Lê Mỹ Quỳnh has been honoured by the US technology corporation for finding nine holes in its security system. — Photos courtesy of Lê Mỹ Quỳnh

HÀ NỘI — A student in Hà Nội, has been honoured by the US technology corporation Oracle for finding nine holes in its security system.

This year alone, Lê Mỹ Quỳnh, found five vulnerabilities – all rated as serious or extremely serious. The research results have been included in her graduate thesis on deserialisation vulnerabilities in Java language, for which she got the A plus score.

With the GPA of 3.5 out of 4.0 within five years of studying, Quỳnh, 23, has been honoured as the valedictorian of the Academy of Cryptography Techniques in mid-November.

Giving up scholarship

Quỳnh said she decided to pursue technology because she was inspired by her father, who was an alumnus of the Academy of Cryptography Techniques.

“I was exposed to computers quite early when I was just a little girl," she told the online newspaper vietnamnet.vn. 

"I often opened the hardware to see what was inside. When I was older, my dad started to show me how to code. That’s how I’ve got the feeling that I am more suited to engineering.”

Quỳnh said her dream was to get a full scholarship to study technology in Russia. Upon entering the school, she focused on studying.

But when the initial goal was achieved, Quỳnh had second thoughts.

She added: “If I choose to go to Russia, it will take me one or two years to learn the language and complete the entrance exams. Therefore, I decided to stay to get involved in the information security work."

Quỳnh said she had no regrets when decided to give up such a good opportunity.

A year later, Quỳnh started to search for information about competitions related to information security.

Quỳnh challenged herself at Capture the Flag, a popular cybersecurity competition designed to challenge participants to solve computer security problems, and managed to find vulnerabilities, capture and defend the computer systems.  

She also participated in the VNPT Security Marathon and won an internship at VNPT after finishing her second year at university. She was assigned to work at a penetration testing unit, which she found a good opportunity to sharpen her practical experience.

She said: “I found out that finding security holes is the fastest way to access knowledge in the field of information security and safety. This also makes it easier for me to study specialised subjects at school."

Lê Mỹ Quỳnh is honoured as the valedictorian of the Academy of Cryptography Techniques on November 18.

The first security holes

In 2019, Quỳnh and other members were assigned to find vulnerabilities of technology products of the US enterprise, Oracle. She found the first hole after months of research and sent the report for evaluation.

“I screamed with joy when my first hole was recognised. It was an unforgettable feeling. That’s when I realised that passion created results,” she said.

In the next year, Quỳnh managed to find more four vulnerabilities, all appearing on the WebLogic server of Oracle.

"If these vulnerabilities are not quickly detected and patched, it is likely that black hat hackers will penetrate via these holes and cause unpredictable consequences," she said.

By this year, the total number of vulnerabilities has increased to nine, of which six are rated as extremely dangerous. Quỳnh has been honoured many times by Oracle.

Quỳnh has attended security seminars to share her research skills on information security.

She said it took months to research the product as well as discover vulnerabilities. She was quite familiar with working on a computer for more than ten hours a day.

Quỳnh said the issue of gender did not matter in the field of information security and safety.

"I believe that a person only needs perseverance and passion to pursue this field no matter what gender there are.”

Quỳnh said her goal was to become an influential security researcher in the global security field and find more breakthrough vulnerabilities. — VNS