Arkadiy Tetelman An application security blog


My name is Arkadiy Tetelman - I’m a staff application security engineer living in San Francisco and working at Lob. Previously I worked at Airbnb, Twitter, and CardSpring (acquired by Twitter).

I graduated from UC Berkeley with degrees in Computer Science and Applied Mathematics.


Some of my currently active open source projects include:

  • ssrf_filter: a ruby gem for protecting against server side request forgery vulnerabilities
  • bounty-targets-data: an hourly-updated repo containing a list of all Hackerone/Bugcrowd in-scope domains
  • aws_public_ips: a tool for fetching all public IP addresses tied to an AWS account
  • dftest: a small command line utility for testing server responses to domain-fronting requests

I also maintain a vulnerability disclosure program on Hackerone for my projects.

Conference Talks:

  • Concrete Steps to Create a Security Culture, BSides San Francisco, March 2019
  • Enlisting Ethical Hackers to Solve Cyber Risk, RIMS Cyber Risk Forum, October 4th 2018
  • Data Driven Bug Bounty, BSides San Francisco, April 15 2018 (slides, video)


I’m available for security consulting and other inquiries. You can email me at:

  • hello{at} [PGP]