A new class at the University of California, Berkeley, is training students to hack.
The class, called Cyberwar, teaches its 80 students how to find security flaws in the apps and websites people use every day.
“I mostly focused on government websites, specifically voter registration websites,” said Vy-An Phan, a junior studying electrical engineering and computer science who’s enrolled in the class.
During class assignments, she discovered vulnerabilities in at least five sites that could potentially be used to trick someone into registering incorrectly.
“What I found was state websites and local websites were usually extremely poorly run,” she told CNN Tech. “If I can find [bugs], certainly someone else can.”
Twice a week, students pour into Berkeley’s Hewlett Packard auditorium to learn how nation-state actors and cybercriminals hack into computer systems. By learning their methods, they can learn to try and stop them.
In addition to government sites, students have also uncovered vulnerabilities in various apps, including from one a bank and shopping sites. One student made $100 after reporting a bug to the company.
Doug Tygar, the computer science professor who teaches the class, calls it an experiment.
“The goal is to train students to build super secure systems,” Tygar told CNN Tech after a class. “But in order to do that, they have to be able to think like a hacker.”
The class works with HackerOne, a hacker-for-hire platform. Every bug a student finds is reported to the company or organization where it was found. Companies on the HackerOne platform pay hackers who find bugs in their systems. Most students target the companies that use the platform.
Students also hear lectures and attend events hosted in partnership with HackerOne to learn from professional hackers.
“Unless you have the skill of being able to think like a hacker, you’re not going to be able to build secure systems,” Tygar said.
The Cyberwar class won’t be offered next semester, but Tygar plans to teach it again in the future. And he intends to change the name.
Meanwhile, Ted Kramer, chief of staff at HackerOne, said the company wants to bring the program to more campuses.
The class could help prepare students for future employment. According to a report from Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs worldwide by 2021.
Phan ultimately wants a job in security testing to help companies keep apps, websites and infrastructure secure.
“I find it much more rewarding than being a developer,” she said.