About

Contributions & Publications

• The Story of the Million Dollar Bounty
• “CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter
• Employee’s GitHub Token Found In Travis CI Build Logs
• Karim Rahal: Security Features of Firefox
• Stored XSS-ing Millions Of Sites Through HTML Comment Box
• Guest blog: Karim Rahal on a Spotify playlist hack

Press

• CI build logs continue to expose company secrets (ZDNet)
• How a popular website plugin became a serious security liability (TheNextWeb)
• Comments Widget Exposed Many Websites to Attacks (SecurityWeek)
• Kid hackers break XSS defences, find hack hole in 2 million websites (The Register)