An open API service indexing awesome lists of open source software.

https://github.com/dweinstein/dweinstein


https://github.com/dweinstein/dweinstein

Last synced: 4 months ago
JSON representation

Awesome Lists containing this project

README

          

[![GitHub](https://img.shields.io/badge/GitHub-%40dweinstein-239a3b.svg)](https://github.com/dweinstein)
[![Twitter](https://img.shields.io/badge/Twitter-%40insitusec-58a1f2.svg)](https://twitter.com/insitusec)
[![LinkedIn](https://img.shields.io/badge/Linked-in-0c66c3.svg)](https://www.linkedin.com/in/dweinst/)
![](https://komarev.com/ghpvc/?username=dweinstein)

## CTO, Researcher, Developer, Security, Privacy, AI, and product development enthusiast

Hi there! I'm David, a passionate developer, early adopter, and team builder. I love solving hard problems at any scale or part of the stack.

### πŸ”§ Projects & Contributions
* πŸ“± At [NowSecure](https://www.nowsecure.com/), I work with the product management, development, engineering, and research teams to enable automated application security and risk management solutions at scale.
* :tophat: Although a significant portion of my work is for private companies, I enjoy contributing to communities while hacking on various hobby projects. I also like exploring radical new approaches to knowledge and code management e.g., [Glamorous Toolkit](https://github.com/feenkcom/gtoolkit), or fixing less maintream, more niche technical things like [Erlang](https://www.erlang.org/) client generation for the [openapi-generator](https://github.com/OpenAPITools/openapi-generator) project. In the past, I developed a [Node.js API client](https://github.com/dweinstein/node-google-play) for the Google Play Store to download APKs. I rewrote that client in Rust [here](https://github.com/dweinstein/rs-google-play), which was [forked by EFF](https://github.com/EFForg/rs-google-play).
* πŸ—ƒοΈ [db_sampler](https://github.com/dweinstein/db_sampler): An Elixir tool for sampling rows from PostgreSQL databases and exporting to NDJSON. Supports table sampling with limits/ordering and SQL templates with EEx. Built with the adapter pattern for testability. [Docs](https://dweinstein.github.io/db_sampler/)
* πŸ” [deps_checker](https://github.com/dweinstein/deps_checker): A Python tool for identifying vulnerable dependencies in mobile applications by analyzing SBOM data. Targets npm supply chain attacks and cross-references against known vulnerable package versions. Zero external dependencies, CI/CD friendly.
* πŸš€ I particularly like working in areas where I can leverage a broad set of skills ranging from AI, APIs, mobile technologies, reverse engineering, security, and privacy. I enjoy working with product and technology teams, collaborating on all sorts of challenging problems and projects within an enterprise B2B organization.
* πŸ› οΈ Lately I use a lot of tools especially [Glamorous Toolkit](https://github.com/feenkcom/gtoolkit), [Frida](https://github.com/frida/frida), [Radare](https://github.com/radareorg/radare2), and working on projects involving iOS or Android, [mitmproxy](github.com/mitmproxy/mitmproxy), and more.
* 🐳 I've been an early adopter of many new technologies and like to rediscover old technologies and make them new. Sometimes I document my learnings through blog posts, e.g., [some handy docker articles from 2014](http://bitjudo.com/blog/2014/03/13/building-efficient-dockerfiles-node-dot-js/), which was back in the early days when everyone was learning how best to use containerization with development projects.
* 🧠 Currently thinking a lot about things interconnected with AI, product management, cybersecurity, development, and operations.

### πŸ›‘οΈ Resources & Blog Posts
* πŸ”— I try and maintain [awesome-frida](https://github.com/dweinstein/awesome-frida): A curated list of awesome projects, libraries, and tools powered by Frida.
* πŸ“– [OWASP Crackme Solution solved with Frida](https://www.nowsecure.com/blog/2017/04/27/owasp-ios-crackme-tutorial-frida/): I wrote this a long time ago to provide a comprehensive guide on solving a OWASP Crackme challenge for mobile app security enthusiasts while showcasing some of the amazing tools we've built.
* 🌩️ [Cloudbleed Vulnerability and its Impact on Mobile App Security](https://www.nowsecure.com/blog/2017/02/23/cloudflare-cloudbleed-bugs-impact-mobile-apps/): An example that demonstrates the type of data I've worked with a deep dive into the Cloudbleed vulnerability and its implications for mobile app security at the time.
* [Post-Quantum Cryptography: Security in Mobile Apps](https://www.linkedin.com/pulse/post-quantum-cryptography-security-mobile-apps-david-weinstein?utm_source=rss&utm_campaign=articles_sitemaps) An article I wrote about quantum's impact on mobile apps.
* [September 8, 2025 - Major NPM Supply-Chain Attack: Potential Impact on Mobile Applications](https://www.nowsecure.com/blog/2025/09/08/major-npm-supply-chain-attack-potential-impact-on-mobile-applications/)): Attackers compromised popular packages like `chalk`, `debug`, and `ansi-styles` with over 2 billion weekly downloads, injecting malware designed to intercept cryptocurrency transactions and steal credentials.
* [September 16, 2025 - New NPM Supply Chain-Attack Hits 187 Packages β€” Here’s Why Mobile Apps Are Still at Risk](https://www.nowsecure.com/blog/2025/09/16/new-npm-supply-chain-attack-hits-187-packages-heres-why-mobile-apps-are-still-at-risk/): 187 additional packages were compromised, some even poossibly targeting mobile development ecosystems including NativeScript, Angular mobile components, and React Native adjacent packages.

### 🌟 My Skills & Expertise
* πŸ“ˆ I enjoy helping customers solve challenges, discussing growth opportunities, entrepreneurship.
* πŸš€ Proficient in TypeScript/JavaScript/Node.js, Smalltalk/Pharo, Rust, Erlang, Python, C/C++, and other languages with a REPL, hot code loading, and convenient FFI.
* πŸ€– Experienced with various product management tools, frameworks, and platforms... I'm always eager to learn and adopt or adapt old and new technologies.
* πŸŒ‰ Skilled in fostering collaboration and building strong relationships with my team members and business stakeholders ranging from super technical to non-technical alike.