Yunus Aydın

Application Security Engineer | Security Research & AppSec | Black Hat & BSides Speaker | eWPTX - eMAPT - AWS

Istanbul, Türkiye

About

I'm an Application Security Engineer focused on security research and AppSec. I work on finding and responsibly disclosing issues in open-source software and in the supply chain, and I build tools and share what I learn through talks and writing. Research & impact I've discovered and disclosed multiple CVEs in widely used OSS projects and have presented at Black Hat Sector, BSidesBCN, Hacktrick, and IWCON. I've been recognized by Siemens, Microsoft, T-Mobile, Honeywell, Deutsche Telekom, and others for responsible disclosure, and I've contributed to the Google Bug Hunter program. I've also placed 1st in Turkcell UniBounty and 6th at STMCTF with team OutLawz. Tools & community I build and maintain open-source security tools, including projects adopted in Kali Linux and Black Arch, and write about my research and process on my blog. I regularly speak and teach on AppSec, AI security, and secure code review. Credentials eWPTX · eMAPT · AWS Cloud Practitioner. Interested in AppSec, security research, and speaking. Reach out to connect.

Experience

  • Trendyol Group (2 yrs 11 mos)
    • Application Security Engineer
      Jan 2025 - Present · 1 yr 7 mos

      1. Supply chain security Designed and drove rollout of an internal product that scans dependencies, licenses and vulnerabilities across the organization. Over 40,000 repositories are in scope, with pipelines blocking known-malicious packages. 2. Secret scanning & AI False Positive Elimination Scaled secret detection across all repositories and reduced false positives by 53% with AI-based classification. 3. Developer security engagement Ran security tournaments and training for ~400 engineers across 10 teams. Presented at Black Hat Sector, BSidesBCN, Hacktrick, and CIDC while at Trendyol.

    • Associate Security Engineer
      Sep 2023 - Dec 2024 · 1 yr 4 mos

      1. Bug bounty Managing Trendyol’s bug bounty program and day-to-day operations. 2. Vulnerability prioritization and fix process Prioritizing internal findings and contributing to fix workflows.

  • Software Security Engineer at nakitte.com
    Feb 2023 - Jul 2023 · 6 mos

    1. Developed a hospital management system with separate interfaces for doctors and healthcare workers, and helped design a more modern UI and simpler workflows. 2. Owned security for the product: secure design, implementation, and security assessments across the stack.

  • Founder at CantHide
    Aug 2022 - Dec 2022 · 5 mos

    1. Founded and built a product that discovers locations from social media accounts using AI and EXIF metadata for OSINT and security research. CantHide reached over 1K users. 2. Core idea later evolved into exifLooter, an open-source tool adopted in Kali Linux and Black Arch (480+ GitHub stars).

  • Offensive Security Researcher at Turkcell
    Aug 2022 - Oct 2022 · 3 mos

    1. Carried out offensive security research and vulnerability assessments in a telecom environment; discovered and responsibly disclosed a critical vulnerability. 2. Placed 1st in Turkcell UniBounty university bug bounty competition (2022) and 6th at STMCTF with team OutLawz (Turkey’s longest-running CTF, 200+ competitors, 50 teams).

  • Cyber Security Intern at ADEO Cyber Security Services
    Jul 2022 - Jul 2022 · 1 mo

    Contributed to security assessments and internal security processes during the internship.