Evan Ricafort

Poblacion, Ipil
Zamboanga Sibugay
7001, Philippines
Work Email: [email protected]
CV: Click Here!


I'm Evan Ricafort, A web application security researcher/bug hunter from the Philippines interested in web application security testing. I was born in the Province of Ipil, Zamboanga Sibugay, Philippines. Studied Computer Networking at Ateneo De Zamboanga University. Currently working as a Security Researcher at Invalid Web Security, A startup cybersecurity firm based in the Philippines. Since early of 2013 I've been an active member of the bug bounty community reporting multiple different kinds of security vulnerabilities on popular websites such as Microsoft, Google, Twitter and etc. Aside from bug bounty, I also work as a Penetration Tester doing Vulnerability Assessment and Penetration Testing (VAPT) for our clients with my team at Invalid Web Security and AegisOne Cyberdefense Corporation. I spend my off-hours playing video games, riding bike and other outdoor activities. Currently looking for infosec job. If you want to hire me or invite me on your bug bounty program, just hit me up through my email or dm me on twitter I'mma try my best to give you quality research.


Technical Skills

Work Experience

Badge & Certificate

News & Press



• 123 Contact Form — http://www.123contactform.com/security-acknowledgements.htm
• 4chan — https://hackerone.com/4chan/thanks
• ActiveCampaign — http://www.activecampaign.com/security/
• Adobe — http://helpx.adobe.com/security/acknowledgements.html (2014)
• Advance Custom Fields (WP Plugin) — https://www.advancedcustomfields.com/contact/
• Aha IO — http://aha.io/legal/security
• Aimlab — https://aimlab.gg/bug-bounty
• Airbnb — https://www.airbnb.com/help/policies/responsible_disclosure#responsible_disclosure_policy
• AndroidFreeApps — http://www.androidfreeapp.net/security-researcher-acknowledgments/ (May 2014)
• Appcelerator — https://www.appcelerator.com/privacy/responsible-disclosure-of-security-vulnerabilities/
• Apple — http://support.apple.com/kb/HT1318 (2014)
• Apptentive — https://www.apptentive.com/contact/
• Appointlet — https://www.appointlet.com/
• Artsy — https://artsy.net/security
• AT&T — https://hackerone.com/att/thanks
• Atlassian — https://bugcrowd.com/atlassian/hall-of-fame
• Attack Secure — http://attack-secure.com/whitehat/
• Audiomack — http://www.audiomack.com/about
• Automattic — https://hackerone.com/automattic/thanks
• AVG Technologies — https://support.avg.com/support_contact_form?l=en_US
• AwardWallet — https://app.cobalt.io/awardwallet/awardwallet/hall-of-fame/all
Read More

Write Ups

To read some of my write ups, just click here!

Free counters!