Critical Thinking - Bug Bounty Podcast Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research
41 snips
Sep 11, 2025 James Kettle, Head of Research at PortSwigger and expert in web security, shares insights on critical vulnerabilities and innovations in the field. He discusses the complexities of HTTP, expressing why he believes HTTP/1.1 should be phased out. Kettle explores strategies to prevent burnout in research, emphasizing the balance between autonomy and team dynamics. The conversation also highlights the evolving role of AI in web security and the importance of clear objectives for effective vulnerability research.
AI Snips
Chapters
Transcript
Episode notes
Clarify Research Objectives First
- Define your research goal clearly (e.g., inspire, enable builds, or publish novel techniques) before choosing methods.
- Tailor effort and publishing strategy to that objective.
Publish Small, Frequent Research Notes
- Publish small writeups and tiny tools frequently instead of hoarding long whitepapers.
- Short posts accumulate visibility and spark collaborations that pay off later.
Promotion Protects Research Credit
- James' early host‑header research was reposted by a larger company without attribution and outranked his original post.
- He learned to aggressively promote his work to retain credit and visibility.