About
I began my hacking journey back in 2013 when I was just 15 when I discovered hacking, driven by my passion for spotting vulnerabilities. Now at 27, I’m a cybersecurity professional with over 8 years of experience. I’ve reported vulnerabilities for industry leaders like Apple, Google, Microsoft, The U.S. Department of Defense, and The Government of Singapore. With over 200 companies acknowledging my findings, I specialize in web, mobile, and API security testing. I'm an active bug bounty participant on Bugcrowd and HackerOne, With a passion for security and past speaking engagements at local and international universities on Bug Bounty, as well as conferences like BlackHat MEA, I’m dedicated to securing global technologies and advancing cybersecurity.
Skills
Work Experience
Certifications and Trainings
Bugcrowd Statistics
Muhammad Khizer Javed
Rank
32nd
Reports
605
Points
9220
Total Projects
168
Badges:
HackerOne Statistics
Muhammad Khizer Javed
Reputation
4162
Reports
155
Thanks
125
Signal
4.08
Badges:
Discover My Projects
I've engaged in extensive Bug Bounty Hunting and Penetration Testing, identifying critical vulnerabilities. Here are some of my notable findings. For more insightful blogs, Visit blog.securitybreached.org
Bug Bounty Blueprint: A Beginner’s Guide
In today's digital landscape, cybersecurity is more critical than ever, and bug bounty hunting has emerged as an exciting opportunity for security enthusiasts and professionals alike. In this comprehensive guide, we delve into the essentials of bug bounty hunting, providing you with the foundational knowledge and practical tips to embark on your journey.
AI Hijack: How I Took Control of an AI Assistant
During a penetration test, I uncovered an exposed OpenAI API in JS file key that allowed unauthorized control of an AI assistant in a live production environment. I demonstrated how attackers could manipulate the assistant's instructions, raising awareness of AI-related vulnerabilities. This discovery emphasized the critical need for stronger API security when integrating AI technologies into business operations.
Hacking 100k+ Loyalty Programs for Fun and Profit!
While performing a security assessment for an eCommerce client, I uncovered a vulnerability that could have allowed malicious actors to manipulate loyalty points and redeem them for free products, cash, or massive discounts. By exploiting the 3rd party rewards system, it was possible to inflate points across 100k+ loyalty programs across the internet. I reported the vulnerability to the client and the 3rd party helped them patch the issue before any exploitation occurred.
Finding Hidden Threats: How I Found Leaked AWS Credentials in an Android App API Using DAST
During a bug bounty project, I discovered leaked AWS credentials embedded in the API of an Android application for an online casino. This vulnerability had the potential to grant full access to their AWS infrastructure, putting sensitive data and operations at risk. After reporting the issue, I worked closely with the company to remediate the vulnerability and improve their security posture.
Hall of Fame
Some Companies I've reported vulnerabilities to and received acknowledgments from
Total programs: 371
Get in Touch
Want to chat? Just shoot me a dm with a direct question on LinkedIn and I'll respond whenever I can.