30 September 2019 – Six NUS Computing undergraduate and Masters students were named award winners at the recent NUS Bug Bounty Challenge held from 14 to 26 August this year. The students made up two-thirds of the total number of winners – nine NUS students were awarded cash prizes for their discoveries.
More than 200 NUS students participated in the three-week challenge held in August. Students were taught the skills needed to find security vulnerabilities and were subsequently challenged to hunt for vulnerabilities in NUS’s digital infrastructure. This is the first time a local university in Singapore has hosted a bug bounty challenge to secure its infrastructure and encourage students to build and sharpen their cybersecurity skills.
Third year Information Security student Ahn Taegyu took home the biggest cash prize after finding four vulnerabilities in the system. He won a total of $1,500 for his discoveries. “The bug bounty programme was a great opportunity for students like myself to put our technical skills to the test and attempt to find bugs in high-value web applications,” said Tae Gyu. “Through this challenge, students like myself get a better understanding of how web servers are configured.”
The other NUS Computing winners include second-year Information Security student Ngo Wei Lin, third-year Computer Science student Koh Zheng Wei, first-year Computer Engineering student Kingston Kuan, and Master’s in Infocomm Security students Marilyn Chua and Liu Su.
“It was a refreshing experience to have participated in the bug bounty challenge as it provided me the platform to apply what I have learnt academically into a real world scenario,” said third-year Computer Science student Zheng Wei. “Through this challenge, I am reminded that not everything in the cyber domain is well protected and that vulnerabilities will still fall through the loop even if there are many security policies in place. The vulnerabilities I found have also serve as reminder for me to not make such errors when I am programming.”
NUS Computing Bug Bounty Winners
- Ahn Taegyu (Information Security, Year 3) – two high severity vulnerabilities and two medium severity vulnerabilities
- Ngo Wei Lin (Information Security, Year 2) – two medium severity vulnerabilities
- Koh Zheng Wei (Computer Science, Year 3) – one medium severity vulnerability
- Marilyn Chua (Master’s in Infocomm Security) – one medium severity vulnerability
- Kingston Kuan (Computer Engineering, Year 1) – one low severity vulnerability
- Liu Su (Master’s in Infocomm Security) – one low severity vulnerability
Yahoo! Finance, 5 September 2019