GetWhiteHatsJan 72 min read
Feature Friday: Philippe Harewood
Meet Philippe Harewood, a white hat hacker from Trinidad and Tobago. One of the Best White Hat Hacker on Facebook Bug Bounty Program.
Follow him on Twitter: @phwd and check his blog: http://philippeharewood.com/
1. How did you start penetration testing?
Initially, I heavily participated in Stack Overflow, specifically questions dealing with Facebook API. After that, I read blog posts by Nir Goldshlager, Neal Poole, and Egor Homakov, which gave me a feel for how API/OAuth bugs work. Later on, I followed up on posts by Stephen Sclafani, Jack Whitton, and Josip Franjković to see other bugs. By that point, I was hooked.
2. What motivates you to participate in Bug Bounty Programs?
The thrill of the bounty itself, not the money directly, but how the security team values the bug. I don’t like Hall of Fame, the only reason I check Facebook’s Whitehat list is to see who has a new bug.
3. What was the biggest/coolest security vulnerability you’ve found in your bug bounty journey?
It will probably have to be “Abusing Facebook Graph Search using GraphQL “http://philippeharewood.com/abusing-facebook-graph-search/" since I invested a great deal of time digging up GraphQL, probably over a year and a half before I reached that bug.
4. What is your favorite hacking tool for searching security vulnerabilities?
Google Dorking.
5. Do you have any advice for other white hat hackers considering getting into bug bounty programs?
Read and learn to write well. Maintain good relations with the security team of the bounty program, it will help you in the long run.
