Towson University is creating new opportunities to ensure its computer science students are ready to lead in the growing world of cybersecurity.

This past summer, the Office of Undergraduate Research and the Jess and Mildred Fisher College of Science and Mathematics teamed up to launch Course-Based Undergraduate Research Experiences (CURE), an “in-house” summer research program designed to give students high-level experience without relying on federal grants.

Over five weeks, nine students participated in the Cyber CURE summer research experience, guided by Bassam Zahran, clinical assistant professor in the Department of Computer and Information Sciences. The program, which was also through a partnership with TU's Center for Interdisciplinary & Innovative Cybersecurity (Cyber4All), had simple but ambitious : to help students understand that research isn’t just about learning facts — it’s about learning how to think.

“As a research university we want to make you think, not just memorize,” Zahran says. “If we focus on that research part, we can teach them how to be thinkers, how to be creative, how to add to the world rather than just receive and deliver.

“We want our students to step forward to being a leader and an innovator.”

Computer Science Senior, Cory Burns

Cyber Security Advice

Phishing 

"Not looking at the sender’s email address or for spelling mistakes in the email body and clicking links included in the body is the easiest way to get malware attached to your device." — Cory Burns '26

Cutting-edge research on cyber defense

At the start of the program, Zahran challenged students to explore a topic they knew little about. He chose SQL injections (SQLi) — a common and dangerous hacking method that exploits weaknesses in an application’s database security.

SQLi attacks can expose or destroy data, change account balances or even give hackers administrative control of a database. For Zahran, it was the perfect topic to explore the real-world stakes of cyber defense.

“No business on earth can survive without having a database system,” Zahran says about why he chose this topic. “How to protect the database, your first line of defense is to protect against SQL injections because it’s a way to access your information, your database from outside. So how to stop that, this is a good technical skill to learn and apply.”

Hands-on learning in digital safety

Towson University senior Cory Burns does cyber security research in one of TU's cyber lab

Among the students was Cory Burns, a senior information technology major from Hagerstown, Maryland. Burns, who had taken one of Zahran’s spring classes, jumped at the opportunity to conduct research that could make an impact in the cybersecurity field.

“The idea of making a difference in the field of technology is what drove my decision to join the CURE program,” Burns says. “Starting out was a bit scary because of the timeline that we had to complete this, with all deliverables completed by the deadline of the program. Afterward, however, it became clear that this was a great opportunity to learn something new and network with those who think about similar technologies.”

Throughout the five weeks, students divided into small teams, learned Python, experimented with machine learning algorithms, and analyzed data to identify SQLi attack patterns. They presented their findings to faculty and local cybersecurity professionals.

Projects included:

  • Click, Publish...Exploit? The Lingering Threats to CMS Security
  • Comparative Evaluation of Machine Learning Models for SQL Injection Patterns
  • Behind the Breach: Unmasking the Patterns of SQL Injection Attacks

Beyond technical skills, Burns says the experience taught him the value of professional collaboration.

“I developed an enhanced insight into networking with other students and the professors that also conduct research in their own time,” Burns says. “Learning how to network as a student who is about to graduate is a crucial skill to have.”

TU Senior Computer Science major Equara Kahn

Cyber Security Advice 

Digital Safety 

"When you see that a website is not protected, if they don’t ask you to accept cookies, then don’t indulge. And always update your passwords, and make sure to never use the same passwords." — Equara Kahn '26

Subject matter experts in computer security

Unlike his typical classes, Zahran took a step back during the CURE project. His goal was to let students take full ownership of their research — to move from following instructions to discovering answers.

He compares the experience to learning to swim, in that once you learn you never forget.

“The best thing about this is the whole cure experience is they started not knowing anything about this topic, and then after five weeks, stop any one of the nine students and ask them about SQL injection. And you won’t be able to get rid of them,” Zahran laughs. “They will talk forever. That’s my greatest achievement, seeing that spark in their eyes.”

By the end of the program, they were explaining complex cyber vulnerabilities with confidence. They had become, as Zahran puts it, “subject matter experts.”

If we focus on that research part, we can teach them (students) to be thinkers, how to be creative, how to add to the world rather than just receive and deliver. We want our students to step forward to being a leader and an innovator.

Bassam Zahran

That’s exactly the type of transformation TU aims to provide through its CUREs programs, the ability to give students real-world experience while developing critical thinking and problem-solving skills that translate directly into the workforce.

Equara Kahn, a senior computer science major from Mumbai, India, says that having this experience not only allowed her to understand the topic more, having research on her resume is going to lead to more employment opportunities when she graduates.

“It’s such a big break for computer science students because having it on our resumes is such a big thing for us,” Kahn says. “I personally felt that once I added it to my resume, I got a lot more interest from recruiters, who were impressed with the work I’m doing 鶹ɫ."