Ask me anything!

Who am I?

I am Pham Viet An - a software engineer that blends into the world of application security with a focus on web security at LY Corporation. My daily responsibilities involve

- Identify vulnerabilities in web and mobile applications, where I have discovered issues including IDOR, XSS, SSRF, RCE, SQLi, NoSQLi, and path traversal.
- Develop automated scripts for thousands of services running on LINE's cloud infrastructure to detect and mitigate security risks, such as log4j vulnerabilities and legacy or insecure libraries like libwebp related libs.
- Manage LINE Corporation's bug bounty program.
- Organize LINE Capture the Flag (CTF) challenges annually.
- Conduct security training sessions for our developers.

Education

2016-2020
Ho Chi Minh city University of Science
- Bachelor of Computer Science. GPA 3.79/4.0.
- Participated in ACM ICPC World Final 2020.
- Conducted 2 Searchable Symmetric Encryption research papers and was marked as best paper in Informatica Journal 2020.
2013-2016
VNU HCM High School for the gifted
- High school diploma
- 2nd prize in Vietnam Olympiad Informatics 2016
- 2nd prize in Vietnam Olympiad Informatics 2015

Experience

I have around 5 years of experience in software development, and 3 years of application security. This background enables me to understand multiple perspectives, allowing me to provide clear explanations and propose the most effective approaches to solving complex problems.

Bug bounties

Hackerone

Hackerone is one of the most renown security bug bounty platform in the world:
- Found some critical issues on Miro
- Found some CVEs on fastify
Safevuln

Safevuln is a security bug bounty platform in Vietnam. Personally I got some issue with how they handle security report so I stopped using them
- Found account takeover via OAuth
- Found cross-app account takeover via XSS via postMessage

CVEs

I help secure the world by reporting my findings whenever I found any vulnerabilities in open-sourced packages.