17-year-old Bangladeshi receives NASA recognition for ethical hacking

Doha, Qatar: “I don’t learn to hack, I hack to learn.” That’s how 17-year-old Md Shariar Shanaz Shuvon explains his passion for cybersecurity. “I don’t wait for the perfect time or course to start learning. I break things, explore systems, and that’s how I really learn,” Shuvon told The Peninsula in an online interview.

A self-taught ethical hacker from Bangladesh, Shuvon recently made headlines after receiving an official letter of appreciation from the National Aeronautics and Space Administration (NASA). His achievement? Discovering a serious security flaw in NASA’s system and doing the right thing by reporting it responsibly.

On June 11, 2024, Shuvon uncovered a serious privacy-related vulnerability in NASA's systems by combining two hacking techniques—Insecure Direct Object Reference (IDOR) and Server-Side Request Forgery (SSRF). “By chaining these together, I accessed sensitive Earth data that contained personal information. If misused, this could have led to phishing attacks or data leaks.” 

Instead of exploiting the vulnerability, Shuvon reported it through NASA’s official Vulnerability Disclosure Policy, and in February 2025, NASA responded with a formal letter recognising his ethical approach and technical skill.

“Honestly, I was surprised. I never expected NASA to notice someone like me. It was just me doing what I love—finding bugs," he shared with The Peninsula. "That moment reminded me that even from a small place, you can make a global impact."

Shuvon’s path into cybersecurity began in his early teens, fuelled by YouTube tutorials, free online courses, and hours of self-study. Now based in Malaysia, he is pursuing a Diploma in Information Technology at the University of Cyberjaya. "Malaysia feels like a hub that’s growing fast in tech and cybersecurity. It’s also close to home, and the community here is very supportive. I wanted to build something real in a place that’s full of opportunity," he said.

Ethical hacking, often misunderstood, is a legal and responsible way to uncover security flaws in computer systems before malicious hackers can exploit them. "Ethical hacking is using hacker skills to help companies stay secure. I’ve been doing this since my early teenage years. I find the vulnerabilities before the bad guys do," he told The Peninsula.

“Right now, I’m working on building a cybersecurity company in Malaysia. I’m helping businesses stay safe, mentoring young hackers, and continuing to hunt for bugs." Image: Md Shariar Shanaz Shuvon on Instagram

Shuvon’s accomplishments didn’t stop with NASA. He also found security flaws in major tech companies like Sony and Meta.  At Sony, he discovered a bug that allowed access to private data, while at Meta, he uncovered a privacy issue that made hidden reactions visible through code tricks. These findings earned him admiration from the global cybersecurity community.

He also achieved the top global rank on TryHackMe, a cybersecurity training platform with over 2 million users. “I mainly focus on two types of bugs: IDOR and information disclosure. These are my specialities,” he said, adding that tools like Burp Suite, Nuclei, and platforms like HackerOne and Bugcrowd are part of his regular toolkit.

Despite his global recognition, Shuvon hasn’t forgotten his roots. He hopes to improve cybersecurity awareness in Bangladesh, a country he feels is still unprepared for digital threats. “Most organisations in Bangladesh don’t take security seriously. There’s no proper bug reporting system. I want to help change that,” he said.

When asked what message he has for Bangladeshi youth in Qatar, Shuvon said: “Don’t wait for permission to chase your passion. Learn skills that no one can take from you. You can change your life with just a laptop and mindset.”

So what’s keeping him busy now, and what’s next? “Right now, I’m working on building a cybersecurity company in Malaysia. I’m helping businesses stay safe, mentoring young hackers, and continuing to hunt for bugs. What’s next? Going global!”