Szymon Drosdzol

Security Consultant at Doyensec

Kraków,Poland

English, Polish

Talks Delivered

Events Spoken At

Countries Visited

Years Speaking

Total Talks Given

About

I spoke at CONFidence 2025, one of the most established infosec conferences in Central Europe. My talk focused on advanced API authorization vulnerabilities and practical exploitation techniques, drawing from real-world engagements. I’ve compressed years of pentesting and secure code review experience into research-driven content and I’m eager to bring more of that to the stage.

Speaking Topics & Expertise

Areas of Expertise

Microservices Security

Web Security

Web Application Security

Vulnerability Research

Architecture

Security

Presentation Types

Technical Talk

Audience Types

Developers

Engineers

Security Professionals

Security Engineers

Penetration Testers

All Levels

Speaking History

2025

API Authorization Anti-Patterns

CONFidence 2025

June 3, 2025

Kraków, Poland

Technical Talk

Conference

API Security

Application Security

Web Application Security

Web Development

Architecture

In my career as a security consultant and pentester at Doyensec, I’ve dug through dozens of codebases — big, small, famous, and not-so-famous. One of the biggest lessons I’ve learned? Authorization bugs are surprisingly common, even in mature, well-built systems. After countless late nights and busted apps, I’ve trained my spidey senses to detect when an architecture is practically begging for an authorization bypass. At CONFidence Conference 2025, I’ll cover:

- Real-world examples of vulnerabilities

- Common code patterns that lead to them

- The systemic root causes beyond the typical “missing authorization check in endpoint handler”

- Practical advice for writing secure authorization logic

- Cheat codes for teams low on story points but high on security ambition

View Slides & Materials

Connect

@@tellic0 SzymonDrosdzol LinkedIn Profile

Experience Level

beginner