3502718.3524748

Exploring How Students Solve Open-ended AssignmentsFinal published version, 1,06 MB

Muut tiedostot ja linkit

Linkki julkaisuun Scopuksessa

Science-IT
Hakala, M. (Manager)
Perustieteiden korkeakoulu
Laitteistot/tilat: Facility

Siteeraa tätä

Koutcheme, C., Tilanterä, A., Peltonen, A., Hellas, A., & Haaranen, L. (2022). Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course. teoksessa ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education (Sivut 75-81). (Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE; Vuosikerta 1). ACM. https://doi.org/10.1145/3502718.3524748

Koutcheme, Charles ; Tilanterä, Artturi ; Peltonen, Aleksi et al. / Exploring How Students Solve Open-ended Assignments : A Study of SQL Injection Attempts in a Cybersecurity Course. ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education. ACM, 2022. Sivut 75-81 (Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE).

@inproceedings{8c30723919854b22bc69614b081815d8,

title = "Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course",

abstract = "Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment. ",

keywords = "database security, education, problem solving, sql injection",

author = "Charles Koutcheme and Artturi Tilanter{\"a} and Aleksi Peltonen and Arto Hellas and Lassi Haaranen",

note = "Publisher Copyright: {\textcopyright} 2022 ACM.; Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE ; Conference date: 08-07-2022 Through 13-07-2022",

year = "2022",

month = jul,

day = "7",

doi = "10.1145/3502718.3524748",

language = "English",

series = "Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE",

publisher = "ACM",

pages = "75--81",

booktitle = "ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education",

address = "United States",

url = "https://iticse.acm.org/2022/",

}

Koutcheme, C, Tilanterä, A, Peltonen, A, Hellas, A & Haaranen, L 2022, Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course. julkaisussa ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education. Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE, Vuosikerta 1, ACM, Sivut 75-81, Annual Conference on Innovation and Technology in Computer Science Education, Dublin, Irlanti, 08/07/2022. https://doi.org/10.1145/3502718.3524748

Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course. / Koutcheme, Charles; Tilanterä, Artturi; Peltonen, Aleksi et al.
ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education. ACM, 2022. s. 75-81 (Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE; Vuosikerta 1).

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

TY - GEN

T1 - Exploring How Students Solve Open-ended Assignments

T2 - Annual Conference on Innovation and Technology in Computer Science Education

AU - Koutcheme, Charles

AU - Tilanterä, Artturi

AU - Peltonen, Aleksi

AU - Hellas, Arto

AU - Haaranen, Lassi

N1 - Conference code: 27

PY - 2022/7/7

Y1 - 2022/7/7

N2 - Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment.

AB - Research into computing and learning how to program has been ongoing for decades. Commonly, this research has been focused on novice learners and the difficulties they encounter, especially during CS1. Cybersecurity is a critical aspect in computing - as a topic in university education as well as a core skill in the industry. In this study, we investigate how students solve open-ended assignments on a cybersecurity course offered to university students after two years of CS studies. Specifically, we looked at how students perform SQL injection attacks on an web application system, and study to what extent we can characterize the process in which they come up with successful injections. Our results show that there are distinguishable strategies used by individual students who seek to hack the system, where these approaches revolve around exploration and exploitation tactics. We also find evidence of learning due to a more pronounced use of exploitation in a subsequent similar assignment.

KW - database security

KW - education

KW - problem solving

KW - sql injection

UR - http://www.scopus.com/inward/record.url?scp=85134431640&partnerID=8YFLogxK

U2 - 10.1145/3502718.3524748

DO - 10.1145/3502718.3524748

M3 - Conference article in proceedings

AN - SCOPUS:85134431640

T3 - Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE

SP - 75

EP - 81

BT - ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education

PB - ACM

Y2 - 8 July 2022 through 13 July 2022

ER -

Koutcheme C, Tilanterä A, Peltonen A, Hellas A , Haaranen L. Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course. julkaisussa ITiCSE 2022 - Proceedings of the 27th ACM Conference on Innovation and Technology in Computer Science Education. ACM. 2022. s. 75-81. (Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE). doi: 10.1145/3502718.3524748

Exploring How Students Solve Open-ended Assignments: A Study of SQL Injection Attempts in a Cybersecurity Course

Abstrakti

Julkaisusarja

Conference

Pääsy asiakirjaan

Muut tiedostot ja linkit

Sormenjälki

Laitteet

Science-IT

Siteeraa tätä