Sergey Toshin

Founder, Head Of Security Research at Oversecured

United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Sergey Toshin is a founder and security researcher with over a decade focused on mobile app security, having topped Google Play and Samsung bug bounty programs and ranked among HackerOne’s top contributors. He founded Oversecured to turn his hands-on bug hunting into an automated scanner that combines SAST and DAST, delivers PoCs, integrates with CI/CD, and achieves <3% false positives across 175+ vulnerability categories. His 1,000+ accepted reports and $1M+ in bounty earnings reflect deep practical knowledge of real-world mobile weaknesses that many teams overlook. Sergey also contributes to open-source tooling—improving the JADX decompiler’s resource and XML handling—illustrating his ability to bridge research, tooling, and product. Trusted by enterprises like TikTok, Google, MercadoLibre and Expedia, he helps security and engineering teams ship faster without sacrificing safety. He pairs relentless offensive research with product-first automation to make mobile apps secure by default.
code9 years of coding experience
job4 years of employment as a software developer
bookPlekhanov Russian University of Economics
bookMoscow State University of Economics, Statistics and Informatics (MESI)
languagesEnglish, Ukrainian, Russian
github-logo-circle

Github Skills (7)

javas10
decompilation10
dex10
resource-management10
android10
xml-parsing10
java10

Programming languages (13)

JavaC++CSSRustScalaGoHTMLKotlin

Github contributions (5)

github-logo-circle
skylot/jadx

Jan 2018 - Dec 2022

Dex to Java decompiler
Role in this project:
userBack-end Developer
Contributions:2 reviews, 20 commits, 27 PRs in 4 years 11 months
Contributions summary:Sergey primarily contributed to the decompiler's core functionality by modifying and updating internal Java classes. Their work involved changes to argument handling, resource management, and XML parsing. They also addressed specific issues, such as generating code for missing Android resources and improving the handling of XML resource files, showcasing a focus on improving the decompiler's accuracy and features. Furthermore, the user enhanced the decompiler's resource handling by supporting the parsing of resources.
dalvikapktoolresharperjava-bytecodeandroid
oversecured/ovaa

Sep 2020 - Jul 2024

Oversecured Vulnerable Android App
Contributions:6 PRs, 8 pushes, 4 comments in 3 years 10 months
vulnerablevulnerable-android-appssecurityandroidandroid-app
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Sergey Toshin - Founder, Head Of Security Research at Oversecured