Rafay Baloch is the founder and CEO of RHA InfoSec. Baloch has responsibly disclosed hundreds of vulnerabilities in his roughly six year career in security research - earning as much as $10,000 from companies such as PayPal in the process. His biggest discovery may be CVE-2014-6041, a bug that could allow a bad actor to circumvent the Android Open Source Platform (AOSP) browser's Same-Origin Policy (SOP). It was a significant issue - it was covered by major news outlets and was deemed a privacy disaster by security experts - and at the time impacted the approximately 75 percent of Android users running platforms older than version 4.4. Baloch initially disclosed the vulnerability on his blog on Sept. 1, providing a proof-of-concept exploit. Baloch's primary areas of expertise include network security and web application penetration testing. He specializes in finding vulnerabilities in web applications, frameworks and browsers, as well as bypassing web application firewalls, HTML 5 attack vectors and breaking filters of modern web browsers. Baloch is very active in bug bounty programs, having submitted and been recognized by companies such as Google, Facebook, Microsoft, Twitter and Dropbox. he holds numerous certifications.
展开▼
