Web Application Security Testing


The Information Security Office has partnered with the School of Information's (I School) Master of Information and Cybersecurity (MICS) Program to offer web application security testing of UC Berkeley web applications by MICS students.

Detecting vulnerabilities in web applications can often be resource and time intensive and direct experience in testing is an invaluable learning strategy to prepare our students for today’s digital environment while concurrently lowering our risk profile across campus.  

We are currently accepting applications for future semesters.

How the Program Works

MICS instructor will teach a course on web application security testing and lead testing of approved UC Berkeley web applications by MICS students. 

  • This service is offered for free to campus web apps.
  • Testing will initially focus on web applications handling P4 and P3 data; however, all UC Berkeley web applications are encouraged to apply. All One IT departments will be invited to participate. Application admins will liaise with the MICS course to explain their application and plan for testing (QA/Test environment, credentials, scoping, etc.). Estimated two to four hours per semester time commitment.

  • Students will write reports for any discovered vulnerabilities, allowing application admins to fix previously undiscovered security flaws in their apps.

  • Students will test an average of three web applications per semester.

Benefits of the Program

  • Participation in the program satisfies MSSEI 6.3, the campus requirement for application security testing of UCB web apps handling P4 data or managing critical IT Resources. P4 web applications that do not currently have a solution such as third-party application security testing are strongly encouraged to apply to this program to satisfy MSSEI 6.3.

  • Much more cost effective than 3rd party testing services.

  • Strengthens the partnership between One IT and the campus community.

  • Students will develop and use offensive security skills against real-world web applications while receiving course credit.

  • Students will receive attribution for finding vulnerabilities by ISO that they can use to further their careers in cybersecurity.

  • Students and staff are able to participate in the public good of helping the University and protecting Institutional Information & IT Resources.

How to Apply