Please join us in welcoming **Matei Buzdea** as the newest intern at Doyensec! 🎉 They’re the latest in a long line of talented interns who’ve helped strengthen our team and we’re excited to see what they’ll accomplish. Welcome aboard, Matei! 🔐

#appsec #doyensec #security #internship

🚨 Breaking Secure-Looking Cloud Architectures

At #defcon Singapore Demo Labs, we'll show real cloud security bugs involving AWS Cognito multi-SSO user pools & ELB routing paths.

Including:
• Malicious OIDC Server
• ELBaph (AWS ELB testing utility)

🔗 https://defcon.org/html/defcon-singapore/dc-singapore-demolabs.html

#appsec #doyensec

📢 #Doyensec is sponsoring Dev World! We'll be at our booth discussing security research & how to "Build with Security" directly with the #dev community.

Stop by - we'd love to chat!

🗓 May 7–8 | 📍 Amsterdam, Netherlands🇳🇱

https://devworldconference.com/

#DevWorld #AppSec

Did you know you can use #InQL to recreate #GraphQL schema even when the introspection query is disabled? Our Schema Bruteforcer ensures "hidden" doesn't actually mean "off-limits".

Find out more at:
https://blog.doyensec.com/2025/12/02/inql-v610.html
https://github.com/doyensec/inql

#doyensec #appsec #security

AuthN/Z is always a #security minefield & MCP adds even more complexity with agents, remote servers, and transitive trust.

This Teleport-sponsored deep dive breaks down attack vectors & why each auth step is a potential trust boundary.

🔗 https://blog.doyensec.com/2026/03/05/mcp-nightmare.html

#doyensec #appsec #ai

Check out the latest edition of @PagedOut featuring Doyensec's own Bartłomiej (Bartek) Górkiewicz vibing on Reversing Python Bytecode, along with plenty of other great articles!

https://pagedout.institute/download/PagedOut_008.pdf

#appsec #doyensec #security #reversing #pagedout

Testing APIs? Stop guessing what's running under the hood. Use InQL's Engine Fingerprinter in Burp to identify the #GraphQL stack in seconds and save yourself the trial and error.

https://blog.doyensec.com/2025/12/02/inql-v610.html
https://github.com/doyensec/inql

Introducing SafeUpdater by Michael Pastor - A security-first update framework for Electron apps, built around explicit threat models, integrity and authenticity guarantees, and real attack mitigations. Check it out today!

https://blog.doyensec.com/2026/02/16/electron-safe-updater.html

#AppSec #Electron #doyensec #security

If you missed our Szymon Drosdzol's presentation on "API Authorization Antipatterns" at CONFidence (@confidenceconf), or just want to see it again, it's your lucky day! The video is now available here: https://www.youtube.com/watch?v=Jje2MmHTGYs.

Hope you enjoy it!

Humans vs. AI? We put them to the test in our new post! We went head-to-head with AI tools to see who would win? Check it out today to see the results!

https://blog.doyensec.com/2026/02/03/outline-audit-q32025.html

#appsec #doyensec #outline #ai