PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

Research Worth Reading - Week 18, 2026

🤖 AI threats in the wild: The current state of prompt injections on the web • 🪟 Persistence Atlas: 19 Techniques Nobody Talks About • 😳 Securing GitHub: Wiz Research uncovers RCE in GitHub.com

May 4, 2026

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

Research Worth Reading Week 39/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Sep 30, 2024 · 1 min read

Hiring Your First AppSec Engineer

Recently, I was asked by a CISO for recommendations on hiring their first AppSec or product security professional. This sparked a ...

Louis Nyffenegger Sep 25, 2024 · 9 min read

Research Worth Reading Week 38/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Sep 24, 2024 · 2 min read

Code Review

From CVE to Swarm: A Case Study on CVE-2024-32963

One of the things I enjoy doing is looking at CVEs. I find it a great way to learn about new ...

Louis Nyffenegger Sep 20, 2024 · 8 min read

The Power of Wasting Time

In today’s world, there is an overwhelming obsession with productivity. Efficiency is the gold standard, and procrastination is seen as the ...

Louis Nyffenegger Sep 18, 2024 · 5 min read

Research Worth Reading Week 37/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Sep 15, 2024 · 2 min read

OR 1=1 -- is Dying

One of the classic examples of SQL Injection is using ' or 1=1 -- in a username to bypass the authentication ...

Louis Nyffenegger Sep 13, 2024 · 6 min read

Code Review

Clever Developers, Costly Mistakes

In the world of software development, the allure of writing clever code is strong. Developers, especially those who are highly skilled, ...

Louis Nyffenegger Sep 10, 2024 · 8 min read

Research Worth Reading Week 36/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Sep 9, 2024 · 1 min read

Code Review

Why Settle for a Bug When You Can Catch a Swarm?

The discovery of a new bug or the analysis of a Common Vulnerabilities and Exposures (CVE) can often feel like a ...

Louis Nyffenegger Sep 2, 2024 · 10 min read

Research Worth Reading Week 35/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Sep 1, 2024 · 1 min read

The Certification Trap

I woke up this morning and saw that yet another certification is now available. You can now be "XYZ" certified! The ...

Louis Nyffenegger Aug 30, 2024 · 6 min read