A web application security testing course created by the UC Berkeley Information Security team, in partnership with the School of Information’s Master of Information and Cybersecurity Program, is receiving industry awards and acknowledgment.
Through the UC Berkeley program, graduate students from the School of Information’s Master of Information and Cybersecurity Program gain exposure to app security testing, focusing on both the technical and business processes. This allows allows the UC Berkeley Information Security team to provide testing for approximately nine critical apps per year, at a cost of a little over $7,000 — considerably cheaper than the average range of costs reported by NetworkAssured.
To create the program, organizers worked with UC Berkeley legal and policy teams, to create a student code of conduct, and IT service teams, to create a virtual machine environment in which students could conduct testing. They also partnered with Portswigger, a vendor that provided free software licenses for its web attack proxy tool, Burp Suite Professional. This partnership allowed the program to save nearly $7,000 in annual costs.
Over four semesters, students have tested 12 applications built on various application stacks (e.g. PHP, Java, etc.). They discovered 123 flaws, demonstrating the effectiveness of the instruction.
The Web Application Security Testing program was selected as an exemplar for the 2024 EDUCAUSE Horizon Report | Teaching and Learning Edition; was a finalist for the 2023 Gartner Eye on Innovation Award for Education; and received the 2023 California College Personnel Association Outstanding Use of Technology Award.
The Web Application Security Testing Program at Berkeley continues to thrive and has plans to extend testing services to other UC campuses.
Congratulations to the following team members:
- Josh Kwan (Information Security Analyst, ISO) – Staff
- Jennia Hizver (Course Instructor, MICS) – Faculty
- Lisa Ho (Academic Director, MICS) – Faculty
- Blaine Isbelle (Windows Operations & Services Manager, bIT) – Staff
- Liv Hassett (Associate Campus Counsel, Legal) – Staff
- Allison Henry (CISO) – Staff
- Charron Andrus (Associate CISO) – Staff
- Julie Goldstein (Info Sec Policy Program Manager, ISO) – Staff
- John Ives (Information Security Analyst, ISO) – Staff
- Mike Jones (Information Security Analyst, ISO) – Staff
- Jonathon Taylor (Systems Administrator, ISO) – Staff
- Erica Ching (Information Security Analyst, ISO) – Staff
For questions, contact Charron Andrus.