Singapore Polytechnic partners with YesWeHack to hold its first-ever bug bounty event

September 6, 2019

Students on their computer trying to hack

Singapore Polytechnic (SP) successfully concluded its first ever bug-bounty event, held in partnership with YesWeHack, Europe’s leading bug bounty platform.

The first-ever held by the institution, the workshop brought more than 30 second- and third-year students from the Diploma in Infocomm Security Management back to school from their vacation as they learnt the ins and outs of bug-bounty hunting.

The workshop began with a bug bounty crash course led by BitK, a renowned French security researcher, bug hunter and Tech Ambassador at YesWeHack.

After equipping them with highly specialised bug hunting skills, he led students in a live experience to discover vulnerabilities and bugs in two selected applications.

During the bug bounty hunt, the Singapore Polytechnic students found a total of nine critical vulnerabilities in the applications, and by the end of the workshop, one group successfully penetrated and gained full admin rights to one of the applications – impressive for the first timers!

Bug bounty programs are a growing industry best practice, implemented by both public and private sector organizations across multiple sectors in Singapore. With cyber-attacks growing in scale and complexity, bug bounty has been recognised by the Singapore Government as an initiative to strengthen collaboration with the cybersecurity community to safeguard systems and digital services.

Life-long learning plays a significant role in advancing Singapore’s digital defence mandate. Equipping and exposing future talents to the latest technologies and practices creates a highly-skilled and sustainable workforce, which is especially vital in the area of cybersecurity, which is fast evolving.

This is well in line with Singapore Polytechnic’s ongoing efforts to keep the Diploma in Infocomm Security Management (DISM) course relevant with industry demands. Through the bug bounty event, students gain the technical know-how to detect bugs that are generally difficult to find using normal tools or techniques. Moreover, the out-of-curriculum activity complements the lessons taught in the course by allowing students to apply their existing skills and knowledge to real-life situations.

“The bug bounty workshop was well-received with our students. At Singapore Polytechnic, we aim to equip our students with the latest knowledge and skills. We are confident that the bug-bounty session gave our Infocomm Security Management students an insight into the cybersecurity industry and we’re exploring the inclusion of bug bounty programmes as part of the curriculum in the diploma course,” said Samson Yeow, Course Chair, Diploma of Infocomm Security Management, Singapore Polytechnic.
“Throughout my education at Singapore Polytechnic, I’ve had the opportunity to attend cybersecurity events like Capture-The-Flag competitions, which has allowed me to learn new things and further enhance my skills. Bug-bounty is very different, you’re trying to exploit a real and live application. This raises the difficulty level and requires me to pick up new skills and knowledge that cannot be found in a school environment,” said Jonathan Tan, a Year 3 Infocomm Security Management student.
“Singapore Polytechnic is setting a great example by taking a bold move to explore bug bounty as part of its course module. As one of the first tertiary institutions in Singapore to equip students with industry-level bug-bounty skills, we are excited to partner with them to explore ways to further enhance the learning experience for their future talents,” said Kevin Gallerin, Managing Director, Asia Pacific, YesWeHack. “Ethical hacking will increasingly become a larger focus as organisations tackle the cybersecurity threat, and training needs to start from young.”