Youssef Sammouda
Script error: No such module "Draft topics".
Script error: No such module "AfC topic".
Youssef Sammouda | |
---|---|
Born | April 24, 1999 Sousse, Tunisia |
🏳️ Nationality | Tunisian |
🏫 Education | Université du Québec à Montréal (UQAM) (dropped out) |
💼 Occupation | Cyber Security Researcher and Consultant, Bug Bounty Hunter |
🌐 Website | https://ysamm.com |
Youssef Sammouda (a.k.a samm0uda[1]) (born April 24, 1999) is a Tunisian[2] cyber security researcher and bug bounty hunter. He is best known for his contributions to web application security through participation in bug bounty programs, most notably finding multiple vulnerabilities in Meta/Facebook that could have allowed malicious actors to hack Facebook user's accounts.[3][4] Youssef learned programming when he was 12[5] and at age 17, he started his bug bounty hunting journey and managed to get his name listed in Meta/Facebook Bug bounty program's hall of fame page for 6 years from 2017 to 2022 and get ranked first place in the same program for 4 years straight.[6]
Youssef has a cyber security blog "ysamm.com"[7] which uses it to share his work. He published more that 70 articles and write-ups explaining the vulnerabilities he found in Meta/Facebook products. In 2019, Youssef identified a critical security vulnerability affecting Facebook.com which allowed him to exfiltrate information like user's private information and internal infrastructure data, according to Meta/Facebook and was awarded $65000 for reporting this vulnerability.[8] In 2021, Youssef discovered a series of critical vulnerabilities in Facebook Canvas App Product which were addressed and fixed by Meta/Facebook and got him rewarded a $187,250 bug bounty[9]. In 2022, he managed to find another critical vulnerability that allowed him to takeover Facebook accounts registered with Gmail email addresses[10]
Biography[edit]
Youssef grew up in Sousse, Tunisia and attended Hammam-Sousse High School. Youssef went to the UQAM University in Montreal to pursue a bachelor degree in Computer Engineering but he dropped out to focus on web development and doing security assessments.[11] [12]
Publications and articles[edit]
- Youssef Sammouda's Blog
- How Meta and the security industry collaborate to secure the internet
- How to Hack Facebook Accounts? Just Ask Your Targets to Open a Link
- Facebook Awarded $25000 Bounty For Reporting a CSRF Vulnerability
- Password Bypass Vulnerability In Facebooks’ “Download Your Information” Feature
- Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability
- Critical CSRF Vulnerability on Facebook
- Oculus, Facebook account takeovers net security researcher $30,000 bug bounty
- Facebook pays out $25k bug bounty for chained DOM-based XSS
- Interview with a bug bounty hunter: Youssef Sammouda
- Fresh flaws in Facebook Canvas earn bug bounty hunter a second payday
- Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed
References[edit]
- ↑ "Youssef's Twitter Account".
- ↑ "Youssef Sammouda LinkedIn Profile".
- ↑ "Oculus, Facebook account takeovers net security researcher $30,000 bug bounty".
- ↑ "Facebook pays out $25k bug bounty for chained DOM-based XSS".
- ↑ "Interview with a bug bounty hunter: Youssef Sammouda".
- ↑ "Meta Whitehat Thanks Page".
- ↑ "Youssef Sammouda's Blog".
- ↑ "A Look Back at 2019 Bug Bounty Highlights".
- ↑ "How Meta and the security industry collaborate to secure the internet".
- ↑ "Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed".
- ↑ "Youssef Sammouda LinkedIn Profile".
- ↑ "Interview with a bug bounty hunter: Youssef Sammouda".
This article "Youssef Sammouda" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Youssef Sammouda. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.