"Doyensec Research" as an overlay of hands typing at keyboard with sparks flying from the monitor in front of it.
In our Adrian Denkiewicz's latest post, see how combining AFL++ with GPT-5 Codex sped up triaging the results from fuzzing NASA’s CFITSIO library and uncovered numerous vulnerabilities.
blog.doyensec.com/2026/04/20/c...
#doyensec #appsec #security #fuzzing
Please join us in welcoming **Matei Buzdea** as the newest intern at Doyensec! 🎉 They’re the latest in a long line of talented interns who’ve helped strengthen our team and we’re excited to see what they’ll accomplish. Welcome aboard, Matei! 🔐
#doyensec #appsec #security #internship
The Doyensec logo with the DefCon Singapore logo overlayed on top of it.
🚨 Breaking Secure-Looking Cloud Architectures
At #defcon Singapore Demo Labs, we'll show real cloud security bugs involving AWS Cognito multi-SSO user pools & ELB routing paths.
Including:
• Malicious OIDC Server
• ELBaph (AWS ELB testing utility)
🔗 defcon.org/html/defcon-...
#appsec #doyensec
📢 #Doyensec is sponsoring DEV World! We'll be at our booth discussing security research & how to "Build with Security" directly with the #dev community.
Stop by - we'd love to chat!
🗓 May 7–8 | 📍 Amsterdam, Netherlands 🇳🇱
devworldconference.com
#DevWorld #AppSec
Did you know you can use #InQL to recreate #GraphQL schema even when the introspection query is disabled? Our Schema Bruteforcer ensures "hidden" doesn't actually mean "off-limits".
Find out more at:
blog.doyensec.com/2025/12/02/i...
github.com/doyensec/inql
#doyensec #appsec #security
AuthN/Z is always a #security minefield & MCP adds even more complexity with agents, remote servers, and transitive trust.
This Teleport-sponsored deep dive breaks down attack vectors & why each authN/Z step is a potential trust boundary.
🔗 blog.doyensec.com/2026/03/05/m...
#doyensec #appsec #ai
Spacestation on a planet as the cover of Paged Out
Check out the latest edition of @pagedout.bsky.social featuring Doyensec's own Bartłomiej (Bartek) Górkiewicz vibing on Reversing Python Bytecode, along with plenty of great articles!
pagedout.institute/download/Pag...
#appsec #doyensec #security #reversing #pagedout
Testing APIs? Stop guessing what's running under the hood. Use InQL's Engine Fingerprinter in Burp to identify the #GraphQL stack in seconds and save yourself the trial and error.
blog.doyensec.com/2025/12/02/i...
github.com/doyensec/inql
#doyensec #appsec #inql #security #bugbountytips
Hands typing on keyboard with sparks coming out of the monitor
Introducing SafeUpdater by Michael Pastor - A security-first update framework for Electron apps, built around explicit threat models, integrity and authenticity guarantees, and real attack mitigations. Check it out today!
blog.doyensec.com/2026/02/16/e...
#AppSec #Electron #doyensec #security
If you missed our Szymon Drosdzol's presentation on "API Authorization Antipatterns" at CONFidence (@confidenceconf), or just want to see it again, it's your lucky day! The video is now available here: www.youtube.com/watch?v=Jje2.... Hope you enjoy it!
#appsec #doyensec #security
Humans vs. AI? We put them to the test in our new post! We went head-to-head with AI tools to see who would win? Check it out today to see the results!
blog.doyensec.com/2026/02/03/o...
#appsec #doyensec #outline #ai
Set your #xss hunting 🎯 on easy mode! In the latest edition of our Eval Villain video series, Dennis Goodlett demonstrates the time-saving power of the "needles" feature.
youtu.be/LI9QOuQDduE
#appsec #doyensec #bugbountytips #security
🥳Doyensec is proud to announce our sponsorship of the UC Davis Cyber Security Club!💻🔐
We're committed to supporting the next generation of #cybersecurity talent 📚🧗
daviscybersec.org/sponsors/
#appsec #doyensec #infosec #ucdavis
In our latest blog post, Szymon Drosdzol provides an in-depth walkthrough of using the #frida toolkit to demonstrate the right way to intercept OkHTTP traffic. This is essential knowledge for #android security research!
Check it out: blog.doyensec.com/2026/01/22/f...
#appsec #doyensec #security
🎉 We'd like to welcome our newest intern (and second Luca), Luca Molteni! We're confident he'll be the next amazing engineer to emerge from our proven internship program. 🚀
#appsec #doyensec #security #internship
📢Just published - the third video in our series on Eval Villain. Our Dennis Goodlett walks through using it to find 🔎 a DOM XSS to demonstrate its functionality. Check it out today!
youtu.be/Hp7TexA6vFg
#appsec #doyensec #security #evalvillain #xss
In the second post on Eval Villain, @bemodtwz walks through the quick & easy setup and its configuration. Check it out & start finding those client-side vulnerabilities today!
youtu.be/-hIA5uLNFck
Download: github.com/swoops/eval_...
#appsec #doyensec #security
Happy New Year from the #Doyensec team!
🥂🤖 A toast to 9 years of #Doyensec!
Nine years of pushing application security forward, breaking things so others don’t, & helping teams build with security from day one. 🍸
Cheers to the bugs we’ve found, the apps we’ve strengthened, & the many secure years still to come. 🎉
Happy Holidays everyone!☃️ We’re taking a break next week for our annual shutdown to celebrate another successful year and give our team time to recharge. 🙌
#doyensec #appsec #security
We’re excited to share the first video in our Eval Villain series from our Dennis Goodlett.
This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.
youtu.be/2dUoOyYKkzU
#doyensec #appsec #security #evalvillain #xss
If you're interested in contributing to this awesome #FOSS security project for #graphql, we're rewarding contributions!
You can learn about the latest release here: blog.doyensec.com/2025/12/02/i... and check out the project here: github.com/doyensec/inql
#doyensec #security #opensource
🚀 inQL v6.0.1 is out!
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements
Details: blog.doyensec.com/2025/12/02/i...
#doyensec #graphql #appsec #security
We’re proud that #Doyensec was selected to help secure the IETF — and to share the first batch of vulnerabilities we uncovered. Read more in the newly published advisories 👇
github.com/ietf-tools/x...
github.com/ietf-tools/x...
#appsec #security
We’re super excited to welcome Yassine Bengana to the Doyensec team! 🎉
He’s bringing serious AppSec skills and great vibes — can’t wait to see the cool stuff we’ll break (and build) together 🔥
#AppSec #infosec #Doyensec
The #Doyensec team is back from another great retreat! This time we toured Ireland 🇮🇪 and even met a working 🐑 sheep dog ! What a great chance for our remote team to connect IRL! Also, a big thank you 🙏 to our tour guide Antonio!
#security #appsec #remote
Going to be near Dublin this Wednesday (10/22)? come join #Doyensec for an evening of drinks ( 🍻/☕ ), networking, and great conversations about all things #appsec & #cybersecurity.
RSVP here: docs.google.com/forms/d/1fa4...
#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security
🚨 Just released - details on a serious vulnerability from our Leonardo Giovannini's research! An Information Disclosure allowing a remote attacker to identify security tokens/credentials when #squid is used for load balancing.🚨
#doyensec #appsec #security #vulnerability
github.com/squid-cache/...
If you want, you can also RSVP via email at dublin@doyensec.com
People chatting about appsec over drinks
Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!
RSVP here: docs.google.com/forms/d/1fa4...
cc: @bsidesdublin.bsky.social
