Doyensec
@doyensec.bsky.social
Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk.
If you missed our Szymon Drosdzol's presentation on "API Authorization Antipatterns" at CONFidence (@confidenceconf), or just want to see it again, it's your lucky day! The video is now available here: www.youtube.com/watch?v=Jje2.... Hope you enjoy it!
#appsec #doyensec #security
#appsec #doyensec #security
CONFidence 2025: Szymon Drosdzol - API Authorization Antipatterns
YouTube video by PROIDEA Events
www.youtube.com
February 5, 2026 at 8:16 PM
If you missed our Szymon Drosdzol's presentation on "API Authorization Antipatterns" at CONFidence (@confidenceconf), or just want to see it again, it's your lucky day! The video is now available here: www.youtube.com/watch?v=Jje2.... Hope you enjoy it!
#appsec #doyensec #security
#appsec #doyensec #security
Humans vs. AI? We put them to the test in our new post! We went head-to-head with AI tools to see who would win? Check it out today to see the results!
blog.doyensec.com/2026/02/03/o...
#appsec #doyensec #outline #ai
blog.doyensec.com/2026/02/03/o...
#appsec #doyensec #outline #ai
Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms · Doyensec's Blog
Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms
blog.doyensec.com
February 3, 2026 at 5:37 PM
Humans vs. AI? We put them to the test in our new post! We went head-to-head with AI tools to see who would win? Check it out today to see the results!
blog.doyensec.com/2026/02/03/o...
#appsec #doyensec #outline #ai
blog.doyensec.com/2026/02/03/o...
#appsec #doyensec #outline #ai
Set your #xss hunting 🎯 on easy mode! In the latest edition of our Eval Villain video series, Dennis Goodlett demonstrates the time-saving power of the "needles" feature.
youtu.be/LI9QOuQDduE
#appsec #doyensec #bugbountytips #security
youtu.be/LI9QOuQDduE
#appsec #doyensec #bugbountytips #security
January 29, 2026 at 4:27 PM
Set your #xss hunting 🎯 on easy mode! In the latest edition of our Eval Villain video series, Dennis Goodlett demonstrates the time-saving power of the "needles" feature.
youtu.be/LI9QOuQDduE
#appsec #doyensec #bugbountytips #security
youtu.be/LI9QOuQDduE
#appsec #doyensec #bugbountytips #security
🥳Doyensec is proud to announce our sponsorship of the UC Davis Cyber Security Club!💻🔐
We're committed to supporting the next generation of #cybersecurity talent 📚🧗
daviscybersec.org/sponsors/
#appsec #doyensec #infosec #ucdavis
We're committed to supporting the next generation of #cybersecurity talent 📚🧗
daviscybersec.org/sponsors/
#appsec #doyensec #infosec #ucdavis
Sponsors
daviscybersec.org
January 27, 2026 at 5:48 PM
🥳Doyensec is proud to announce our sponsorship of the UC Davis Cyber Security Club!💻🔐
We're committed to supporting the next generation of #cybersecurity talent 📚🧗
daviscybersec.org/sponsors/
#appsec #doyensec #infosec #ucdavis
We're committed to supporting the next generation of #cybersecurity talent 📚🧗
daviscybersec.org/sponsors/
#appsec #doyensec #infosec #ucdavis
In our latest blog post, Szymon Drosdzol provides an in-depth walkthrough of using the #frida toolkit to demonstrate the right way to intercept OkHTTP traffic. This is essential knowledge for #android security research!
Check it out: blog.doyensec.com/2026/01/22/f...
#appsec #doyensec #security
Check it out: blog.doyensec.com/2026/01/22/f...
#appsec #doyensec #security
January 23, 2026 at 2:09 AM
🎉 We'd like to welcome our newest intern (and second Luca), Luca Molteni! We're confident he'll be the next amazing engineer to emerge from our proven internship program. 🚀
#appsec #doyensec #security #internship
#appsec #doyensec #security #internship
January 19, 2026 at 4:30 PM
🎉 We'd like to welcome our newest intern (and second Luca), Luca Molteni! We're confident he'll be the next amazing engineer to emerge from our proven internship program. 🚀
#appsec #doyensec #security #internship
#appsec #doyensec #security #internship
📢Just published - the third video in our series on Eval Villain. Our Dennis Goodlett walks through using it to find 🔎 a DOM XSS to demonstrate its functionality. Check it out today!
youtu.be/Hp7TexA6vFg
#appsec #doyensec #security #evalvillain #xss
youtu.be/Hp7TexA6vFg
#appsec #doyensec #security #evalvillain #xss
January 15, 2026 at 4:49 PM
📢Just published - the third video in our series on Eval Villain. Our Dennis Goodlett walks through using it to find 🔎 a DOM XSS to demonstrate its functionality. Check it out today!
youtu.be/Hp7TexA6vFg
#appsec #doyensec #security #evalvillain #xss
youtu.be/Hp7TexA6vFg
#appsec #doyensec #security #evalvillain #xss
In the second post on Eval Villain, @bemodtwz walks through the quick & easy setup and its configuration. Check it out & start finding those client-side vulnerabilities today!
youtu.be/-hIA5uLNFck
Download: github.com/swoops/eval_...
#appsec #doyensec #security
youtu.be/-hIA5uLNFck
Download: github.com/swoops/eval_...
#appsec #doyensec #security
January 8, 2026 at 7:49 PM
In the second post on Eval Villain, @bemodtwz walks through the quick & easy setup and its configuration. Check it out & start finding those client-side vulnerabilities today!
youtu.be/-hIA5uLNFck
Download: github.com/swoops/eval_...
#appsec #doyensec #security
youtu.be/-hIA5uLNFck
Download: github.com/swoops/eval_...
#appsec #doyensec #security
🥂🤖 A toast to 9 years of #Doyensec!
Nine years of pushing application security forward, breaking things so others don’t, & helping teams build with security from day one. 🍸
Cheers to the bugs we’ve found, the apps we’ve strengthened, & the many secure years still to come. 🎉
Nine years of pushing application security forward, breaking things so others don’t, & helping teams build with security from day one. 🍸
Cheers to the bugs we’ve found, the apps we’ve strengthened, & the many secure years still to come. 🎉
December 19, 2025 at 3:01 PM
🥂🤖 A toast to 9 years of #Doyensec!
Nine years of pushing application security forward, breaking things so others don’t, & helping teams build with security from day one. 🍸
Cheers to the bugs we’ve found, the apps we’ve strengthened, & the many secure years still to come. 🎉
Nine years of pushing application security forward, breaking things so others don’t, & helping teams build with security from day one. 🍸
Cheers to the bugs we’ve found, the apps we’ve strengthened, & the many secure years still to come. 🎉
We’re excited to share the first video in our Eval Villain series from our Dennis Goodlett.
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
Introducing Eval Villain
YouTube video by Doyensec
youtu.be
December 9, 2025 at 11:54 PM
We’re excited to share the first video in our Eval Villain series from our Dennis Goodlett.
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
🚀 inQL v6.0.1 is out!
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
December 2, 2025 at 6:36 PM
🚀 inQL v6.0.1 is out!
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
We’re proud that #Doyensec was selected to help secure the IETF — and to share the first batch of vulnerabilities we uncovered. Read more in the newly published advisories 👇
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
November 13, 2025 at 7:34 PM
We’re proud that #Doyensec was selected to help secure the IETF — and to share the first batch of vulnerabilities we uncovered. Read more in the newly published advisories 👇
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
Going to be near Dublin this Wednesday (10/22)? come join #Doyensec for an evening of drinks ( 🍻/☕ ), networking, and great conversations about all things #appsec & #cybersecurity.
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
October 20, 2025 at 2:53 PM
Going to be near Dublin this Wednesday (10/22)? come join #Doyensec for an evening of drinks ( 🍻/☕ ), networking, and great conversations about all things #appsec & #cybersecurity.
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
🚨 Just released - details on a serious vulnerability from our Leonardo Giovannini's research! An Information Disclosure allowing a remote attacker to identify security tokens/credentials when #squid is used for load balancing.🚨
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
SQUID-2025:2 Information Disclosure in Error handling
Due to a failure to redact HTTP Authentication credentials
Squid is vulnerable to an Information Disclosure attack.
__________________________________________________________________
###...
github.com
October 17, 2025 at 5:23 PM
🚨 Just released - details on a serious vulnerability from our Leonardo Giovannini's research! An Information Disclosure allowing a remote attacker to identify security tokens/credentials when #squid is used for load balancing.🚨
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
October 14, 2025 at 3:33 PM
Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
In our final ksmbd research post @73696e65.bsky.social provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out!
blog.doyensec.com/2025/10/08/k...
#doyensec #appsec #security
blog.doyensec.com/2025/10/08/k...
#doyensec #appsec #security
October 8, 2025 at 4:26 PM
In our final ksmbd research post @73696e65.bsky.social provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out!
blog.doyensec.com/2025/10/08/k...
#doyensec #appsec #security
blog.doyensec.com/2025/10/08/k...
#doyensec #appsec #security
🧞Your wish has been granted - the latest @pagedout.bsky.social edition is out! In it, our Szymon Drosdzol takes a quick look at #vibecoding, walking through the creation of an AI agent 🤖. Check it out today!
#doyensec #appsec #ai #Security
pagedout.institute
#doyensec #appsec #ai #Security
pagedout.institute
Paged Out!
Deeply technical zine. And it's free.
pagedout.institute
October 6, 2025 at 2:59 PM
🧞Your wish has been granted - the latest @pagedout.bsky.social edition is out! In it, our Szymon Drosdzol takes a quick look at #vibecoding, walking through the creation of an AI agent 🤖. Check it out today!
#doyensec #appsec #ai #Security
pagedout.institute
#doyensec #appsec #ai #Security
pagedout.institute
📢 Our latest blog post shows why VBScript’s Randomize + Rnd are terrible for cryptographic token generation. See how attackers can easily recover seeds and secrets.
🔗 blog.doyensec.com/2025/09/25/y...
#doyensec #appsec #security #crypto
🔗 blog.doyensec.com/2025/09/25/y...
#doyensec #appsec #security #crypto
September 25, 2025 at 4:40 PM
📢 Our latest blog post shows why VBScript’s Randomize + Rnd are terrible for cryptographic token generation. See how attackers can easily recover seeds and secrets.
🔗 blog.doyensec.com/2025/09/25/y...
#doyensec #appsec #security #crypto
🔗 blog.doyensec.com/2025/09/25/y...
#doyensec #appsec #security #crypto
🚨Security Advisory🚨
Systemic SQL Injection vulnerability in pREST!
Initial report details published: github.com/prest/prest/...
#Doyensec #AppSec #Security #PostgreSQL #SQLInjection
Systemic SQL Injection vulnerability in pREST!
Initial report details published: github.com/prest/prest/...
#Doyensec #AppSec #Security #PostgreSQL #SQLInjection
Systemic SQL Injection
# Summary
pREST provides a simple way for users to expose access their database via a REST-full API. The project is implemented using the Go programming language and is designed to expose access t...
github.com
September 19, 2025 at 2:52 PM
🚨Security Advisory🚨
Systemic SQL Injection vulnerability in pREST!
Initial report details published: github.com/prest/prest/...
#Doyensec #AppSec #Security #PostgreSQL #SQLInjection
Systemic SQL Injection vulnerability in pREST!
Initial report details published: github.com/prest/prest/...
#Doyensec #AppSec #Security #PostgreSQL #SQLInjection
We'd like to welcome our newest addition Marcelino "Marce" Siles Rubia! Another success story from our #internship program! The future of #appsec is looking bright 😎 at #doyensec !
September 4, 2025 at 6:53 PM
We'd like to welcome our newest addition Marcelino "Marce" Siles Rubia! Another success story from our #internship program! The future of #appsec is looking bright 😎 at #doyensec !
📢 It's here! Part 2 of Norbert Szetei's (@73696e65.bsky.social) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
September 2, 2025 at 7:59 PM
📢 It's here! Part 2 of Norbert Szetei's (@73696e65.bsky.social) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security