photo by: Joselyn King

West Virginia Northern Community College student Grant Kent demonstrates the “Bank The Bank” application designed to help teach students about secure coding practices and to understand the mindset of a hacker.

WHEELING — There are students at West Virginia Northern Community College who are certified to legally hack into online computer programs.

That expertise permits them to not just create a computer program, but to also tear one down to expose its vulnerabilities through “ethical web hacking.”

Six students teamed up to design a program called “Break The Bank” with the goal of helping future students and others learn the psychology behind computer programming, and how to get into the mind of a hacker.

Their project features a simulated and purposely vulnerable banking website to help learners explore secure coding practices and adopt a hacker’s mindset to better defend against cyber threats.

It was unveiled Friday during the Student Showcase Symposium at WVNCC.

“Break The Bank” is a website developed in-house at WVNCC as a testing ground for ethical web hacking. It was designed to mimic the bank apps used by much of the population, but purposely contains serious bugs that could be exploited by even a novice attacker, the project’s narrative states.

Students working on “Break The Bank” were Angela Ackerman, Sean Lauritzen, Kevin Hoge, Grant Kent, Wyatt McNeil and Josephine Poulin.

The group was composed of some students with expertise in cybertechnology, and others with knowledge of software development, Kent explained.

He added that among his certifications is one licensing him to do pen testing, or conduct simulated cyberattacks to assess the security of a system or network. He is set to graduate from WVNCC this month.

“Companies actually hire you to come in and tell them what is vulnerable and what’s not, and how to secure it,” Kent said.

The program created by the WVNCC students can be used by both the novice and the expert at computer program testing.

“I tested it at my level, and I ran up and down the website. I had a blast,” Kent said. “For people who have no experience, of course it is designed for them to go in and pen test.”

What the tester typically is looking for are vulnerabilities during the logging-in to the website, or cross site scripting — which tricks the website into sending a malicious code into the victim’s web browser.

Vikram Tugali, program director and assistant professor of computer information technology at West Virginia Northern Community College, explained his classes teach students the basics of what is inside a computer.

“As they move along, with the two-year cybersecurity program, they can obtain micro-credentials,” he explained. “We have eight to nine classes that allow them to get those credentials.

“The reason this is important is that I am getting a lot of students from high school. These students might not have computer literacy skills, so it is our responsibility to help them learn the best way that we can.”

There are programs similar to “Break the Bank” that are used in classrooms, but they cost as much as $20 per student, Tugali noted.

The in-house “Break The Bank” now will be used by future WVNCC students, and the money spent before will be put toward other educational offerings, he said.