QueDev Security
Code audits, pentests, and reverse engineering — backed by automation.
What we do
We do code audits, pentests, mobile application analysis, and reverse engineering. Every engagement is scoped to real risk — validated findings, clear severity, and remediation you can act on.
We start by understanding your system: what’s exposed, where data flows, and which trust boundaries matter. Then we test what’s actually reachable and exploitable so your team fixes the right things first.
We test what's reachable
No theoretical risk lists. We validate exploitability so you fix what actually matters.
You get fixes, not findings
Every issue comes with root cause, reproduction steps, and remediation that fits your stack.
Tooling over guesswork
We use Joern and targeted dynamic testing to go deeper than scanners, with less noise.
Research
Selected CVEs we discovered
A small sample of published vulnerabilities tied to our research.
CVE-2020-3460
Cisco DCNM XSS via HTTP header injection
Unauthenticated cross-site scripting through a crafted header in intercepted requests.
CVE-2020-3461
Cisco DCNM information disclosure
Missing authentication allowed access to confidential information via crafted requests.
CVE-2020-3462
Cisco DCNM SQL injection
Authenticated SQL injection enabled database data access or modification.
CVE-2018-19859
OpenRefine ZIP directory traversal
Relative path traversal in ZIP handling before 3.2 beta.
