Yassine ABOUKIR

Web App Security Consultant & ISCAEist


  • Reddit Whitehat Trophy
    Reddit Whitehat Trophy

    Recieved Reddit whitehat trophy for managing to bypass redirection protection.

  • Alibaba Hall of fame
    Alibaba Hall of fame

    Listed among other security reseachers in AliBaba hall of fame.

  • Medium Whitehat
    Medium Whitehat

    Listed in Medium.com whitehat list as token of appreciation for helping with their security.

  • Angel.co Thanks
    Angel.co Thanks

    Listed in Angel.co hall of fame

  • Prezi reward
    Prezi reward

    Rewarded by Prezi security team as token of appreciation for reporting a security regression.

  • Jumplead Hall of Fame
    Jumplead Hall of Fame

    Responsibly disclosed multiple security vulnerabilities to Jumplead.

  • Schubergphilis  Aknowledgment
    Schubergphilis Aknowledgment

    Discovered a critical header injection vulnerability in Schubergphilis.com

  • AT&T Aknowledgment
    AT&T Aknowledgment

    Aknowledged by AT&T company for reporting them an XSS flaw http://goo.gl/C7Kg2F

  • OpenText Aknowledgment
    OpenText Aknowledgment

    Security aknowledgment from Opentext for reporting XSS vulnerability in one of their product. http://goo.gl/XGlaOK

  • ESET Aknowledgment
    ESET Aknowledgment

    I recieved an Aknowledgment certificate from ESET for reporting them Open redirection vulnerability.

  • Facebook Hall Of Fame
    Facebook Hall Of Fame

    I have got Facebook aknowledgment for responsibly disclosing them an open redirection vulnerbility http://goo.gl/PM9v45

  • PunBB 1.4.2 : Full penetration testing
    PunBB 1.4.2 : Full penetration testing

    I was hired by Informer Technologies to test the security penetration of the web application PunBB v1.4.2 a lightweight PHP-based internet discussion board system.

  • InvisionApp Hall Of Fame
    InvisionApp Hall Of Fame

    InvisionApp.com was suffering from a security vulnerability related to session management.

  • Sony Hall Of Fame
    Sony Hall Of Fame

    Sony’s server was suffering from a SSL-related security vulnerability. I was aknowledged for contributing in the improvement of the security of their product.

  • Openfolio Hall Of Fame
    Openfolio Hall Of Fame

    Openfolio aknowledged my name in their hall of fame for responsibly reporting them a security flaw.

  • Wepay Hall Of Fame
    Wepay Hall Of Fame

    I am listed in Wepay’s hall of fame for reporting a critical vulnerability: CSRF Countermeasure Bypass. See: https://hackerone.com/wepay/thankshttps://hackerone.com/wepay/thanks

  • Twitter Hall Of Fame
    Twitter Hall Of Fame

    Twitter aknowledged my name in their hall of fame for helping them improve the security of their services by reporting critical security flaws https://hackerone.com/twitter/thanks

  • Microsoft Hall Of Fame
    Microsoft Hall Of Fame

    The Microsoft Security Response Center (MSRC) recognized me for helping to make Microsoft online services safer by finding and reporting security vulnerabilities http://technet.microsoft.com/en-us/security/cc308589.aspx

  • Humblebundle.com Hall Of Fame
    Humblebundle.com Hall Of Fame

    Listed in HumbleBundle.com Hall Of fame for reporting a sensitive data leaking vulnerability https://bugcrowd.com/humblebundle/hall-of-fame

  • Squareup.com Hall Of Fame
    Squareup.com Hall Of Fame

    Listed in Squareup.com Hall Of Fame among other security researchers for reporting them a sensitive data leaking bug.

  • CMS Developer
    CMS Developer

    I am a skilled wordpress developper impressed by the CMS’s performance. I worked on many websites but unfortunately I do not have a screenshot of them because they are all now expired.

  • Author of many exploits
    Author of many exploits

    I am author of multiple vulnerabilities found on different web applications which has been disclosed after notifying the vendor about it. For more details you can browse my profile on Exploit Database http://www.exploit-db.com/author/?a=3311

  • Router Sagem Fast 3304-V2
    Router Sagem Fast 3304-V2

    An authentication bypassing vulnerability was found in Sagem’s routers which are largely distributed in Morocco by Maroc Telecom for its ADSL subscribers. More details : http://goo.gl/uPjSHu POC video : http://goo.gl/gz1CF0

  • GoFundMe Vulnerabilities
    GoFundMe Vulnerabilities

    I have discovered multiple vulnerabilities in the first crowdfunding platform in the world. As a token of appreciation, I was given a monetary compensation.

  • MediaFire Certificate
    MediaFire Certificate

    I came across a critical vulnerability in the section of password reset. As a compensation, I was given a certificate to attest my discovery. You can download it from http://goo.gl/8ZQdnZ

  • Yahoo! Aknowledgment
    Yahoo! Aknowledgment

    I have found a critical security issue in Yahoo’s website that would allow any attacker to reset the poll’s votes.