HackerOne, the number one hacker-powered pentesting and bug bounty platform, today announced the successful conclusion of its bug bounty challenge with the National University of Singapore (NUS). NUS is the first university in Singapore to actively incentivize its own students to hone their hacking skills through a bug bounty challenge. A bug bounty challenge is used by organizations to incentivize ethical hackers to look for software vulnerabilities in exchange for a monetary rewards or ‘bounties’ in return for the disclosed vulnerabilities or ‘bugs’. The initiative is part of NUS’ forward-thinking approach to both securing its infrastructure and bridging the cybersecurity skills gap by building students’ practical cybersecurity skills.
During the NUS’ three-week hacking challenge in August 2019, more than 200 students participated, hunting for security vulnerabilities in NUS’ digital infrastructure. Bounties ranged from US$100 for lower severity vulnerabilities to US$1,500 for critical ones. Overall, 13 valid vulnerabilities were safely reported by students with US$4,550 awarded in total. Participating students were also eligible to earn extra academic credits for select course modules on the completion of the training sessions.
Prior to the launch of the bug bounty challenge, students were equipped with comprehensive training from HackerOne’s dedicated web security training platform, Hacker101. Hacker101 offers webinars, lectures and online training exercises. This is the second time HackerOne has partnered with a university to empower students to secure their school. In 2017, the University of Berkeley in the U.S. enrolled in an experimental “cyberwar” course, powered by HackerOne. HackerOne continues to invest in the next generation of hackers, partnering with community groups and educators to ensure the internet of the future is a safer place.
“By allowing our students to hack our own applications, we are breaking conventional and conservative notions, and offering students the unique experience of hacking on production systems. said Tommy Hor, Chief Information Technology Officer at NUS. “It is not possible to be ‘100% safe’ in cybersecurity. Therefore, we adopt a proactive and predictive approach to cybersecurity and the bug bounty challenge is a great example of this. In this case, participating students are given the opportunity to search for vulnerabilities in the systems and applications they are already familiar with because of regular usage. This complements the regular vulnerability scanning and penetration testing performed by our staff. Collectively, these efforts help us to identify and remediate security vulnerabilities before they can be exploited by malicious threat actors.”
“The bug bounty program provides a great opportunity for us to put our technical skills to the test to find bugs in high-value web applications,” said Ngo Wei Ling, a Year 2 undergraduate from NUS School of Computing who participated and won a bounty.
Another winner, Ahn Tae Gyu, a Year 3 undergraduate from NUS School of Computing, adds, “We carried out reconnaissance and active enumeration, which enabled us to uncover vulnerable systems and web pages, in which we were able to discover hidden security bugs. This process provided us with the understanding of how web servers in production mode are configured and it is commendable that NUS is aiming to resolve security bugs before malicious attackers are able to exploit them by fostering responsible disclosure.”
“Hacker powered security is the most effective way to find vulnerabilities before they can be exploited,” said Laurie Mercer, Security Engineer at HackerOne. “I wish I had the chance to contribute to the security of my university when I was an undergraduate. The bugs the NUS students found, including critical reports, show that they have the skills that are needed to create a safer internet. I am excited to see what they can accomplish in the future!”
NUS plans to make the hacking challenge an annual event, and in 2020, it expects to expand the scope of applications to be tested and to reach out to more participants.
HackerOne is the #1 hacker-powered pentest & bug bounty platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,500 other organizations have partnered with HackerOne to find over 130,000 vulnerabilities and award over $65M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, France and Singapore.
About National University of Singapore
The National University of Singapore (NUS) is Singapore’s flagship university, which offers a global approach to education, research and entrepreneurship, with a focus on Asian perspectives and expertise. We have 17 faculties across three campuses in Singapore, as well as 12 NUS Overseas Colleges across the world. Close to 40,000 students from 100 countries enrich our vibrant and diverse campus community.
Our multidisciplinary and real-world approach to education, research and entrepreneurship enables us to work closely with industry, governments and academia to address crucial and complex issues relevant to Asia and the world. Researchers in our faculties, 29 university-level research institutes, research centres of excellence and corporate labs focus on themes that include energy, environmental and urban sustainability; treatment and prevention of diseases common among Asians; active ageing; advanced materials; as well as risk management and resilience of financial systems. Our latest research focus is on the use of data science, operations research and cybersecurity to support Singapore’s Smart Nation initiative.
For more information on NUS, please visit www.nus.edu.sg.