Karim Rahal
  • About

About

Contributions & Publications

  • The Story of the Million Dollar Bounty
  • “CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter
  • Employee’s GitHub Token Found In Travis CI Build Logs
  • Karim Rahal: Security Features of Firefox
  • Stored XSS-ing Millions Of Sites Through HTML Comment Box
  • Guest blog: Karim Rahal on a Spotify playlist hack

Press

  • CI build logs continue to expose company secrets (ZDNet)
  • How a popular website plugin became a serious security liability (TheNextWeb)
  • Comments Widget Exposed Many Websites to Attacks (SecurityWeek)
  • Kid hackers break XSS defences, find hack hole in 2 million websites (The Register)