Our newest #oss project, from Maxence SCHMITT -CSPTPlayground (github.com/doyensec/CSPTP…) helps you learn how to find and exploit various client-side path traversal vulnerabilities. Level up and check it out today! #doyensec #appsec #CSPT #security

Calling all security-minded #opensource coders! We're offering rewards 🎁 for meaningful contributions to #inql our #Burpsuite extension for #graphql security! DM us for details and let us know your background/interest level. #doyensec #oss #security github.com/doyensec/inql

📢Attention #appsec people! Our latest #burpsuite extension, Prototype Pollution Gadgets Finder (by RoloMijan) is available in the BApp Store. Install today to find & exploit server-side prototype pollution vulns! #doyensec #bugbountytips #ctf #security portswigger.net/bappstore/fcbc…

In the latest Doyensec research, our Norbert Szetei (73696e65) takes a closer look at the SMB3 Kernel Server (ksmbd) component of the Linux kernel. Check it out today & learn what he found, which led to multiple CVEs! #Doyensec #Appsec #Security #Linux blog.doyensec.com/2025/01/07/ksm…

Krzysztof K. 🇺🇦 Widziałem podgląd wyników z cache. Google Dorks wystawiające PHPMyAdminy bez uwierzytelniania. Statki szturmowe w ogniu sunące nieopodal Pasu Oriona. Wszystkie te chwile przeminą w czasie jak łzy w deszczu.

OAuth vulnerabilities are everywhere—some attacks even resurface every few years due to its complexity. To help, eljoselillo7 and I created a guide on OAuth flows & attacks + a cheat sheet to verify your implementation. Check it out! #OAuth #CyberSecurity #AppSec

After many late nights and busted apps as security consultant at Doyensec , I trained my spidey senses 🕷️ to detect when an API code is practically begging for an auth vulns. Join me at #CONFidence2025 for common pitfalls, and tips for writing secure authz from the start.

🚨Just posted🚨: Learn about real-world API authorization vulnerabilities we frequently see with the slides from Szymon Drosdzol's recent presentation at confidenceconf in Krakow. doyensec.com/resources/CONF… #doyensec #appsec #security

🚨Security Advisories🚨: multiple vulnerabilities in Retool (Retool), including host header injection and CSRF - discovered by Doyensec and the Robinhood (Robinhood) Red team! docs.retool.com/disclosures/cv… docs.retool.com/disclosures/cv… #doyensec #appsec #security #retool #robinhood

🚨Security Advisory🚨 Systemic SQL Injection vulnerability in pREST! Initial report details published: github.com/prest/prest/se… #Doyensec #AppSec #Security #PostgreSQL #SQLInjection

🧞Your wish has been granted - the latest PagedOut edition is out! In it, our Szymon Drosdzol takes a quick look at #vibecoding, walking through the creation of an AI agent🤖. Check it out today! #doyensec #appsec #ai #Security pagedout.institute