PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...

By Louis Nyffenegger March 10, 2026 · 10 min read

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

CVE-2019–5418: on WAF bypass and caching

If you follow PentesterLab on Twitter, you probably saw the following tweet: Want to bypass WAF when exploiting CVE-2019-5418 ? curl ...

Louis Nyffenegger Apr 4, 2019 · 3 min read

CVE-2019–5420 and defence-in-depth

In this short article, I’m going to discuss a little bit on the exploitability of CVE-2019–5420. Ruby-on-Rails offers three different environments ...

Louis Nyffenegger Mar 19, 2019 · 4 min read

Interview with a PRO user: Pamela O’Shea

Tell me a bit more about yourself? Current occupation? Aspirations? Twitter? I run my own security business called Shea Information Security ...

PentesterLab Feb 5, 2019 · 6 min read

Should I go to university?

One of the questions I often get asked is whether or not I recommend going to university/engineering school/… or to get ...

Louis Nyffenegger Dec 26, 2018 · 7 min read

Interview with a PRO user — Borja Berastegui

Tell me a bit more about yourself? Current occupation? Aspirations? I’ve been playing with computers for a while now, until I ...

PentesterLab Sep 19, 2018 · 3 min read

Interview with a PRO user — Robert Kluger

Tell me a bit more about yourself? Current occupation? Aspirations? Twitter? I’m Robert Kugler (@robertchrk), a 22 year-old penetration tester & ...

PentesterLab Jul 26, 2018 · 2 min read

Interview with a PRO user — WONG Wai Tuck

Tell me a bit more about yourself? Current occupation? Aspirations? I started using PentesterLab at around 2014. At that point of ...

PentesterLab Jul 9, 2018 · 5 min read

NullCon HackIM 2018 web4 — The fast way?

The HackIM 2018/NullCon CTF just wrapped up. PentesterLab wrote 3 challenges for this CTF: “JWT V” (web4) worth 200 points “JWT ...

Louis Nyffenegger Feb 13, 2018 · 5 min read

PENTESTING CAREER

10 common mistakes aspiring/new pentesters make

At PentesterLab, we have been helping thousands of people become pentesters or better pentesters: with PentesterLab PRO offering for students/individuals/enterprises with ...

Louis Nyffenegger Jan 8, 2018 · 11 min read

The Interview

Since you now have the perfect resume, you probably land some interviews! We decided to put together some advices on how ...

Louis Nyffenegger Jul 22, 2017 · 9 min read

Retesting

One of most common and potentially most painful task you will have to perform as a penetration tester is retesting. If ...

Louis Nyffenegger Jul 11, 2017 · 8 min read

PENTESTING

Use docker for your pentesting labs!

If you are familiar with PentesterLab, you may have looked into our Play XML Entities exercise. Recently, we decided to create ...

Louis Nyffenegger Jun 28, 2017 · 6 min read