Behind the Firewall ft. Stu Skove

by Morgan Prost / May 21st, 2026

What happens if your tools get it wrong?

You trust your tools, but what happens when they get it wrong?

While reviewing a newer team member’s finding, our Penetration Tester, Stu noticed a scanner had misidentified a vulnerability as Server-Side Template Injection (SSTI). Through manual testing, he discovered it was a Ruby Code Injection, an error that escalated into full remote command execution (RCE) on the server.

From a web application security perspective, jumping from the front-end to executing code on the underlying operating system is the worst-case scenario.

This critical risk had been mislabeled by automation, but Stu’s experience and attention to detail ensured it didn’t go unnoticed.

That’s what makes our pentesters different: our clear, actionable communication is how we turn findings into real security improvements. 

Tools can scan, but it takes a skilled tester to truly understand what’s beneath the surface.

Recent Editions:

Behind the Firewall ft. Aslan Konsavage

June 3rd, 2026

Read More

Behind the Firewall ft. Jeneil Russell

May 22nd, 2026

Read More

Behind the Firewall ft. Shannon Lane

May 22nd, 2026

Read More

Behind the Firewall ft. Kyle Pardue

May 22nd, 2026

Read More

Behind the Firewall ft. Randy Bartels

May 22nd, 2026

Read More