Challenge-Based Learning in Web Security: Real-World Vulnerabilities in the Classroom

Előadó: Prof. Dr. Zlatko Čović, Subotica Tech-College of Applied Sciences, Subotica, Serbia

Időpont: 2025. október 9. 14:00 – 15:30

Helyszín: NJE GAMF Kar 4/315, 6000 Kecskemét, Izsáki út 10., https://goo.gl/maps/PBRD61j7JbsptAEq5

Az előadás tartalmából  

This lecture introduces Challenge-Based Learning (CBL) as an active learning approach in web security education. At Subotica Tech, CBL has been applied through hands-on challenges where students individually solve tasks, submit their code and explanatory reports, and later reflect on solutions in joint discussions. Through these challenges, students explore and mitigate real-world vulnerabilities such as SQL Injection, XSS, and CSRF in a controlled PHP environment, while practicing secure coding techniques. The assignments also integrate broader topics relevant to information security, including:

· Filtering and validating user input data
· Secure file uploads and user management
· Secure sessions, cookies, and API endpoints
· Cryptography and token-based authentication
· Web server and directory protection
· IoT and mobile application security
· Database hardening and SQL injection prevention
· Restricting unsafe dynamic function calls and analyzing metadata in media files

In the second part of the presentation, participants will have the opportunity to attempt solving selected tasks themselves, followed by a discussion of different solutions and approaches. The goal is to demonstrate how CBL can effectively engage learners while strengthening both technical knowledge and security awareness.

Az előadó
Zlatko Čović is coming from Subotica, Serbia and holds a PhD in Computer Science. He holds the position of college professor at Subotica Tech-College of Applied Sciences. At the same time, he also serves as Assistant Director for Public Relations and Students at Subotica Tech.