Web Application Security: Building an Offensive Testing Program with Cybersecurity Graduate Students

According to the 2022 Verizon Data Breach Investigations Report, 40% of all data breaches involved a web application attack. At the same time, hands-on web application security testing is resource-intensive and out of reach for many institutions on tight budgets, leaving many critical applications vulnerable to attack. Come learn about UC Berkeley’s innovative solution to this challenge, a partnership between the Information Security Office and the School of Information's Master of Information and Cybersecurity (MICS) Program, to provide offensive web application security testing services for campus business applications. Through their coursework, MICS students are authorized to launch attacks against real-world campus web applications. This invaluable learning strategy prepares them for cybersecurity careers while lowering our campus risk profile by providing actionable reports to campus application developers. During this session, we’ll cover all aspects of this program from inception to management and give you ideas for implementing a similar program at your institution.