PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

RSS
Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING
Weekly Research

Research Worth Reading - Week 10, 2026

🔒 IronCurtain: A Personal AI Assistant Built Secure from the Ground Up • 🚥 mitmproxy for fun and profit: Interception and Analysis of Application Traffic • ⛓️‍💥 Authentication Bypass in pac4j

PentesterLab Mar 8, 2026
Weekly Research

Research Worth Reading - Week 9, 2026

💻 Browser-Based Port Scanning in the Age of LNA • 🪟 100+ Kernel Bugs in 30 Days • ⛈️ vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement

PentesterLab Mar 1, 2026
Insight

What you don't see

More and more, with the progress of coding agents, people are rewriting software.And honestly, it looks easy. You write a good ...

Louis Nyffenegger Mar 1, 2026 · 9 min read
Weekly Research

Research Worth Reading - Week 8, 2026

🦫 CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup • ☕️ Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services • 😱 Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat

PentesterLab Feb 22, 2026
Weekly Research

Research Worth Reading - Week 7, 2026

⨐ Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security • ⚒️ Introducing Augustus: Open Source LLM Prompt Injection Tool • 🤺 When Two Parsers Disagree: Exploiting Query String Differentials for XSS

PentesterLab Feb 16, 2026
APPSEC PENTESTING

Playing Tag with GCM

It all started with a CVE. It feels like it always does 😉. CVE-2025-54887 (CVSS 9.1) disclosed a missing GCM authentication ...

Louis Nyffenegger Feb 13, 2026 · 10 min read
Insight

What Dependency Management Can Learn from Certificate Management?

There was a time when certificate management was a constant source of outages. Not because TLS is complicated, and not because ...

Louis Nyffenegger Feb 10, 2026 · 15 min read
Insight

When Code Is Cheap, What Happens to AppSec?

With Anthropic's Opus 4.5, Ralph Wiggum Loop and GastOwn, a few people on the bleeding edge of AI-based software development are ...

Louis Nyffenegger Feb 10, 2026 · 6 min read
Weekly Research

Research Worth Reading - Week 6, 2026

🤖 Semgrep's Agent Skills • 🤿 Shaking the MCP Tree: A Security Deep Dive • 🤖 Evaluating and mitigating the growing risk of LLM-discovered 0-days

PentesterLab Feb 8, 2026
AuthZ APPSEC APPSEC

Killing IDORs in Rails Applications: Make the Database Say "No" By Default

Rails is great at making the happy path simple. You need a record, you write Model.find(params[:id]). You need an authorization check, ...

Louis Nyffenegger Feb 5, 2026 · 16 min read
Insight

Need for Speed: AI, Security, and Productivity

Security and privacy have always been about doing the right thing while balancing it with staying productive. People do not work ...

Louis Nyffenegger Feb 3, 2026 · 5 min read
Weekly Research

Research Worth Reading Week 05/2026

🪟 Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals • ␛ On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025 • 🪲 Insecure Defaults Detection

PentesterLab Feb 2, 2026