Web application security continues to evolve, and new vulnerabilities crop up every year. In this episode, Brad and Jordan Natter break down the most notable web app pen test findings from 2025 and what organizations need to know to stay secure.
- Key differences between web application pen testing and external pen testing
- Real-world discovery and exploitation of a spreadsheet upload vulnerability
- The ins and outs of file upload issues, including magic bytes and MIME types
- Why velocity testing and rate limiting are essential for your login and API pages
- Common user enumeration flaws and simple steps to fix them
Blog:Â https://offsec.blog/
Youtube:Â https://www.youtube.com/@cyberthreatpov
Twitter:Â https://x.com/cyberthreatpov
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
Follow Spencer on social ⬇
Spencer’s Links:Â https://go.spenceralessi.com/links