I often explain cybersecurity as a stack of three layers — each one relying on the one below: - Business security - Infrastructure security - Software security At Codean Labs, we focus on the foundation: software security. Because every business process, every piece of infrastructure, it all runs on code. And if that code isn't secure, you're building on quicksand! Our mission is simple: make the world more #secure which starts by fixing #vulnerabilities at the source. Are you writing software? Let’s talk, and see how we can make your product, and the world, safer. Schedule a meeting with me at https://lnkd.in/eiEu6ZTj
Codean Labs
Computer and Network Security
Utrecht, Utrecht 179 followers
Codean Labs ethical hackers evaluate the security of your solution and guide you towards vulnerability remediation.
About us
Codean Labs ethical hackers evaluate the security of your solution and guide you towards vulnerability remediation, from design to production and beyond. Codean Labs is an innovator in the cybersecurity sector, with a team that combines several years of hacking background and extensive industry experience.
- Website
-
https://codeanlabs.com
External link for Codean Labs
- Industry
- Computer and Network Security
- Company size
- 2-10 employees
- Headquarters
- Utrecht, Utrecht
- Type
- Privately Held
- Specialties
- Application pentesting, Whitebox cryptography (WBC) implementations, Cryptographic protocols and architectures, Web applications, Mobile applications, Cloud solutions, Infrastructure-as-Code (IaC), PCI DSS security testing, Full modern software solutions, Embedded and IoT devices, firmware, and hardware, and Desktop applications
Locations
-
Primary
Get directions
Winthontlaan 200
Utrecht, Utrecht 3526 KV, NL
Employees at Codean Labs
Updates
-
Two of our Codean Labs colleagues evaluated OpenPGP.js and identified a signature spoofing vulnerability. Writeup includes a #PoC where we demonstrate the #vulnerability by spoofing a message by the Dutch government's Cyber Security Center!
-
At Codean Labs we often find these kind of #vulnerabilities. Hard to find, but critical impact!
#TBT to 2018 I analyzed the security of an IoT thermostat and found that it punctured a hole in my home network security. Even though it is seven years later, the main finding is as relevant as ever: "If not analyzed from a #security perspective, bonafide features can introduce critical logical security #vulnerabilities." If you're building #SaaS or #software, and want peace of mind that your architecture doesn't hide critical logical vulnerabilities — let’s talk. Book a short strategy session: https://lnkd.in/e4iYnF5P Or check out the full analysis from 2018 here: https://lnkd.in/eangNnJ4
-
It's been four years already! Here’s to four more years of making the world more secure!
Today marks exactly four years since Codean — and in many ways, Codean Labs — officially came to life. Since then, we’ve done a lot: Built. Broken. Hired. Fired. Pivoted. Analyzed. Developed. Learned. And, most importantly, helped make a whole lot of software more secure. This is a very old picture of the original vision for the Codean platform. So much has changed — but the core ideas still holds strong. Here’s to four more years to make the world more #secure!
-
-
At Codean Labs, our mission is to make the world more #secure — and what better way than to secure fundamental open source projects? We identified #CVE-2025-47934, a critical #vulnerability in OpenPGP.js, which can be exploited to spoof signature verification. The advisory is out at https://lnkd.in/eWiUcqZg. More technical details will follow later.
-
Another CVE for the library!
Edoardo Geraci together with Aleandro Prudenzano (from Doyensec) identified #CVE-2025-32464 in #HAProxy which allows an attacker to perform a #DoS attack that crashes the whole HAProxy worker pool if you are using a regsub converter. Patch your HAProxy to version >=3.1.7 or enterprise version 3.1r1 (1.0.0-347.338)! For the technical details have a read on Codean Labs blog https://lnkd.in/eTtYRDZT Big thanks to Doyensec and Aleandro Prudenzano for the collaboration and coordination of the responsible disclosure.