For the first time an Database Security & Management (DSM) assignment has taken the form of an exciting mini-tournament!
A class is split into groups of 4 to 5 students, and each team was given an unprotected database/web server image which they have to beef it up by hardening the operating system and database configurations.
After the initial setup teams will then commence on attacking on others' live server through exploitation methods and techniques such as Structured Query Language Injection. Points are awarded based on how much data a team manages to read or write into other databases, and additional bonus is awarded to anyone who can gain full control of another's server.
In the end there will also be a presentation session for participating teams to share with each other their attempts, approaches, achievements, learnings and reflections during the competition.
Competition begins!
A little collaboration between teams? Or is it social engineering?
Classmates ... why you hack me?!