The first-ever held by the institution, the workshop brought more than 30 second- and third-year students from the Diploma in Infocomm Security Management back to school from their vacation as they learnt the ins and outs of bug-bounty hunting.
The workshop began with a bug bounty crash course led by BitK, a renowned French security researcher, bug hunter and Tech Ambassador at YesWeHack.
After equipping them with highly specialised bug hunting skills, he led students in a live experience to discover vulnerabilities and bugs in two selected applications.
During the bug bounty hunt, the Singapore Polytechnic students found a total of nine critical vulnerabilities in the applications, and by the end of the workshop, one group successfully penetrated and gained full admin rights to one of the applications – impressive for the first timers!
Bug bounty programs are a growing industry best practice, implemented by both public and private sector organizations across multiple sectors in Singapore. With cyber-attacks growing in scale and complexity, bug bounty has been recognised by the Singapore Government as an initiative to strengthen collaboration with the cybersecurity community to safeguard systems and digital services.
Life-long learning plays a significant role in advancing Singapore’s digital defence mandate. Equipping and exposing future talents to the latest technologies and practices creates a highly-skilled and sustainable workforce, which is especially vital in the area of cybersecurity, which is fast evolving.
This is well in line with Singapore Polytechnic’s ongoing efforts to keep the Diploma in Infocomm Security Management (DISM) course relevant with industry demands. Through the bug bounty event, students gain the technical know-how to detect bugs that are generally difficult to find using normal tools or techniques. Moreover, the out-of-curriculum activity complements the lessons taught in the course by allowing students to apply their existing skills and knowledge to real-life situations.