Doyensec

Spacestation on a planet as the cover of Paged Out

Check out the latest edition of @pagedout.bsky.social featuring Doyensec's own Bartłomiej (Bartek) Górkiewicz vibing on Reversing Python Bytecode, along with plenty of great articles!

pagedout.institute/download/Pag...
#appsec #doyensec #security #reversing #pagedout

Testing APIs? Stop guessing what's running under the hood. Use InQL's Engine Fingerprinter in Burp to identify the #GraphQL stack in seconds and save yourself the trial and error.

blog.doyensec.com/2025/12/02/i...
github.com/doyensec/inql

#doyensec #appsec #inql #security #bugbountytips

Hands typing on keyboard with sparks coming out of the monitor

Introducing SafeUpdater by Michael Pastor - A security-first update framework for Electron apps, built around explicit threat models, integrity and authenticity guarantees, and real attack mitigations. Check it out today!

blog.doyensec.com/2026/02/16/e...

#AppSec #Electron #doyensec #security

YouTube video by PROIDEA Events CONFidence 2025: Szymon Drosdzol - API Authorization Antipatterns

If you missed our Szymon Drosdzol's presentation on "API Authorization Antipatterns" at CONFidence (@confidenceconf), or just want to see it again, it's your lucky day! The video is now available here: www.youtube.com/watch?v=Jje2.... Hope you enjoy it!

#appsec #doyensec #security

Humans vs. AI? We put them to the test in our new post! We went head-to-head with AI tools to see who would win? Check it out today to see the results!

blog.doyensec.com/2026/02/03/o...

#appsec #doyensec #outline #ai

Set your #xss hunting 🎯 on easy mode! In the latest edition of our Eval Villain video series, Dennis Goodlett demonstrates the time-saving power of the "needles" feature.

youtu.be/LI9QOuQDduE

#appsec #doyensec #bugbountytips #security

Sponsors

🥳Doyensec is proud to announce our sponsorship of the UC Davis Cyber Security Club!💻🔐

We're committed to supporting the next generation of #cybersecurity talent 📚🧗

daviscybersec.org/sponsors/

#appsec #doyensec #infosec #ucdavis

In our latest blog post, Szymon Drosdzol provides an in-depth walkthrough of using the #frida toolkit to demonstrate the right way to intercept OkHTTP traffic. This is essential knowledge for #android security research!

Check it out: blog.doyensec.com/2026/01/22/f...

#appsec #doyensec #security

🎉 We'd like to welcome our newest intern (and second Luca), Luca Molteni! We're confident he'll be the next amazing engineer to emerge from our proven internship program. 🚀

#appsec #doyensec #security #internship

📢Just published - the third video in our series on Eval Villain. Our Dennis Goodlett walks through using it to find 🔎 a DOM XSS to demonstrate its functionality. Check it out today!
youtu.be/Hp7TexA6vFg

#appsec #doyensec #security #evalvillain #xss

In the second post on Eval Villain, @bemodtwz walks through the quick & easy setup and its configuration. Check it out & start finding those client-side vulnerabilities today!

youtu.be/-hIA5uLNFck

Download: github.com/swoops/eval_...

#appsec #doyensec #security

Happy New Year from the #Doyensec team!

🥂🤖 A toast to 9 years of #Doyensec!

Nine years of pushing application security forward, breaking things so others don’t, & helping teams build with security from day one. 🍸

Cheers to the bugs we’ve found, the apps we’ve strengthened, & the many secure years still to come. 🎉

Happy Holidays everyone!☃️ We’re taking a break next week for our annual shutdown to celebrate another successful year and give our team time to recharge. 🙌
#doyensec #appsec #security

YouTube video by Doyensec Introducing Eval Villain

We’re excited to share the first video in our Eval Villain series from our Dennis Goodlett.

This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns.

youtu.be/2dUoOyYKkzU

#doyensec #appsec #security #evalvillain #xss

If you're interested in contributing to this awesome #FOSS security project for #graphql, we're rewarding contributions!

You can learn about the latest release here: blog.doyensec.com/2025/12/02/i... and check out the project here: github.com/doyensec/inql

#doyensec #security #opensource

🚀 inQL v6.0.1 is out!
Our GraphQL security tool got big upgrades.⚡
• Schema Brute-Forcer
• Server Engine Fingerprinting
• Automatic Variable Generation
• Performance boosts & other improvements

Details: blog.doyensec.com/2025/12/02/i...

#doyensec #graphql #appsec #security

We’re proud that #Doyensec was selected to help secure the IETF — and to share the first batch of vulnerabilities we uncovered. Read more in the newly published advisories 👇

github.com/ietf-tools/x...
github.com/ietf-tools/x...

#appsec #security

We’re super excited to welcome Yassine Bengana to the Doyensec team! 🎉

He’s bringing serious AppSec skills and great vibes — can’t wait to see the cool stuff we’ll break (and build) together 🔥

#AppSec #infosec #Doyensec

The #Doyensec team is back from another great retreat! This time we toured Ireland 🇮🇪 and even met a working 🐑 sheep dog ! What a great chance for our remote team to connect IRL! Also, a big thank you 🙏 to our tour guide Antonio!
#security #appsec #remote

Going to be near Dublin this Wednesday (10/22)? come join #Doyensec for an evening of drinks ( 🍻/☕ ), networking, and great conversations about all things #appsec & #cybersecurity.

RSVP here: docs.google.com/forms/d/1fa4...

#Infosec #Pwn2Own #BSidesDublin #OWASPIreland #security

SQUID-2025:2 Information Disclosure in Error handling Due to a failure to redact HTTP Authentication credentials Squid is vulnerable to an Information Disclosure attack. __________________________________________________________________ ###...

🚨 Just released - details on a serious vulnerability from our Leonardo Giovannini's research! An Information Disclosure allowing a remote attacker to identify security tokens/credentials when #squid is used for load balancing.🚨

#doyensec #appsec #security #vulnerability

github.com/squid-cache/...

If you want, you can also RSVP via email at dublin@doyensec.com

People chatting about appsec over drinks

Live in or passing through #Dublin enroute to #pwn2own ? If you're in #appsec join #doyensec to talk #security over drinks (🍺 or ☕️) Oct. 22nd! Want to talk about our job openings or upcoming projects, that's great too!

RSVP here: docs.google.com/forms/d/1fa4...

cc: @bsidesdublin.bsky.social

In our final ksmbd research post @73696e65.bsky.social provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out!

blog.doyensec.com/2025/10/08/k...

#doyensec #appsec #security

Paged Out! Deeply technical zine. And it's free.

🧞Your wish has been granted - the latest @pagedout.bsky.social edition is out! In it, our Szymon Drosdzol takes a quick look at #vibecoding, walking through the creation of an AI agent 🤖. Check it out today!

#doyensec #appsec #ai #Security

pagedout.institute

📢 Our latest blog post shows why VBScript’s Randomize + Rnd are terrible for cryptographic token generation. See how attackers can easily recover seeds and secrets.
🔗 blog.doyensec.com/2025/09/25/y...

#doyensec #appsec #security #crypto

Incomplete fix for GHSA-p46v-f2x8-qp98 · Issue #937 · prest/prest This is a followup on GHSA-p46v-f2x8-qp98. I spent some time looking into the mitigations introduced. While some of them perform adequate validation of user-controlled input, there are instances wh...

🚨Security Advisory🚨

Systemic SQL Injection vulnerability in pREST.

Details from our Viktor Chuchurski's bypassing the initial fix were also published:
github.com/prest/prest/...

#Doyensec #AppSec #Security #PostgreSQL #SQLInjection

Systemic SQL Injection # Summary pREST provides a simple way for users to expose access their database via a REST-full API. The project is implemented using the Go programming language and is designed to expose access t...

🚨Security Advisory🚨

Systemic SQL Injection vulnerability in pREST!

Initial report details published: github.com/prest/prest/...

#Doyensec #AppSec #Security #PostgreSQL #SQLInjection

We'd like to welcome our newest addition Marcelino "Marce" Siles Rubia! Another success story from our #internship program! The future of #appsec is looking bright 😎 at #doyensec !