Northern Kentucky University
Creating a Security Application to be Exploited for Educational Hacking
Institution
Northern Kentucky University
Faculty Advisor/ Mentor
Yi Hu
Abstract
As our dependency on technology continues to increase, so does the need for computer security. College courses focusing on computer security offer students insight on various techniques used by hackers to exploit computer systems and applications. An important aspect in learning about the various attacks and how to prevent them not only lies in the knowledge of the various attacks, but also in the practice. Students can gain a deeper understanding of how attacks work and how to prevent them by becoming the “hacker.” To address this need, I am building an application that mimics a fully functional online bookstore, but is purposefully designed to allow for exploitation that yields desirable results that would be sought after by a real “hacker.” Through the use of this application, students are provided with an isolated environment to practice carrying out the various attacks that they are learning in class. Students will have various goals to work towards, and will be awarded points based on the number of goals they are able to achieve. We argue that many existing mini security exercises, each of which targets at a different application scenario, cannot provide the same experience and are not effective for learning security concerns intertwined in an application. The purpose of this research application is to give students a holistic experience on exploiting different vulnerabilities in a single application and let students learn security concerns and impacts of security vulnerabilities in a real world scenario.
Creating a Security Application to be Exploited for Educational Hacking
As our dependency on technology continues to increase, so does the need for computer security. College courses focusing on computer security offer students insight on various techniques used by hackers to exploit computer systems and applications. An important aspect in learning about the various attacks and how to prevent them not only lies in the knowledge of the various attacks, but also in the practice. Students can gain a deeper understanding of how attacks work and how to prevent them by becoming the “hacker.” To address this need, I am building an application that mimics a fully functional online bookstore, but is purposefully designed to allow for exploitation that yields desirable results that would be sought after by a real “hacker.” Through the use of this application, students are provided with an isolated environment to practice carrying out the various attacks that they are learning in class. Students will have various goals to work towards, and will be awarded points based on the number of goals they are able to achieve. We argue that many existing mini security exercises, each of which targets at a different application scenario, cannot provide the same experience and are not effective for learning security concerns intertwined in an application. The purpose of this research application is to give students a holistic experience on exploiting different vulnerabilities in a single application and let students learn security concerns and impacts of security vulnerabilities in a real world scenario.