Sergey Toshin

Co-Founder

United States6 yrs 4 mos experience

Highly Stable

Key Highlights

#1 Google Play Security Researcher
$1M+ in Bug Bounties
Secured 3B+ iOS and Android Users

Stackforce AI infers this person is a Mobile Security Expert with a focus on SaaS solutions.

Contact

Skills

Core Skills

Mobile SecurityVulnerability Research

Other Skills

SASTDASTCI/CD IntegrationsVulnerability ScanningBug Bounty HuntingAndroidJavaReverse EngineeringWeb Application SecurityComputer SecurityCybersecuritySwift (Programming Language)Software as a Service (SaaS)iOSSecurity Research

About

For the past decade, I’ve been obsessed with securing mobile apps. I was ranked #1 in Google Play Security Rewards, top in Samsung’s global mobile security program, and among the top 3 on HackerOne. After 1,000+ accepted bug bounty reports and $1M+ in earnings, I realized one thing: mobile apps are far less secure than people think. That’s why I founded Oversecured — to help security and engineering teams ship faster without sacrificing safety: — lowest false positives — highest finding rate — SAST + DAST coverage with automatic PoC — CI/CD integrations Today, teams at TikTok, Google, MercadoLibre, Expedia and dozens of other enterprises trust us to protect their apps, and I’m sure that’s just the beginning.

Experience

6 yrs 4 mos

Total Experience

6 yrs 4 mos

Average Tenure

6 yrs 4 mos

Current Experience

Oversecured

Founder, Head of Security Research

Jan 2020 – Present · 6 yrs 4 mos · San Francisco, California, United States

Oversecured is the #1 automated mobile app vulnerability scanner for iOS & Android, trusted by global leaders like TikTok, Google, MercadoLibre, and Expedia
What we do:
Detect 175+ categories of mobile vulnerabilities with <3% false positives
Combine SAST & DAST for full security coverage
Integrate seamlessly into CI/CD pipelines (GitHub, GitLab, Jenkins, Bitrise)
Provide detailed write-ups & PoC exploits, eliminating manual triage
Save security teams weeks of testing, delivering full audit results in 15 minutes
Why it matters:
Security leaders and AppSec teams use Oversecured to:
Reduce breach risk and meet strict compliance requirements (GDPR, HIPAA, PCI)
Ship mobile app releases faster without sacrificing safety
Free up engineering resources by automating vulnerability detection
Our mission: make mobile apps secure by default

Mobile SecurityVulnerability ResearchSASTDASTCI/CD Integrations

Hackerone

Security Researcher & Bug Bounty Hacker

Jan 2016 – Jan 2020 · 4 yrs

Researching the security of mobile apps (Android and iOS), collecting statistics on the most common developer mistakes, and automating their detection in my product, which is currently known as Oversecured. During my time on HackerOne, I've submitted hundreds of vulnerability reports to over 100 different companies. HackerOne now uses my disclosed reports as an example of vulnerabilities in mobile apps.

Mobile SecurityVulnerability ResearchBug Bounty Hunting