AppSec research, AppSec talks, open-source penetration testing, AppSec

Breaking, building & documenting web security.

EthanH's personal blog covering application security research.

Read the research → About me

# latest posts

all posts →
Jan 10, 2026 1 min read

Persistence or Snake-oil: Re-achieving Persistent XSS

Boring old XSS During 2025 I was determined to understand what it meant to have persistence within a web environment. This led me down a massive rabbit hole… from navigation …

AppSecResearch #Research#Solutions
Jan 10, 2026 1 min read

TryHackMe NoScope Early Access Partner

Rise of the Pentest Agents I was fortunate enough to be apart of the NoScope pentesting agent early access development program backed by TryHackMe. Regardless of the potential …

AppSecResearch #Research#Solutions
Dec 10, 2024 1 min read

Breaking the Barrier Part 2

The Star Wars Sequel During Bsides Cape Town this year, I was fortunate enough to be a speaker there and had the opportunity to present the outcomes of my initial research that …

AppSecResearch #WAF#Bypasses
Jul 23, 2024 7 min read

Breaking the Barrier: Exploring WAF Bypass Vulnerabilities

Cracking the Shield: WAF Bypass Techniques Unveiled Introduction Web Application Firewalls (WAFs) play a crucial role in safeguarding web applications by filtering and monitoring …

AppSecResearch #WAF#Bypasses
Jul 23, 2024 6 min read

Exploiting the Complex: The WikiJs CSTI Vulnerability

Exploiting the Complex: The WikiJs CSTI Vulnerability Preface In today’s tech landscape, integrating front-end and back-end technologies often necessitates complex systems. …

AppSec #0day#Vue.js#CVE-2024-34710