// Cybersecurity

Your code tells us
everything.

We think like your developers. We test like attackers. CyberLabs is a Dakar-based cybersecurity consultancy offering security research, audits, threat modeling, email security, and training.

Start a conversation Our services

cyberlabs@audit ~

# reconnaissance
$ dig TXT _dmarc.target.sn
"v=DMARC1; p=none; rua=..."
# p=none means no enforcement

$ curl -s POST /api/login
{"token":"eyJhbGciOiJIUzI1..."}

$ decode_jwt $TOKEN
⚠ shared signing key detected
⚠ demo token valid on prod

$

What we do

Deep, manual security assessments focused on the application layer. Where most real-world breaches happen.

API Security Auditing

We read your API documentation, understand your framework's defaults, and test the actual contract between frontend and backend.

REST JWT OAuth IDOR RBAC

Email Security

We don't just flag "missing DMARC record." We analyze the full authentication chain, identify spoofing vectors, and assess phishing resilience end to end.

SPF DKIM DMARC BEC Spoofing

Authentication & Access Control

Session management, privilege escalation, CSRF, rate limiting. We test horizontal and vertical access paths that automated tools overlook.

Session CSRF Brute-force MFA

Web Application Security

OWASP Top 10 methodology with a developer's eye. We find SQL injection, XSS, SSTI, and architectural flaws that scanners miss because we understand how the code works.

SQLi XSS SSTI OWASP

Threat Modeling

We model actual attack chains with real impact: "this SQLi leads to admin hash extraction, which leads to full database access." Concrete context for prioritization.

STRIDE CIA Triad Attack Chains

Compliance & Regulatory

Findings mapped to Loi 2008-12, OWASP ASVS, PCI DSS, ISO 27001, and GDPR. Compliance-aware, not compliance-driven. Real risk comes first.

Loi 2008-12 PCI DSS ISO 27001

How we work

An engineer's approach to security. We find vulnerabilities by understanding how applications are built.

Reconnaissance

DNS records, certificate transparency, technology fingerprinting, API surface mapping. We understand the terrain before testing.

API-First Testing

Start from the API layer. Read Swagger/OpenAPI specs, understand framework defaults, and test the real contract between client and server.

Injection & Access Control

SQL injection, XSS, IDOR, privilege escalation. Every input field, every parameter, every endpoint. Manual and methodical.

Attack Chain Analysis

We connect individual findings into realistic, multi-step exploit scenarios with concrete impact assessments.

Evidence & Reporting

Full proof-of-concept for every finding. Detailed reports in French and English with severity scoring, OWASP mapping, and prioritized remediation.

Remediation Support

Prioritized roadmap (P0/P1/P2). We speak your developers' language because we are developers. Practical fixes, not theoretical advice.

Who we are

CyberLabs SUARL is a cybersecurity consultancy based in Dakar, Senegal. We perform security research, audits, threat modeling, phishing assessments, and security training. All from a software engineering perspective, not a network/infrastructure one.

With 10+ years across secure development, anti-phishing systems, and enterprise security at scale, we bring a unique blend of builder's intuition and attacker's mindset. We've built phishing detection algorithms for APWG and Google Safe Browsing, led email security at dmarcian, and currently conduct security research for Microsoft Defender.

Our focus is the application layer: APIs, authentication, authorization, data exposure, email security, and the architecture decisions that create or prevent vulnerabilities.

SANS / GIAC certified
Microsoft certified
AWS certified

10+

Years in Software & Security

60+

Findings Across Client Engagements

Industry Certifications

FR/EN

Bilingual Delivery

Let's talk

Describe your system. We'll take it from there.

contact [at] cyberlabs [dot] sn

Location

Dakar, Senegal

Company

CyberLabs SUARL

Your code tells useverything.