We’re a boutique security firm with an academic bent but grounded in reality.

We focus on:

  1. Building tools to help security professionals and AppSec teams be more efficient and effective.
  2. Security research, with a focus on automated bug finding and security automation (DevSecOps).
  3. Summarizing and distilling great security research from others.

Our Research

We’ve given talks, moderated panels, and delivered training at conferences all over the world, ranging from BlackHat USA to AppSec USA, AppSec EU, and more.

To date, we’ve:

  • Given over ten talks at conferences in the US, Europe, India, and Asia.
  • Moderated three panels focusing on security automation, with senior security leaders from companies like Apple, Dropbox, Netflix, Slack, Datadog, Snap, DocuSign, Signal Sciences, and more.
  • Had over five papers accepted into peer-reviewed academic conferences.
  • Delivered trainings on penetration testing and lightweight static analysis.

The best place to start is on our Start Here page.

For links to all of our slides, talk recordings, papers, and source code, see our research.

See our blog for more content.

Contact Us

We’d love to hear from you, please reach out!

Keep in Touch

We write about:

  • Application security, scaling security and DevSecOps.
  • Automated bug finding (static and dynamic analysis, fuzzing, etc.)
  • Summaries of current security research, from industry and academic conferences.
  • Evaluating open source and commercial security tools - tips and tricks on using them, how they work, and potential gotchas.
  • How to build your own custom security tools.

Enter your email below and we’ll let you know when we publish something new.

You can read our prior newsletters here.