PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...

By Louis Nyffenegger March 10, 2026 · 10 min read

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

Writing a good resume

As a pentester, most clients will judge your work by the quality of your reports. Your resume is the best way ...

Louis Nyffenegger Apr 5, 2017 · 5 min read

PENTESTING CAREER

Advice for new pentesters

We put together some advice for new pentesters; we hope you will like them! Be precise One of the key issues ...

Louis Nyffenegger Mar 27, 2017 · 10 min read

PENTESTING

Scoping a pentest

Scoping is one of the most important parts of a penetration testing engagement as it will determine if you will be ...

Louis Nyffenegger Mar 10, 2017 · 12 min read

PENTESTING

How to keep your pentest team on top of their game

Ensuring that your team stays up-to-date is a hard problem. The security field is always evolving and new vulnerabilities and attacks ...

Louis Nyffenegger Mar 4, 2017 · 2 min read

Code Review PENTESTING

Keeping Notes during a Pentest or Code Review

Keeping notes is one of the key aspects of penetration testing. In this article I’m going to share some information on ...

Louis Nyffenegger Mar 3, 2017 · 4 min read