---

---

Lütfü Mert Ceylan is a 19-years-old security researcher, especially specializes in the Web Application area of Cybersecurity. He is an OWASP Project Leader and leader of the OWASP Top 25 Parameters project. He is also the OWASP Poland Chapter Board Member and the founder of the disbanded TR Bug Hunters that lasted until 2023, Turkey's active security researcher & bug hunter community. Last year, he was also a speaker at the OWASP Washington D.C Global AppSec 2023 conference, where he discussed this project. Additionally, this year, he had the opportunity to speak on the same topic at Hacktrick 2024, Turkey's largest cybersecurity conference, held in his home country.

He is specifically focused about Server-Side and Client-Side attacks. He is actively involved in the bug bounty area and he has helped detect and exploit over 500 security vulnerabilities across 75+ web applications for companies such as Apple, Oracle, Adobe, NASA, Mozilla, United Nations, European Union and 30+ more prestigious companies and organizations, then included their Hall of Fame. Also in the area of cybersecurity, he actively writes articles and writes complex code snippets with Javascript, such as creating XSS payloads with cuneiform. He has a news article in the Portswigger about the CVE record CVE-2020-8512 of a vulnerability he discovered when he was 16, which affected 20% of the target systems. He studies in the Cybersecurity, Computer Science (Informatics), B.Sc program at the University of Economics and Human Sciences in Warsaw and, therefore, he lives in Warsaw, Poland but in his homeland during the remaining period of his education he lives in Bursa, Turkey.