Md Shariar Shanaz Shuvon, a 17-year-old self-taught ethical hacker from Bangladesh, has made headlines by discovering a critical security flaw in NASA’s cybersecurity infrastructure. The U.S. space agency officially acknowledged his findings with a letter of appreciation, recognizing his contribution to strengthening their system.
Born and raised in Jhenaigati, Sherpur, Shuvon completed his SSC from Jhinaigati Government Model Pilot High School. He is currently pursuing a diploma in Information Technology at the University of Cyberjaya in Malaysia. Alongside his studies, Shuvon works as an Information Security Analyst at ERTH (Blue Bee Technologies Sdn. Bhd.), a technology solutions provider specializing in cybersecurity.
Shuvon’s journey into the world of cybersecurity began early, in Class 7, when he first started learning programming through free online resources such as YouTube tutorials and PDFs. By Class 8, he was deeply engaged in cybersecurity, participating in bug hunting and hackathons. “I worked in different tech sectors, like SEO, graphic design and video editing, but cybersecurity is my true passion,” he shared.
On June 11, 2024, Shuvon uncovered a privacy-related bug in NASA’s system. He explained that after studying recent vulnerabilities discovered by others, he combined multiple techniques—namely, Insecure Direct Object Reference (IDOR) and Server-Side Request Forgery (SSRF) to identify a significant flaw. This bug granted access to Earth data containing personal information, which could have been exploited for phishing or data sales. He promptly reported the issue to NASA, which fixed the vulnerability.
Shuvon followed NASA’s Vulnerability Disclosure Policy (VDP), a program that legally allows security researchers to report system weaknesses. In February 2025, NASA recognized his ethical approach and valuable findings by issuing an official appreciation letter, naming him an independent security researcher.
Read More: Bangladesh’s Foreign Exchange Reserve Hits 25.44 Billion USD
His success at NASA is only part of his growing portfolio. Shuvon has also discovered vulnerabilities in major companies such as Sony and Meta. At Sony, he found an IDOR bug that allowed unauthorized data access, while at Meta, he identified a privacy flaw exposing hidden profile reactions. He specializes in these types of bugs, focusing on information disclosure and access control weaknesses.
Shuvon’s expertise is reflected in his ranking as the top global user on TryHackMe, a leading platform for cybersecurity training and penetration testing challenges, with over two million users worldwide. He uses tools like Burp Suite, Nuclei, and Google Dorks, but emphasizes that logical thinking and a hacker’s mindset are key to success.
Despite international recognition and opportunities, Shuvon remains committed to improving Bangladesh’s cybersecurity landscape. He points out that many organizations in Bangladesh do not take digital threats seriously and lack proper bug reporting systems. “Companies need to recruit qualified personnel to handle bug reports and raise awareness about the damage bugs can cause,” he said.
Looking ahead, Shuvon aspires to help build effective bug reporting systems and spread cybersecurity awareness across Bangladesh. He dreams of creating tools or companies that can make a lasting impact in the field. “Bug hunting is just the beginning,” he says.
Md Shariar Shanaz Shuvon’s story is a powerful reminder that talent and determination can come from anywhere even a small town in Sherpur and make a difference on a global scale. His ethical approach and dedication offer hope and inspiration to young tech enthusiasts in Bangladesh and beyond.
