Ask a hacker: A conversation with ahacker1

GitLab invited bug bounty hunter Alexander Siyou Tan, also known as ahacker1, for an AMA session. Alexander is passionate about hacking complex SaaS applications, especially authorization-based vulnerabilities. He started his hacking journey during the Covid-19 pandemic, transitioning from gaming to exploring game hacks and easter eggs. He uses RubyMine as his IDE and focuses on code analysis, reviewing repositories on GitLab. Alexander has explored using AI to assist in finding vulnerabilities and is currently focusing on SAML and SSO research. He offered tips for the GitLab Bug Bounty Program, including leveraging GitLab's open source nature for code analysis and studying patch releases for reverse-engineering techniques. Outside of hacking, Alexander enjoys playing games, going on walks, and exploring nature. He believes cereal is a type of soup and doesn't think he would survive long in a zombie apocalypse without the internet. The GitLab Bug Bounty Program aims to enhance the security of their products and services, resolving 1,684 reports and awarding over $4.7 million in bounties since its public launch in December 2018.