QueDev Security
Automated vulnerability discovery, backed by expert review.
Security assessments built for real impact
We focus on practical exploitability, clear prioritization, and fixes that fit real engineering constraints. Engagements are scoped to outcomes, not page counts.
Our assessments start with a clear model of your system: where data flows, which services are exposed, and what trust boundaries exist. From there we validate reachability and impact so your team spends time on fixes that actually reduce risk. We work alongside engineering and keep communication direct, pragmatic, and respectful of delivery timelines.
What teams typically receive:
- An attack surface map and test plan aligned to release goals.
- Validated findings with exploit context, screenshots, and clear severity.
- Prioritized remediation guidance plus retest criteria to close issues.
Research
Selected CVEs we discovered
A small sample of published vulnerabilities tied to our research.
CVE-2020-3460
Cisco DCNM XSS via HTTP header injection
Unauthenticated cross-site scripting through a crafted header in intercepted requests.
CVE-2020-3461
Cisco DCNM information disclosure
Missing authentication allowed access to confidential information via crafted requests.
CVE-2020-3462
Cisco DCNM SQL injection
Authenticated SQL injection enabled database data access or modification.
CVE-2018-19859
OpenRefine ZIP directory traversal
Relative path traversal in ZIP handling before 3.2 beta.
