PentesterLab's Blog

research

Research Worth Reading - Week 8, 2026

🦫 CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup • ☕️ Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services • 😱 Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat

2026-02-22
Research

Research Worth Reading - Week 7, 2026

⨐ Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security • ⚒️ Introducing Augustus: Open Source LLM Prompt Injection Tool • 🤺 When Two Parsers Disagree: Exploiting Query String Differentials for XSS

2026-02-16

Playing Tag with GCM

Playing tag with GCMIt all started with a CVE. It feels like it always does 😉. CVE-2025-54887 (CVSS 9.1) disclosed a ...

2026-02-13 - 10 min read

What Dependency Management Can Learn from Certificate Management?

There was a time when certificate management was a constant source of outages. Not because TLS is complicated, and not because ...

2026-02-10 - 15 min read

When Code Is Cheap, What Happens to AppSec?

With Anthropic's Opus 4.5, Ralph Wiggum Loop and GastOwn, a few people on the bleeding edge of AI-based software development are ...

2026-02-10 - 6 min read
Research

Research Worth Reading - Week 6, 2026

🤖 Semgrep's Agent Skills • 🤿 Shaking the MCP Tree: A Security Deep Dive • 🤖 Evaluating and mitigating the growing risk of LLM-discovered 0-days

2026-02-08

Killing IDORs in Rails Applications: Make the Database Say "No" By Default

Rails is great at making the happy path simple. You need a record, you write Model.find(params[:id]). You need an authorization check, ...

2026-02-05 - 16 min read

Need for Speed: AI, Security, and Productivity

Security and privacy have always been about doing the right thing while balancing it with staying productive. People do not work ...

2026-02-03 - 5 min read
Research

Research Worth Reading Week 05/2026

🪟 Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals • ␛ On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025 • 🪲 Insecure Defaults Detection

2026-02-02
Research

Research Worth Reading Week 04/2026

🤯 On the Coming Industrialisation of Exploit Generation with LLMs • 🚨 Cloudflare Zero-day: Accessing Any Host Globally • 🤖 Claude Magic String Denial of Service

2026-01-26

CVE-2026-23993: JWT authentication bypass in HarbourJwt via “unknown alg”

I didn't know Harbour even existed as a language when I found this bug. The fun part is that I also ...

2026-01-21 - 8 min read
Research

Research Worth Reading Week 03/2026

🤖 AI models are showing a greater ability to find and exploit vulnerabilities on realistic cyber ranges • 🏴‍☠️ Pwning Claude Code in 8 Different Ways • 🔐 The State of OpenSSL for pyca/cryptography

2026-01-18
Research

Research Worth Reading Week 01/2026

💧 Cross-Site ETag Length Leak • 🛠️ Detect Go's silent arithmetic bugs with go-panikint • 💎 Ruby Array Pack Bleed

2026-01-06

Research Worth Reading Week 51/2025

A quieter week that perfectly fits the two deep dives! 📚 ORM Leaking More Than You Joined For The latest opus ...

2025-12-21 - 0 min read

Research Worth Reading Week 50/2025

SAML bypasses & LLM-assisted crash triage. 🔒 The Fragile Lock: Novel Bypasses for SAML Authentication Ruby SAML falls again. An extraordinary ...

2025-12-14 - 0 min read

Research Worth Reading Week 49/2025

WAF bypasses, CVE research & constant-time crypto. ⏰ Introducing constant-time support for LLVM to protect cryptographic code Trail of Bits explains ...

2025-12-07 - 1 min read

Research Worth Reading Week 47/2025

Articles worth reading discovered last week. This week feels like a giant "how to find your own CVE"... 🤖 An Evening ...

2025-11-23 - 1 min read

Research Worth Reading Week 46/2025

Android, Request Smuggling and Markdown Sanitizer! 📸 Pixnapping Attack It has been a while since the last vulnerability with its own ...

2025-11-16 - 1 min read

Research Worth Reading Week 45/2025

Busy week: Android, Django and MCP! 🤖 Runtime Android Object Instrumentation A great write-up on runtime instrumentation for Android using SQLite ...

2025-11-09 - 1 min read

Research Worth Reading Week 44/2025

Passports, WIFI and AI-SAST! 🛂 The cryptography behind electronic passports A great write-up on the security of electronic passports using a ...

2025-11-02 - 0 min read

Research Worth Reading Week 43/2025

Another great week! 🧠 CSP Bypass Search What if there was a place you could copy/paste a CSP policy and instantly ...

2025-10-26 - 1 min read

6 Easy Bugs to Find in Golang Source Code Reviews

Security code review doesn't have to be intimidating. In Go codebases, certain patterns appear repeatedly. These mistakes are easy to spot ...

2025-10-15 - 9 min read

Research Worth Reading Week 41/2025

AI, AI, SSRF-XSLT! 🤖 Building the Leading Open-Source Pentesting Agent: Architecture Lessons from XBOW Benchmark The latest write-up on how to ...

2025-10-12 - 0 min read

Research Worth Reading Week 40/2025

ADB and JWT, a quiet but interesting week! 🚙 Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass Learn how ...

2025-10-05 - 0 min read

Research Worth Reading Week 38/2025

Content worth checking discovered last week: 🤖 Hacking with AI SASTs A great write-up evaluating the current state of AI-augmented SAST: ...

2025-09-28 - 0 min read

Tabletop Exercises For Appsec Teams

Tabletop exercises are the secret weapon for building resilient AppSec teams. They're not just training; they're relationship builders, blind spot finders, ...

2025-09-19 - 9 min read

Research Worth Reading Week 36/2025

A good mix of everything to please everyone: CVEs, AI, Integrity Bypass and Unicode 🛠 ksmbd - Fuzzing Improvements and Vulnerability ...

2025-09-08 - 1 min read

How Devise Solves Session Invalidation in Rails

Rails relies on signed sessions to keep track of logged-in users. Since Rails 5.2, those sessions use AES GCM for authenticated ...

2025-09-03 - 5 min read

Security Twins: Learning From Your Software’s Closest Relatives

When you are doing code review, penetration testing, bug bounty or threat modeling, it is easy to get tunnel vision and ...

2025-08-31 - 5 min read

How Fluid Attacks Trains Every Tester with PentesterLab’s Code Review Badge

For the past few months, I’ve been noticing a pattern on LinkedIn: people celebrating their success in obtaining our Code Review ...

2025-08-27 - 5 min read

Research Worth Reading Week 34/2025

Stop everything you’re doing! Phrack is out! 📰 Phrack Issue 0x48 The latest Phrack is out! As usual, lots of amazing ...

2025-08-24 - 1 min read

Research Worth Reading Week 31/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-08-10 - 1 min read

Research Worth Reading Week 29/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-07-27 - 1 min read

Research Worth Reading Week 28/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-07-14 - 1 min read

Research Worth Reading Week 25/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-06-23 - 2 min read

Research Worth Reading Week 24/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-06-15 - 2 min read

Demonstrate Your Hacking Skills with N-Day Analysis & Security-Mechanism Deep Dives

TL;DR: You don’t need a fresh 0-day to prove you can hack. Break down existing vulnerabilities and security mechanisms instead. You’ll ...

2025-06-09 - 5 min read

Research Worth Reading Week 23/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-06-09 - 1 min read

Sharpen Your Recon Skills for Free: Claim Our Free Recon Badge Today

Enumeration is where every great hack starts. Our Recon Badge gives you a realistic playground to master those first, crucial steps ...

2025-06-03 - 5 min read

Research Worth Reading Week 22/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-06-01 - 1 min read

Research Worth Reading Week 21/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-05-25 - 1 min read

Research Worth Reading Week 20/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-05-18 - 1 min read

Research Worth Reading Week 19/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-05-11 - 1 min read

The Ultimate Guide to JWT Vulnerabilities and Attacks (with Exploitation Examples)

JSON Web Tokens (JWTs) are widely used for authentication, authorization, and secure information exchange in modern web applications. They're often used ...

2025-05-05 - 33 min read

Research Worth Reading Week 18/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-05-04 - 1 min read

Pentester vs. Security Researcher: Skills, Career Paths, and What to Expect

The Perceived HierarchyIn the world of offensive security, many people view security research as the ultimate goal, a prestigious badge of ...

2025-04-24 - 4 min read

Do You Care About Exploitability?

When reviewing code, you often uncover problematic patterns or weaknesses. Unfortunately, discovering something concerning doesn't automatically mean you have found an ...

2025-04-19 - 4 min read

Research Worth Reading Week 14/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-04-06 - 0 min read

Research Worth Reading Week 13/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-03-30 - 1 min read

The State of JWT Libraries on JWT.io: A Security Concern

JWT.io is widely known among developers for its convenient JWT debugger and its curated list of libraries supporting JSON Web Tokens ...

2025-03-28 - 4 min read

Research Worth Reading Week 12/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-03-23 - 2 min read

Research Worth Reading Week 11/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-03-16 - 1 min read

Introduction to Secure Code Review

Secure code review is a fundamental practice in software security, aimed at identifying vulnerabilities, weaknesses, or areas for security improvement directly ...

2025-03-12 - 9 min read

Research Worth Reading Week 10/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-03-09 - 1 min read

Vulnerabilities Are Cattle, Not Pets

For years, organizations have relied on CVSS to assess and prioritize vulnerabilities. The framework was built by incredibly smart people, and ...

2025-02-25 - 7 min read

How AI-Generated Code Is Changing Secure Code Review

I’ve been thinking a lot about AI-generated code lately—and the impact it has and will continue to have on security code ...

2025-02-24 - 6 min read

Research Worth Reading Week 08/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-02-23 - 1 min read

Why You Hate Code Review (And How to Fix It)

I recently gave a workshop at OWASP Bay Area and presented a fresh slide deck. My main goal was to explain ...

2025-02-18 - 3 min read

Research Worth Reading Week 07/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-02-17 - 2 min read

I Don’t Want My Devs to Become Hackers!

When talking with security folks about the benefits of running an internal Capture the Flag (CTF) event or signing developers up ...

2025-02-13 - 5 min read

Research Worth Reading Week 06/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-02-10 - 2 min read

On Pentesting and Code Review Strategies

I often get asked about pentesting and code review methodologies. It seems like people are hoping for a secret sauce that ...

2025-02-04 - 6 min read

Research Worth Reading Week 05/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-02-02 - 1 min read

Learn Web Pentesting: Invariants and Feedback Loops

We recently released a lab on MongoDB IDOR and how to guess ObjectIds. Basically, you need to find the ObjectId of ...

2025-01-28 - 6 min read

Minimal Changes Vulnerability Testing: Why Less is More in Security

A lot of people, when testing for security issues, jump right into "full exploitation" mode. They might flip multiple parameters in ...

2025-01-27 - 7 min read

Research Worth Reading Week 04/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-01-26 - 1 min read

OWASP Top 10: What It Is and How to Really Use It

With the new version of the famous OWASP Top 10 on the horizon, it’s a great time to talk about its ...

2025-01-21 - 8 min read

Research Worth Reading Week 03/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-01-19 - 0 min read

How Homogenization of the Development Process Scales Application Security

In a world where software vulnerabilities and data breaches dominate headlines, application security has become a top priority. Yet achieving consistent, ...

2025-01-16 - 8 min read

Networking but not TCP/IP

When we talk about “networking” in InfoSec—especially for aspiring pentesters—most people immediately think of IP addresses, ports, and three-way handshakes. But ...

2025-01-11 - 9 min read

The Role of Security Code Review Training for Developers

Training developers in security code review goes beyond simply enhancing their ability to write secure code. It equips them with the ...

2025-01-09 - 5 min read

Scoping a Security Code Review

Scoping a security code review is a critical step in ensuring a successful engagement. Without proper scoping, you risk falling into ...

2025-01-06 - 10 min read

Research Worth Reading Week 01/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2025-01-05 - 1 min read

The "Engineer Mind": Visualizing Code and Architecture for Successful Pentesting and AppSec Engineering

While developing the "Criminal Mind" is crucial for uncovering vulnerabilities, there is another equally important skill to master: developing the "Engineer ...

2025-01-05 - 9 min read

The "Criminal Mind" in Security Testing: Nature or Nurture?

In the world of security testing and vulnerability research, there’s a specific mindset that sets some individuals apart—a way of thinking ...

2025-01-03 - 10 min read

Password Reset Code Review and Pentest Checklist

A secure password reset process is a cornerstone of account security for any web application. If not implemented correctly, it can ...

2025-01-02 - 9 min read

What to Expect from a Security Internship

Security internships are a fantastic way to learn, gain experience, and establish a foothold in the cybersecurity industry. However, they come ...

2025-01-01 - 8 min read

How People Use PentesterLab: Beyond the Usual Training

PentesterLab is widely recognized as a top-tier training platform for application security (AppSec) professionals, penetration testers, and code reviewers. However, our ...

2024-12-25 - 4 min read

Research Worth Reading Week 51/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-12-23 - 1 min read

Leveraging PentesterLab for Application Security Engineers

PentesterLab is a comprehensive platform designed for application security engineers focused on identifying weaknesses, vulnerabilities, and areas for improvement in real-world ...

2024-12-23 - 4 min read

Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150

Recently, I was in Brisbane to give a talk on JWT algorithm confusion vulnerabilities. During a conversation with my friend Luke ...

2024-12-20 - 7 min read

New Year, New Hacker Me

As we gear up for the new year, many of us reflect on how we can improve and grow. For those ...

2024-12-19 - 5 min read

PentesterLab Roadmap: Learn Bug Bounty Step-by-Step

Bug bounty hunting has become an exciting way to develop security skills, earn some extra income, and contribute to securing applications ...

2024-12-18 - 7 min read

Research Worth Reading Week 50/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-12-16 - 1 min read

Reading Between the Lines: A Guide to Thoughtful Learning in Security

My friend Luke recently published a great blog post titled: The Ruby on Rails _json Juggling Attack. Please make sure you ...

2024-12-12 - 6 min read

How to Securely Design Your JWT Library

I've read the source code of many JWT libraries—some might say, too many. In doing so, I've seen patterns of both ...

2024-12-10 - 6 min read

Research Worth Reading Week 49/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-12-08 - 2 min read

Exploring CORS Vulnerabilities in Rust: Patterns and Bypasses

After my recent article on CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons, I started exploring similar issues in Rust. Interestingly, ...

2024-12-05 - 2 min read

CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons

If you read this blog regularly, you know that I like looking at CVE. I do that to create labs and ...

2024-12-02 - 5 min read

Research Worth Reading Week 48/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-12-01 - 2 min read

Encoding Is Not Magic

When talking with aspiring hackers, bug bounty hunters, or application security engineers, it often feels that there’s some misunderstanding around encoding. ...

2024-12-01 - 3 min read

5 Essential Activities For Aspiring Web Hackers

Web hacking is a domain that rewards curiosity, persistence, and a hands-on approach to learning. To master the intricacies of web ...

2024-11-27 - 6 min read

Hacking with Curl!

If you want to take your web skills to the next level, one tool you really need to master is curl. ...

2024-11-25 - 7 min read

Research Worth Reading Week 47/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-11-24 - 1 min read

How JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review

When I wrote the first lab on algorithm confusion, I remember spending a bit of time trying to find a vulnerable ...

2024-11-20 - 25 min read

Research Worth Reading Week 46/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-11-17 - 0 min read

How split() Can Prevent None Exploitation in JWT Validation

When doing security code review, you sometimes come across infuriating code—code that appears to be vulnerable but isn't, due to unexpected ...

2024-11-13 - 7 min read

Research Worth Reading Week 45/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-11-10 - 3 min read

Mitigating Risks of Command Execution in Compromised Directories

A notable threat in application security arises when applications execute commands within directories that may be under an attacker's influence. It's ...

2024-11-07 - 4 min read

Research Worth Reading Week 44/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-11-03 - 0 min read

Research Worth Reading Week 43/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-10-27 - 2 min read

The Diminishing Value of Secure Coding Training

In the early days of software development, secure coding was indispensable in safeguarding applications against common security threats. Developers had to ...

2024-10-24 - 5 min read

Research Worth Reading Week 42/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-10-21 - 1 min read

Mastering Hacking Through Deliberate Practice

In many sports and activities, deliberate practice is the key to improvement. Chess masters break down their training into openings, middle ...

2024-10-18 - 5 min read

Research Worth Reading Week 41/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-10-15 - 1 min read

The Value of Code Reviews Without Bugs

In the world of application security and code review, there’s a misconception that the success of a review is measured solely ...

2024-10-10 - 7 min read

Research Worth Reading Week 40/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-10-07 - 1 min read

Hiring Your First AppSec Engineer: The Technical Interview

In a previous blog post titled "Hiring Your First AppSec Engineer", we discussed some key recommendations for hiring your first application ...

2024-10-02 - 8 min read

Research Worth Reading Week 39/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-09-30 - 1 min read

Hiring Your First AppSec Engineer

Recently, I was asked by a CISO for recommendations on hiring their first AppSec or product security professional. This sparked a ...

2024-09-25 - 9 min read

Research Worth Reading Week 38/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-09-24 - 2 min read

From CVE to Swarm: A Case Study on CVE-2024-32963

One of the things I enjoy doing is looking at CVEs. I find it a great way to learn about new ...

2024-09-20 - 8 min read

The Power of Wasting Time

In today’s world, there is an overwhelming obsession with productivity. Efficiency is the gold standard, and procrastination is seen as the ...

2024-09-18 - 5 min read

Research Worth Reading Week 37/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-09-15 - 2 min read

OR 1=1 -- is Dying

One of the classic examples of SQL Injection is using ' or 1=1 -- in a username to bypass the authentication ...

2024-09-13 - 6 min read

Clever Developers, Costly Mistakes

In the world of software development, the allure of writing clever code is strong. Developers, especially those who are highly skilled, ...

2024-09-10 - 8 min read

Research Worth Reading Week 36/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-09-09 - 1 min read

Why Settle for a Bug When You Can Catch a Swarm?

The discovery of a new bug or the analysis of a Common Vulnerabilities and Exposures (CVE) can often feel like a ...

2024-09-02 - 10 min read

Research Worth Reading Week 35/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-09-01 - 1 min read

The Certification Trap

I woke up this morning and saw that yet another certification is now available. You can now be "XYZ" certified! The ...

2024-08-30 - 6 min read

Secure Coding Training Versus Security Code Review Training

In the field of application security, two crucial types of training often come up: secure coding training and security code review ...

2024-08-29 - 7 min read

Research Worth Reading Week 34/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-08-25 - 1 min read

Effective Note-Keeping for Web Security Code Reviews

One of the recurring questions I get during my Web Security Code Review Training is how to keep notes when multiple ...

2024-08-20 - 11 min read

Research Worth Reading Week 33/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-08-18 - 2 min read

The Difference between Good and Bad Code Reviewers

Bad code reviewers use grep... well, good code reviewers use grep, but they are good code reviewers! You are probably not ...

2024-08-15 - 4 min read

Spotting Discrepancies in Security Code Reviews

When running our Web Security Code Review Training, I use an analogy on the difference between "They are French" and "They ...

2024-08-12 - 4 min read

Research Worth Reading Week 32/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-08-11 - 1 min read

Good Enough - A look at Golang http.ServeFile

As a security engineer, and like many people in security, I prefer bulletproof solutions to patches that fix only half of ...

2024-08-06 - 3 min read

Research Worth Reading Week 31/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-08-04 - 1 min read

ORM Leak Exploitation Against SQLite

We are currently building our ORM Leak labs and found a quirk worth sharing. The goal of our labs is to ...

2024-07-30 - 5 min read

Research Worth Reading Week 30/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-07-29 - 1 min read

What makes a Language More Secure

When it comes to the security of programming languages, the conversation often revolves around memory safety and typing. These features, while ...

2024-07-26 - 5 min read

Is PHP REALLY Getting Better?

There’s been a lot of chatter about PHP being insecure, but as Luke Stephens points out in his article, "People who ...

2024-07-23 - 8 min read

Research Worth Reading Week 29/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-07-22 - 2 min read

The Journey from Pentesting to Security Code Review

I think the hardest part for pentesters transitioning into security code review is going back to the low level of confidence ...

2024-07-18 - 4 min read

Research Worth Reading Week 28/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

2024-07-15 - 1 min read

What Developers Get for Free

One effective way to accelerate your security code review or pentest is to understand what developers get for free! In this ...

2024-07-10 - 8 min read

The Power of Scripting in Web Hacking

In web hacking, scripting is a key skill that separates good hackers from great ones. If you follow top web hackers, ...

2024-07-03 - 5 min read

6 Questions to Ask When Interviewing for an AppSec Role

You wrote the perfect resume, the interview is going well! Now the classic “Do you have any questions for us?” is ...

2024-06-14 - 5 min read

Embrace the suck!

When handling customer support for PentesterLab, we often get emails from people who can’t solve a challenge: “… I have been ...

2024-06-03 - 2 min read

Don't Let Tools Spoil Your Hacking Education

In the world of hacking, the right tools can make all the difference. However, when you’re just starting out, it’s crucial ...

2024-05-29 - 6 min read

Beating the code review plateaux

In every field, people eventually hit plateaux in their progression. Security code review is no different. In this article, we explore ...

2024-05-03 - 4 min read

Interview with Ryan Montgomery aka 0day

Tell a bit more about yourself? My name is Ryan Montgomery, also known in the cybersecurity world as 0day. I’ve been ...

2023-09-01 - 3 min read

Algorithm Confusion Attacks against JWT using ECDSA

JSON Web Tokens (JWT) are widely used for authentication in modern applications. As their use increases, so does the importance of ...

2023-08-03 - 5 min read

A strategy to land your first pentest job

In this blog post, we are going to cover a strategy to help you get a job as a pentester or ...

2021-12-16 - 11 min read

How to start reviewing code?

Too often (me included), savvy code reviewers recommend to get started into code review by “Just reading code” and that is ...

2021-10-28 - 7 min read

Who do you trust?

I recently found a small issue in some TLS clients. More precisely, it is more of a difference between what happens ...

2020-06-03 - 3 min read

/i considered harmful

After reading this blog post on a bug in Github and Unicode, I started playing more and more with Unicode (even ...

2020-03-26 - 3 min read

Articles worth-reading from 2019

Every week, our twitter account @PentesterLab publishes a list of articles worth-reading. This is the list of all the articles for ...

2020-01-02 - 3 min read

I don't need no proxy

For a long time, I have been looking at solving a simple problem: be more efficient when scaling vulnerability research/bug hunting. ...

2019-12-30 - 4 min read

Easy Capture-The-Flag Challenges

When building a Capture-The-Flag (for a conference), you need to have a good mix of very easy challenges and very hard ...

2019-08-28 - 3 min read

Invest in QA!

One of the common advice when trying to improve security at scale is to invest in QA. In this article, we ...

2019-08-16 - 5 min read

Building Blocks

Since it’s something I’m really passionate about, I have decided to spend more time writing about application security at scale. Today ...

2019-06-19 - 9 min read

CVE-2019–5418: on WAF bypass and caching

If you follow PentesterLab on Twitter, you probably saw the following tweet: Want to bypass WAF when exploiting CVE-2019-5418 ? curl ...

2019-04-04 - 3 min read

CVE-2019–5420 and defence-in-depth

In this short article, I’m going to discuss a little bit on the exploitability of CVE-2019–5420. Ruby-on-Rails offers three different environments ...

2019-03-19 - 4 min read

Interview with a PRO user: Pamela O’Shea

Tell me a bit more about yourself? Current occupation? Aspirations? Twitter? I run my own security business called Shea Information Security ...

2019-02-05 - 6 min read

Should I go to university?

One of the questions I often get asked is whether or not I recommend going to university/engineering school/… or to get ...

2018-12-26 - 7 min read

Interview with a PRO user — Borja Berastegui

Tell me a bit more about yourself? Current occupation? Aspirations? I’ve been playing with computers for a while now, until I ...

2018-09-19 - 3 min read

Interview with a PRO user — Robert Kluger

Tell me a bit more about yourself? Current occupation? Aspirations? Twitter? I’m Robert Kugler (@robertchrk), a 22 year-old penetration tester & ...

2018-07-26 - 2 min read

Interview with a PRO user — WONG Wai Tuck

Tell me a bit more about yourself? Current occupation? Aspirations? I started using PentesterLab at around 2014. At that point of ...

2018-07-09 - 5 min read

NullCon HackIM 2018 web4 — The fast way?

The HackIM 2018/NullCon CTF just wrapped up. PentesterLab wrote 3 challenges for this CTF: “JWT V” (web4) worth 200 points “JWT ...

2018-02-13 - 5 min read

10 common mistakes aspiring/new pentesters make

At PentesterLab, we have been helping thousands of people become pentesters or better pentesters: with PentesterLab PRO offering for students/individuals/enterprises with ...

2018-01-08 - 11 min read

The Interview

Since you now have the perfect resume, you probably land some interviews! We decided to put together some advices on how ...

2017-07-22 - 9 min read

Retesting

One of most common and potentially most painful task you will have to perform as a penetration tester is retesting. If ...

2017-07-11 - 8 min read

Use docker for your pentesting labs!

If you are familiar with PentesterLab, you may have looked into our Play XML Entities exercise. Recently, we decided to create ...

2017-06-28 - 6 min read

Writing a good resume

As a pentester, most clients will judge your work by the quality of your reports. Your resume is the best way ...

2017-04-05 - 5 min read

Advice for new pentesters

We put together some advice for new pentesters; we hope you will like them! Be precise One of the key issues ...

2017-03-27 - 10 min read

Scoping a pentest

Scoping is one of the most important parts of a penetration testing engagement as it will determine if you will be ...

2017-03-10 - 12 min read

How to keep your pentest team on top of their game

Ensuring that your team stays up-to-date is a hard problem. The security field is always evolving and new vulnerabilities and attacks ...

2017-03-04 - 2 min read

Keeping Notes during a Pentest or Code Review

Keeping notes is one of the key aspects of penetration testing. In this article I’m going to share some information on ...

2017-03-03 - 4 min read