Female valedictorian discovers security vulnerabilities of US tech giant Oracle

11:12, 03/12/2021

Before becoming valedictorian at the Academy of Cryptography Techniques, Le My Quynh had been been honored by a US tech group for her discovery of important security flaws.

 

Le My Quynh
Le My Quynh

Before becoming valedictorian at the Academy of Cryptography Techniques, Le My Quynh had been been honored by a US tech group for her discovery of important security flaws.

Most recently, Quynh discovered five new vulnerabilities, which all were considered serious or extremely serious. These research results were included in her graduation thesis ‘Research on Deserialization vulnerabilities in Java language’ which got an A+ score.

Completing a 5-year university program with a grade point average of 3.5/4.0 in mid-November, Quynh became one of the best students in her program.

Quynh decided to study at the Academy of Cryptography Techniques. Her father is a former student of the school, while Quynh, in her childhood, understood that she was suited to engineering rather than social sciences.

Because of her learning achievements in the first year at the school, Quynh obtained a full scholarship to study in Russia. However, she decided to refuse the opportunity and stay in Vietnam, because she did not want to spend two more years learning Russian and attending exams.

Quynh said she has never regretted the decision.

In the second year at university, she began registering to attend the competitions on information security. CTF (capture the flag) was one of them.

The second-year student tested her strength with seniors, and many times discovered zero-days, i.e. the vulnerabilities either unknown to those who should be interested in its mitigation or a patch that has not been developed.

She also attended VNPT Security Marathon and obtained an internship at VNPT (Vietnam Posts and Telecommunications Group) when she finished her second year at school. She appreciated the opportunity of working there, because it allowed her to learn from practice and co-workers.

“I found that detecting security holes is the fastest way to approach knowledge in information security. This helped me with my studies at school,” she recalled.

In late 2019, Quynh discovered the first extremely serious flaw. In 2020, she found four vulnerabilities. All of them were on WebLogic, the server of Oracle, the US technology group whose products are used by many companies around the world.

If the flaws had not been discovered and patches had not been used, black-hat hackers might have found the vulnerabilities and penetrated the system, thus causing serious consequences.

Quynh has found nine bugs so far, including six extremely dangerous ones.

She said in order to find vulnerabilities, one needs to spend many months and hours studying products.

(Source: VNN)