GCU Ethical Hacking student identifies major website flaws for massive software company

(Pictured above) 2nd year Digital Security, Forensics and Ethical Hacking student Flaviu Popescu
(Pictured above) 2nd year Digital Security, Forensics and Ethical Hacking student Flaviu Popescu

A GCU Ethical Hacking student has impressed a large software company for using their skills to fix some significant errors found on their website.

2nd year Digital Security, Forensics and Ethical Hacking student Flaviu Popescu decided to get in contact with American multinational software company Red Hat when he spotted some major flaws on their website, whilst using it to enrol to their online academy.

Flaviu’s input was very helpful for the company. He said: “While enrolling onto the Red Hat Academy (a requirement for one of my modules) and receiving a couple emails from them, I notice something did not seem quite right.

After making sure that I could legally look further and confirm my suspicion, it was not long until I found two vulnerabilities in their website and contacted Red Hat to inform them. I collaborated with Red Hat by providing them with a written report and video PoC (proof of concept) and answering their questions in regards to these bugs.

After they fixed the issues, I was granted disclosure by Red Hat and wrote a blog article about it.”

Flaviu, who also works as the Head of IT for GCU’s Radio Caley, was delighted to have successfully identified issues within such a large software company. He said: “I feel fantastic! Finding as many opportunities as possible like this is one of my goals.

It gives me a great sense of accomplishment when you make a difference and help companies secure their systems before the bad guys get a chance to exploit them.”

Flaviu believes that opportunities like this have proven to be especially important in testing your skills in the real world. He said: “When you finish your studies and seek employment or start your own company, you need the experience and credible proof of your abilities.

My advice to students is to look for experiences like this because ultimately it’s going to give them real world practice. You have to find the right opportunities that work for yourself and use them to your advantage.

Don’t just stay within your degree curriculum, get involved in extra activities, this will also get you connected with the right people."

He added: "If you want to test your skills in the real world; look for opportunities in the real world. It is fun and it is ethical! Of course, you must always check the website you are testing allows you to do so. There is no shortcut - you must work hard and learn to find vulnerabilities in web apps, binary apps, etc.

If you want to be a hacker, put in the practical work!”

Read Flaviu’s online blog on his website

By Rachael McAlonan

Got a SCEBE or GSBS story? Email me at Rachael.McAlonan@gcu.ac.uk or connect with me on social media