SQL Injection: A Demonstration and Implications for Accounting Students

Authors

David Henderson, University of Mary Washington
Michael Lapke
Christopher Garcia, University of Mary WashingtonFollow

Document Type

Article

Digital Object Identifier (DOI)

10.3194/1935-8156-11.1.1

Journal Title

AIS Educator Journal

Publication Date

2016

Abstract

The purpose of this paper is to present a pedagogical case that demonstrates how a prevalent cybersecurity threat, SQL Injection (SQLi), operates. Prompted by questions from students such as: “How do cybersecurity threats work?” and “What specific actions can organizations take to mitigate cybersecurity threats?”, this paper demonstrates the technical inner-working of SQLi. Students first answer background questions on SQLi and then simulate SQLi in both a Microsoft Access and web-based environment.

Comments

Additional issues of the AIS Educator Journal can be viewed at: https://meridian.allenpress.com/aisej/issue.

Publisher Statement

The AIS Educator Association sponsors the AIS Educator Journal, a peer-reviewed outlet for scholarship that benefits accounting information systems (AIS) education. The AIS Educator Journal is online and open access (freely available to the public).

© 2016 AIS Educator Association

Recommended Citation

Henderson, David, Michael Lapke, and Christopher Garcia. 2016. “SQL Injection: A Demonstration and Implications for Accounting Students.” AIS Educator Journal 11 (1): 1–8. https://doi.org/10.3194/1935-8156-11.1.1.