After several years of experience in big tech companies and startups, we understand the need for security automation to improve efficacy and efficiency during SDLC activities. Our exposure to real-life solutions deployed by organizations to solve complex security problems taught us how to design and implement robust security mechanisms.

    Doyensec has the right combination of skillsets to design, develop, tune and deploy security tools and prototypes. We are uniquely equipped to recommend opportunities for security improvement and then help to implement those controls.

    Security automation is the capability to apply security solutions that scale at the speed of the business. We're an offensive security firm working with the frame of reference of a blue team. When we discover a vulnerability we don't stop there, but instead automate the process to improve coverage and efficiency. Whether bugs are sparse or dense, we leverage tools like R2C’s semgrep to discover security anti-patterns across codebases.

    We've created fuzzers for esoteric protocols and file formats, built tools to scan the Internet for vulnerabilities and developed swiss-army-knife Burp Suite plugins. Doyensec develops and maintains widely-used open source tools such as InQL, Electronegativity and VMware’s Burp-Rest-API. We’re also the creator of ElectroNG, the only commercial scanner for ElectronJs. We advocate craftsmanship in what we build and are capable of providing ready to use solutions for security testing and automation.


    Implementing resilient security solutions requires a combination of software engineering skills with an offensive security mindset. At Doyensec, we take pride in building software just as much as we enjoy breaking it.

    Software prototyping projects are handled with a high degree of customization to provide a unique solution, and suit the customer's specific needs. We're a research-driven application security consultancy that builds tailored solutions on multiple platforms through multiple languages.

    We have developed patches for software products, and security libraries to defend against common web attacks and have created proof-of-concept code to demonstrate innovative defensive techniques.

Security Tools Development

  • Design and Deployment of Proprietary / OSS Security Testing Tools
  • Custom Development of Security Testing Tools
  • Grammar-based Fuzzers
  • Mutation-based Fuzzers
  • Instrumentation with Popular Fuzzers (e.g., libfuzzer, AFL)
  • Integration with Google’s oss-fuzz
  • Development of Burp Suite Extensions
  • Development of R2C Semgrep Rules
  • Scanning and Fuzzing Infrastructures

Software Prototyping

  • Security Patches
  • Validation Libraries (e.g., against Deserialization, SSRF Vulnerabilities)

CI/CD Security Integrations

  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)

our research articles

Research is one of our founding principles and we invest in it heavily. All of our researchers have the privilege to use %25 of their time exclusively for self-directed research.

show more publications