We have experience auditing virtually any type of platform and codebase, working with vendors, enterprises and startups. Combining various techniques and tools, we discover design flaws and implementation vulnerabilities deep within code. We understand complex systems and have extensive defense expertise, which allows us to provide actionable real-life solutions to mitigate vulnerabilities and reduce the exposure.

Our methodology combines source code review with dynamic testing to deliver effective and efficient security auditing. We strongly encourage our clients to provide source code during security testing activities, however we are nevertheless comfortable with traditional black-box testing.

Web Applications and APIs

Our team has decades of experience in web application security with a proven track record of vulnerabilities discovered across hundreds of products and web frameworks. We have invented new classes of attacks and co-authored the OWASP Testing Guide. We speak Java, Php, Ruby, Python, Node.Js, JavaScript, Scala, .NET, Lua and many other programming languages on the web.

When auditing web applications and APIs, we build a profile of the assets and methodically attack and track each form of input into the application. We detail how users interact with the system and model potential oversights with use and availability. Combining manual testing and custom tooling, we intercept and inspect each request and response between client and endpoint. We find well-known bug classes including Cross-Site Scripting, SQL injection, Cross-Site Request Forgery, Command Execution, Path Traversal and many more. We seek a deeper understanding of the application in order to find unexpected flaws such as business logic bugs or undisclosed vulnerabilities in the application dependencies. Findings are reported and prioritized by severity with clear remediation steps. We will find bugs, but that is just the first step in the process.

Mobile Applications

Over the course of years, we've analyzed countless mobile applications for Android, iOS and Windows Mobile. Our in-depth understanding of mobile operating system internals, together with our expertise on application-specific issues, allow us to properly evaluate risks and provide practical remediations.

Through a comprehensive process based on static analysis, instrumentation, and dynamic testing we study mobile applications from different angles. Starting at the client, we analyze the integration with the operating system to identify improper usage of resources and deviation from consolidated security designs. In this phase, we identify various problems like open permissions, insecure data storage, exposed RPC and IPC capabilities, misuse of platform's security mechanisms, weak cryptographic providers and others. By inspecting and manipulating the network traffic, we can uncover issues pertaining to authentication and authorization, insecure session management and weak transmission protocols. Lastly, we review each server-side API endpoint with a methodology similar to that used for our web application assessments.

Desktop & Server Applications

Doyensec tears apart all manner of thick clients and server daemons written in a diverse set of languages. We hit the ground running analyzing code written in C, C++, C#, Java and other languages. Our familiarity with operating systems (Windows, Mac OS X, Linux) allows us to quickly evaluate the security posture of the application and identify issues caused by interdependent components.

During review of stand-alone applications and network services, we begin by mapping out the attack surface (IPC/RPC mechanisms, sockets, user-supplied input, etc.) to clearly define the threat model. With static analysis techniques and dynamic testing/instrumentation we can understand the inner workings of the application even if custom file formats or protocols are used. We build custom tools to exercise the application behavior with our inputs, which ultimately leads to the discovery of security vulnerabilities. For fuzzing, we use internally-built tools and well-known frameworks to facilitate our audits. Stack and heap overflows, format strings, use-after-free, integer overflows, path traversal, and local privileges escalation bugs are just few examples of the vulnerabilities classes uncovered during these assessments.

US Office
1250 Clay Street, Suite 208
94108 San Francisco - USA

John Villamil
john@doyensec.com

EMEA Office
Ul. Florianska 6, Suite 1B
03-707 Warsaw - Poland

Luca Carettoni
luca@doyensec.com

When working with Doyensec, you will be working directly with its founders. We are the points of contact, the negotiators, the problem solvers, and the hackers.

For proposals or questions: info@doyensec.com or +1 (628) 333 9093