Securing the Stack: Bridging SQL Injection Defense and Ethical Responsibility in Cybersecurity Education

Despite widespread awareness of SQL injection (SQLi) vulnerabilities and well-documented countermeasures, SQLi remains a persistent threat in modern web applications. This paper argues that the continued prevalence of SQLi reflects not just technical shortcomings, but deeper sociotechnical failures in how secure coding is taught and practiced. Drawing on both cybersecurity education literature and Science and Technology Studies (STS), this research introduces an experiential educational module designed to bridge the gap between theoretical knowledge and practical application. The module integrates hands-on attack simulations, secure coding exercises, sociotechnical case studies, machine learning tools, and reflective inquiry. By situating technical training within real-world organizational constraints, the module helps learners understand both how to prevent SQLi and why such defenses often go unimplemented. Though not empirically validated, the module’s design reflects best practices in experiential learning and offers a scalable framework for improving cybersecurity education. The project reframes SQLi not merely as a coding flaw, but as a systemic challenge—one requiring both technical fluency and ethical awareness.