PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

Research Worth Reading - Week 18, 2026

🤖 AI threats in the wild: The current state of prompt injections on the web • 🪟 Persistence Atlas: 19 Techniques Nobody Talks About • 😳 Securing GitHub: Wiz Research uncovers RCE in GitHub.com

May 4, 2026

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

Code Review

Secure Coding Training Versus Security Code Review Training

In the field of application security, two crucial types of training often come up: secure coding training and security code review ...

Louis Nyffenegger Aug 29, 2024 · 7 min read

Research Worth Reading Week 34/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Aug 25, 2024 · 1 min read

Code Review

Effective Note-Keeping for Web Security Code Reviews

One of the recurring questions I get during my Web Security Code Review Training is how to keep notes when multiple ...

Louis Nyffenegger Aug 20, 2024 · 11 min read

Research Worth Reading Week 33/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Aug 18, 2024 · 2 min read

Code Review

The Difference between Good and Bad Code Reviewers

Bad code reviewers use grep... well, good code reviewers use grep, but they are good code reviewers! You are probably not ...

Louis Nyffenegger Aug 15, 2024 · 4 min read

Code Review

Spotting Discrepancies in Security Code Reviews

When running our Web Security Code Review Training, I use an analogy on the difference between "They are French" and "They ...

Louis Nyffenegger Aug 12, 2024 · 4 min read

Research Worth Reading Week 32/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Aug 11, 2024 · 1 min read

Good Enough - A look at Golang http.ServeFile

As a security engineer, and like many people in security, I prefer bulletproof solutions to patches that fix only half of ...

Louis Nyffenegger Aug 6, 2024 · 3 min read

Research Worth Reading Week 31/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Aug 4, 2024 · 1 min read

ORM Leak Exploitation Against SQLite

We are currently building our ORM Leak labs and found a quirk worth sharing. The goal of our labs is to ...

Louis Nyffenegger Jul 30, 2024 · 5 min read

Research Worth Reading Week 30/2024

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Jul 29, 2024 · 1 min read

What makes a Language More Secure

When it comes to the security of programming languages, the conversation often revolves around memory safety and typing. These features, while ...

Louis Nyffenegger Jul 26, 2024 · 5 min read