PentesterLab's Blog: Insights, weekly research highlights, and deep dives into web security, code review, and pentesting.

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...

By Louis Nyffenegger March 10, 2026 · 10 min read

Filter: All Research APPSEC AuthZ CAREER Code Review Insight JWT PENTESTING

CAREER PENTESTING

Pentester vs. Security Researcher: Skills, Career Paths, and What to Expect

The Perceived HierarchyIn the world of offensive security, many people view security research as the ultimate goal, a prestigious badge of ...

Louis Nyffenegger Apr 24, 2025 · 4 min read

APPSEC

Do You Care About Exploitability?

When reviewing code, you often uncover problematic patterns or weaknesses. Unfortunately, discovering something concerning doesn't automatically mean you have found an ...

Louis Nyffenegger Apr 19, 2025 · 4 min read

Research Worth Reading Week 14/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Apr 6, 2025 · 0 min read

Research Worth Reading Week 13/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Mar 30, 2025 · 1 min read

JWT

The State of JWT Libraries on JWT.io: A Security Concern

JWT.io is widely known among developers for its convenient JWT debugger and its curated list of libraries supporting JSON Web Tokens ...

Louis Nyffenegger Mar 28, 2025 · 4 min read

Research Worth Reading Week 12/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Mar 23, 2025 · 2 min read

Research Worth Reading Week 11/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Mar 16, 2025 · 1 min read

Code Review

Introduction to Secure Code Review

Secure code review is a fundamental practice in software security, aimed at identifying vulnerabilities, weaknesses, or areas for security improvement directly ...

Louis Nyffenegger Mar 12, 2025 · 9 min read

Research Worth Reading Week 10/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Mar 9, 2025 · 1 min read

Vulnerabilities Are Cattle, Not Pets

For years, organizations have relied on CVSS to assess and prioritize vulnerabilities. The framework was built by incredibly smart people, and ...

Louis Nyffenegger Feb 25, 2025 · 7 min read

Code Review

How AI-Generated Code Is Changing Secure Code Review

I’ve been thinking a lot about AI-generated code lately—and the impact it has and will continue to have on security code ...

Louis Nyffenegger Feb 24, 2025 · 6 min read

Research Worth Reading Week 08/2025

h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...

PentesterLab Feb 23, 2025 · 1 min read