42 results for "SQL injection"

Next.js security alert - how to attack and fix CVE-2025-29927

A single header bypass can compromise your entire Next.js application. Are you at risk? Find out how to fix CVE-2025-29927.

Author(s)

Iulian Tita

Published at: 24 Mar 2025

Milestones

Year in review: 2024 on Pentest-Tools.com

🚀 2024 was one for the books at Pentest-Tools.com! Here are our customers' favorites and what made our year!

Author(s)

Andra Zaharia

Published at: 24 Dec 2024

web app vulnerability scanners benchmark

Security research

Benchmarking our Website Vulnerability Scanner and 5 others

In February 2024, we set out to compare our Website Vulnerability Scanner against some of the established names in Dynamic Web Application Security Testing, both commercial and open-source: Burp Scanner, Acunetix, Qualys, Rapid7 InsightAppSec, and ZAP.

Author(s)

Alexandru Postolache

Published at: 30 May 2024

Network vulnerability scanners benchmark

Security research

Benchmarking our Network Vulnerability Scanner and 6 others

In January 2024, we decided to evaluate the most used network vulnerability scanners - Nessus Professional, Qualys, Rapid7 Nexpose, Nuclei, OpenVAS, and Nmap vulnerability scripts - including our own, which industry peers can validate independently. Here’s why we did it, what results we got, and how you can verify them (there’s a white paper you can download with access to all the results behind this benchmark).

Author(s)

Daniel Bechenea

Published at: 23 May 2024

Gabrielle Botbol guest for We think we know

We think we know podcast

We think we know you can't attack what you don't understand

Gabrielle isn't just a pentester; she's a powerhouse of knowledge, an advocate for cyber education, and a mentor shaping the future of ethical hacking. With 9+ years of experience in cybersecurity, she focuses on sharing it with her community members through practical and valuable resources. In this episode, we continue to ask the meaningful questions: What makes a great pentester? How can you balance the art of manual testing with the efficiency of automation? What is the unique value that pentesters bring to offensive security? And what can't be commoditized in this craft?

Author(s)

Published at: 26 Mar 2024

We think we know podcast

We think we know what it takes to build hacking tools

Why would someone spend a lot of their time making penetration testing tools? Especially when it takes what it takes to maintain them. Today on We think we know, we're peeling back the layers of offensive security with the enigmatic Panagiotis Chartas, also known by his alias - Telemachus - a nod to his Greek heritage and the strategic depth of his expertise.

Author(s)

Published at: 27 Feb 2024

Hacking tutorials

Mastering the essentials of API security with examples for OWASP Top 10 for APIs

When you hear about API (Application Programming Interface), do you get anxious because you don’t understand it very well? Do you feel like you can’t keep up with new technology? If you do, you’re not alone! Take a deep breath. Take another. Excellent! I’ll help you overcome your API security FOMO. In this guide, you’ll learn: how APIs work how to exploit the most common API vulnerabilities real-life examples of data breaches caused by API security issues API security best practices, and much more!

Author(s)

Kelyan Yesil

Published at: 09 Feb 2024

We think we know podcast

We think we know what it feels like when we do a good job

To deliver meaningful results as a pentester you have to be both patient and persistent. You have to love the process and strive for results for your clients. You also have to go in-depth and cultivate a broader understanding of all the pieces of the puzzle. Today’s guest, Willa Riggins, talks about how “every small piece contributes to the larger picture” in pentesting and explains why “it's about understanding the intricacies and appreciating the craftsmanship."

Author(s)

Published at: 30 Jan 2024

How ChatGPT impacts offensive security pros work

Community wisdom

Offensive security pros share how ChatGPT impacts their work

Could 2024 be a pivotal moment for AI in offensive security? We know it challenges us to explore new ways to simplify our work, but how will penetration testers use ChatGPT as a tool for meaningful change? And, most importantly, which new advancements in this space are worth keeping an eye on?

Author(s)

Kelyan Yesil

Published at: 17 Jan 2024

Security research

Securing your Laravel application: A comprehensive guide

As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application.

Author(s)

Published at: 28 Dec 2023

Security research

Roundcube: exfiltrating emails with CVE-2021-44026

Have you ever asked yourself: what is the half-life of a disclosed vulnerability? When should we stop worrying about it?

Author(s)

Published at: 22 Dec 2023

Milestones

Year in review: 2023 on Pentest-Tools.com

What you're about to see is a blend of worn-out keyboards, stubborn research, gallons of coffee, and a dash of frustration, all catalyzed by listening closely to what you, our customers, really want. Mix all of these and you get more than a product, more than a team that’s growing a company on its own terms.

Author(s)

Andra Zaharia

Published at: 22 Dec 2023

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account