skip to main content


Title: Hands-On SQL Injection in the Classroom: Lessons Learned
SQL injections remain a serious security threat to applications using databases. In this experience paper, we report on teaching SQL injection hands-on using the EDURange platform in two diferent undergraduate courses, Web Development and Databases. We analyze the results from a voluntary survey with answers from 17 students who took the Web Development course and from 8 students who took the Database course. We focus our discussion around several lessons we learned, including the importance of guiding questions, covering unions and padding, and how to deal with the possibility of students adversely modifying the learning environment.  more » « less
Award ID(s):
2216492
PAR ID:
10417342
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
Journal of computing sciences in colleges
Volume:
38
Issue:
1
ISSN:
1937-4771
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. null (Ed.)
    We analyze the submissions of 286 students as they solved Structured Query Language (SQL) homework assignments for an upper-level databases course. Databases and the ability to query them are becoming increasingly essential for not only computer scientists but also business professionals, scientists, and anyone who needs to make data-driven decisions. Despite the increasing importance of SQL and databases, little research has documented student difficulties in learning SQL. We replicate and extend prior studies of students' difficulties with learning SQL. Students worked on and submitted their homework through an online learning management system with support for autograding of code. Students received immediate feedback on the correctness of their solutions and had approximately a week to finish writing eight to ten queries. We categorized student submissions by the type of error, or lack thereof, that students made, and whether the student was eventually able to construct a correct query. Like prior work, we find that the majority of student mistakes are syntax errors. In contrast with the conclusions of prior work, we find that some students are never able to resolve these syntax errors to create valid queries. Additionally, we find that students struggle the most when they need to write SQL queries related to GROUP BY and correlated subqueries. We suggest implications for instruction and future research. 
    more » « less
  2. SQL is a crucial language for managing relational database systems, and is an essential skill for individuals in roles such as researchers, developers, and business professionals who work with databases. However, learning SQL can be a challenge, presenting an opportunity to study the various methods students use to arrive at semantically equivalent SQL queries. In this study, we examined students’ SQL submissions to homework assignments in the Database Systems course offered to upper-level undergraduate and graduate students at the University of Illinois Urbana-Champaign during the Fall 2022 semester. Our goal was to understand how students arrive at SQL solutions and overcome challenges in the learning process by building on prior research on line chart visualizations that instructors can use to increase visibility on students who are struggling. However, a major limitation of this approach was the difficulty for instructors to sift through a large number of visuals representing each student’s performance on a SQL problem and generate action items at scale, especially when dealing with enrollments of over 700 students. To overcome this limitation, we developed a novel technique to generate textual representations of the student submission sequence using global sequence alignment scores and regular expression algorithms to further compact these submission sequences. This allows instructors to gain insights quickly, on an aggregate level, and in an automated manner, enabling them to identify students who may be struggling with SQL based on their submission sequence characteristics and take appropriate action to improve database education. Our study discovered common textual submission patterns and pattern elements, and we present our recommendations to instructors to improve database education based on these findings. 
    more » « less
  3. null (Ed.)
    Structured Query Language (SQL), the standard language for relational database management systems, is an essential skill for software developers, data scientists, and professionals who need to interact with databases. SQL is highly structured and presents diverse ways for learners to acquire this skill. However, despite the significance of SQL to other related fields, little research has been done to understand how students learn SQL as they work on homework assignments. In this paper, we analyze students' SQL submissions to homework problems of the Database Systems course offered at the University of Illinois at Urbana-Champaign. For each student, we compute the Levenshtein Edit Distances between every submission and their final submission to understand how students reached their final solution and how they overcame any obstacles in their learning process. Our system visualizes the edit distances between students' submissions to a SQL problem, enabling instructors to identify interesting learning patterns and approaches. These findings will help instructors target their instruction in difficult SQL areas for the future and help students learn SQL more effectively. 
    more » « less
  4. This study investigated patterns in the development of computational thinking practices in the context of the Exploring Computer Science (ECS) program, a high school introductory CS course and professional development program designed to foster deep engagement through equitable inquiry around CS concepts. Past research indicates that the personal relevance of the ECS experience influences students' expectancy-value towards computer science. Expectancy-value is a construct that is predictive of career choices. We extended our research to examine whether expectancy-value influences the development of computational thinking practices. This study took place in the context of two ECS implementation projects across two states. Twenty teachers, who implemented ECS in 2016–17, participated in the research. There were 906 students who completed beginning and end of year surveys and assessments. The surveys included demographic questions, a validated expectancy-value scale, and questions about students' course experiences. The assessments were developed and validated by SRI International as a companion to the ECS course. Overall, student performance statistically increased from pretest to posttest with effect size of 0.74. There were no statistically significant differences in performance by gender or race/ethnicity. These results are consistent with earlier findings that a personally relevant course experience positively influences students' expectancy for success. These results expanded on prior research by indicating that students' expectancy-value for computer science positively influenced student learning. 
    more » « less
  5. This paper documents the effects of an additive manufacturing course on two sets of students: (1) the undergraduates who took the course and (2) the middle and high school students who visited our labs. At the time of the conference, nine semesters of data (three years at three schools) will have been collected, as well as data from the middle and high school students who visited our labs. Overall, our research questions were: (1) what is the effect of this course on the content knowledge of (a) enrolled undergraduates and (b) middle and high school students? And (2) what is the effect of this course on the attitudes towards engineering and self-efficacy in engineering for (a) enrolled undergraduates and (b) middle and high school students? To determine the answers, our longitudinal matched-pairs data collection was conducted. In short, as measured by t-test, all students improved on content knowledge (p less than .01), but female students improved slightly more than male students (+9.89 versus +9.01, respectively). Undergraduates did not change their minds about the factors that are important in engineering, although they did significantly change their self-efficacy ratings in some skills because of the course. In particular, undergraduates rated themselves higher in teamwork, creativity, and technical skills, which reflect the content and focus of the course. Additionally, we brought multiple field trips of middle and high school students into our labs for outreach. Using a simplified version of the metric described above, we can see that all students improved on content knowledge. 
    more » « less