PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

Research Worth Reading - Week 18, 2026

🤖 AI threats in the wild: The current state of prompt injections on the web • 🪟 Persistence Atlas: 19 Techniques Nobody Talks About • 😳 Securing GitHub: Wiz Research uncovers RCE in GitHub.com

May 4, 2026

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

PENTESTING CAREER

Demonstrate Your Hacking Skills with N-Day Analysis & Security-Mechanism Deep Dives

TL;DR: You don’t need a fresh 0-day to prove you can hack. Break down existing vulnerabilities and security mechanisms instead. You’ll ...

Louis Nyffenegger Jun 9, 2025 · 5 min read

Research Worth Reading Week 23/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Jun 9, 2025 · 1 min read

PENTESTING

Sharpen Your Recon Skills for Free: Claim Our Free Recon Badge Today

Enumeration is where every great hack starts. Our Recon Badge gives you a realistic playground to master those first, crucial steps ...

PentesterLab Jun 3, 2025 · 5 min read

Research Worth Reading Week 22/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Jun 1, 2025 · 1 min read

Research Worth Reading Week 21/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab May 25, 2025 · 1 min read

Research Worth Reading Week 20/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab May 18, 2025 · 1 min read

Research Worth Reading Week 19/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab May 11, 2025 · 1 min read

JWT

The Ultimate Guide to JWT Vulnerabilities and Attacks (with Exploitation Examples)

JSON Web Tokens (JWTs) are widely used for authentication, authorization, and secure information exchange in modern web applications. They're often used ...

Louis Nyffenegger May 5, 2025 · 33 min read

Research Worth Reading Week 18/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab May 4, 2025 · 1 min read

CAREER PENTESTING

Pentester vs. Security Researcher: Skills, Career Paths, and What to Expect

The Perceived HierarchyIn the world of offensive security, many people view security research as the ultimate goal, a prestigious badge of ...

Louis Nyffenegger Apr 24, 2025 · 4 min read

APPSEC

Do You Care About Exploitability?

When reviewing code, you often uncover problematic patterns or weaknesses. Unfortunately, discovering something concerning doesn't automatically mean you have found an ...

Louis Nyffenegger Apr 19, 2025 · 4 min read

Research Worth Reading Week 14/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Apr 6, 2025 · 0 min read