Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk.
| Website | https://doyensec.com |
| Blog | https://blog.doyensec.com |
| Careers | https://www.careers-page.com/doyensec-llc |
📢 #Doyensec is sponsoring Dev World! We'll be at our booth discussing security research & how to "Build with Security" directly with the #dev community.
Stop by - we'd love to chat!
🗓 May 7–8 | 📍 Amsterdam, Netherlands🇳🇱
Did you know you can use #InQL to recreate #GraphQL schema even when the introspection query is disabled? Our Schema Bruteforcer ensures "hidden" doesn't actually mean "off-limits".
Find out more at:
https://blog.doyensec.com/2025/12/02/inql-v610.html
https://github.com/doyensec/inql
AuthN/Z is always a #security minefield & MCP adds even more complexity with agents, remote servers, and transitive trust.
This Teleport-sponsored deep dive breaks down attack vectors & why each auth step is a potential trust boundary.
Check out the latest edition of @PagedOut featuring Doyensec's own Bartłomiej (Bartek) Górkiewicz vibing on Reversing Python Bytecode, along with plenty of other great articles!
Testing APIs? Stop guessing what's running under the hood. Use InQL's Engine Fingerprinter in Burp to identify the #GraphQL stack in seconds and save yourself the trial and error.
https://blog.doyensec.com/2025/12/02/inql-v610.html
https://github.com/doyensec/inql
Introducing SafeUpdater by Michael Pastor - A security-first update framework for Electron apps, built around explicit threat models, integrity and authenticity guarantees, and real attack mitigations. Check it out today!
https://blog.doyensec.com/2026/02/16/electron-safe-updater.html
If you missed our Szymon Drosdzol's presentation on "API Authorization Antipatterns" at CONFidence (@confidenceconf), or just want to see it again, it's your lucky day! The video is now available here: https://www.youtube.com/watch?v=Jje2MmHTGYs.
Hope you enjoy it!
Humans vs. AI? We put them to the test in our new post! We went head-to-head with AI tools to see who would win? Check it out today to see the results!
https://blog.doyensec.com/2026/02/03/outline-audit-q32025.html
🎯 Make XSS hunting easier and faster
In the latest video in our Eval Villain series, @bemodtwz demonstrates how the “needles” feature can dramatically speed up your search for DOM-based XSS and other injection points.
If you’re doing client-side security testing, this is a great example of how the right tooling can remove friction and help you focus on what matters: finding real vulnerabilities.
👉 Watch here: https://youtu.be/LI9QOuQDduE
🥳Doyensec is proud to announce our sponsorship of the UC Davis Cyber Security Club! 💻🔐
We're committed to supporting the next generation of #cybersecurity talent 📚🧗
Doyensec
