Students in Singapore won big when they took on the role of “student hackers,” hacking into their own university after finding weak points in network security.
The students attend the National University of Singapore, which used a “bug bounty challenge” to motivate students to hone their hacking skills as part of a larger approach to securing its infrastructure and bridging the cybersecurity skills gap by building students’ practical cybersecurity skills.
A bug bounty challenge incentivizes ethical hackers to look for software vulnerabilities in exchange for a monetary reward or “bounties” in return for the disclosed vulnerabilities or “bugs.”
Related content: New trend sees evolution of higher-ed hackathon
The bug bounty challenge was sponsored by HackerOne. Prior to the challenge launch, students were equipped with comprehensive training from HackerOne’s dedicated web security training platform, Hacker101. Hacker101 offers webinars, lectures and online training exercises. This is the second time HackerOne has partnered with a university to empower students to secure their school. In 2017, the University of Berkeley in the U.S. enrolled in an experimental “cyberwar” course, powered by HackerOne. HackerOne continues to invest in the next generation of hackers, partnering with community groups and educators to ensure the internet of the future is a safer place.
During the NUS’ three-week hacking challenge in August 2019, more than 200 students participated, hunting for security vulnerabilities in NUS’ digital infrastructure. Bounties ranged from $100 for lower-severity vulnerabilities to $1,500 for critical ones. Overall, 13 valid vulnerabilities were safely reported by students, with $4,550 awarded in total. Participating students were also eligible to earn extra academic credits for select course modules on the completion of the training sessions.