Year in review: 2021 on

Updated at
2021 highlights on

We say this with a dash of irony (because humor keeps us sane) but also with all seriousness, because, all things considered, the good has outweighed the bad for the team in 2021.

Sharing milestones with you has become a bit of a tradition for us and we are thankful for the growing community (35k strong on LinkedIn alone!) that keeps us grounded and focused on what really moves the needle in pentesting.

Whether we’re helping our customers navigate the minefield of high-risk CVEs, building new tools and features that complement your pentesting arsenal, or creating detection and exploitation guides for you to use, we strive to do our best day after day. And we’re thankful to all of our peers who do the same in the vast field that is information security – and far beyond it as well.

Top 3 launches on in 2021

Out of the dozens of improvements we rolled out through our monthly updates this year, three launches stand out:

  • the Sniper Automatic Exploiter tool that mimics real-world exploits and attack techniques to determine the truly vulnerable systems in a fraction of the time compared to manual exploitation;

Ethical vulnerability exploitation is an essential component of the work offensive security specialists do and one of the most challenging aspects it involves.

By harnessing the know-how and skills of our security research team, we can replicate how an attacker would use a high-risk vulnerability and use that sequence in automated, controlled attacks through Sniper.

Sniper essentially gives security pros the ability to move as fast as cybercriminals do and to close security gaps before attackers have a chance to use them to compromise organizations and launch devastating attacks.

Adrian Furtuna, Founder and CEO

  • the Website Vulnerability Scanner we built from scratch, which runs deeper tests with improved accuracy (and zero compromise on speed), and performs in-depth crawling for sensitive information, among other significant upgrades;

  • the Shared Items & Workspaces feature which improves team collaboration and workflow efficiency with easy, flexible access rights based on team roles.

And it’s not just the customer-facing platform that got multiple powerful updates in 2021. We also launched a new website and a brand refresh which came with a full overhaul in terms of performance, accessibility, consistency, and flexibility.

old versus new logo

Top most used pentesting tools in 2021

Out of the 20+ penetration testing tools on the platform, customers from around the world have constantly relied on these 10 to do their job and do it well:

  1. Network Vulnerability Scanner

  2. TCP Port Scanner

  3. Website Vulnerability Scanner

  4. UDP Port Scanner

  5. Find Virtual Hosts

  6. Find Subdomains

  7. Website Recon

  8. SSL/TLS Vulnerability Scanner

  9. Password Auditor

  10. URL Fuzzer

What is interesting is that the top 3 looked a bit different for our community of offensive security specialists on LinkedIn when we asked them to rank their personal favorites. Over 800 people cast their votes and here’s what their pick was:

LinkedIn poll

Top features in 2021

Tools are great, but you know what’s better? Powerful pentesting features that make them work for you and 10X your impact.

That is why we constantly develop and add new features to the platform to chain tools and create thoughtful automation (what we call rocket fuel for pentesters) that serves specific purposes in your workflow.

From the collection of 10+ features on, customers loved used these the most:

Top pentesting guides on the blog in 2021

We didn’t stop at launching and improving tools and features on with every set of monthly updates. We also worked on detection and exploitation guides for penetration testers who use our blog as a source of inspiration for improving their work.

Both evergreen and new guides made it to the top 10 this year, so it might be worth bookmarking this article for your future deep-dives into specific vulnerabilities and their implications:

  1. 5 Practical scenarios for XSS attacks 

  2. Common SQL injection attacks

  3. How to exploit the BlueKeep vulnerability with Metasploit 

  4. Exploiting OGNL Injection in Apache Struts

  5. Inside Nmap, the world’s most famous port scanner

  6. Essential HTTP Headers for Securing Your Web Server

  7. Detect ProxyShell (pre-auth Microsoft Exchange RCE) with

  8. How to exploit the PHAR Deserialization Vulnerability

  9. How to exploit the DotNetNuke Cookie Deserialization

  10. How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)

To top off these in-depth explorations of CVEs that probably every pentester has to deal with in 2021, we’re adding two general guides that help you streamline your workflow in the common types of engagements:

2021 events and community support

The great people in the infosec community have proved instrumental in keeping the tech ecosystem stable through an eventful year. In fact, as you’re reading this, many of them are still dealing with Log4Shell and have done so for the past weeks, day in and day out.

Their commitment to lifelong learning, constant practice and knowledge sharing are an inspiration for us and proof that we chose the right “tribe” to be part of.

Here’s what we did in 2021 to contribute to the common effort of making the world a bit safer and to help educate others in their pursuit to do the same.

Our contribution to the new OWASP Top 10

This year we became an official Corporate member of OWASP, one of the largest and most helpful tech communities out there.

Our mission aligns with OWASP’s goal to strengthen and improve software security around the world. We did our best to contribute our data and expertise to help the creators of the new and refreshed OWASP Top 10, an industry standard that almost every infosec specialist relies on.

Attending Black Hat Europe 2021 in London

Any opportunity to break the routine and connect with you beyond the screen puts us in a good mood. That’s why we were excited to attend Black Hat Europe this year – both in person and online.

Black Hat Europe 2021 was the first event we attended in person since 2019 and it felt great to reconnect with old friends and meet new ones! Plus, our founder and CEO Adrian Furtuna gave the first-ever live hacking demo of Sniper Automatic Exploiter

Pentest Ground: free resource to use

We’ve built a website with deliberately vulnerable apps which you can use without authentication to test your tools and skills. It includes vulnerabilities in technologies such as Node.js, Oracle WebLogic, Redis, Metabase, and more.

DefCamp 2021 – a strong community connection, even online

We almost met in person for DefCamp after it skipped an edition in 2020 (we all know why), but the window of opportunity closed a few weeks before the event was supposed to happen. Since adapting is part of our m.o. in infosec, the DefCamp team pulled together and did their first online edition!

As long-time attendees, we were happy the event happened and how it brought us all together.

A range of presentations had a strong focus on penetration testing and a bunch of great learnings we’ll share with you as soon as the presentation recordings are live. What’s more, Adrian talked about his experience as an entrepreneur in cybersecurity in a panel that had dozens of teachable moments.

All the speakers really committed and brought their best research and insights during the two days, reminding us all why DefCamp is truly a community event. We hope that next year we’ll get to meet IRL for it!

Pentest Ground: free resource to use

We’ve built a website with deliberately vulnerable apps which you can use without authentication to test your tools and skills. It includes vulnerabilities in technologies such as Node.js, Oracle WebLogic, Redis, Metabase, and more. team highlights in 2021

The team at Black Hat Europe 2021

 Adrian Furtuna, Founder & CEO

We are thankful our business has continued to grow and thrive over the past year, in spite of a challenging context everyone is facing on some level.

Our team expanded to keep up with the increasing number of customers, who rely on us as their go-to solution for cloud-based security testing.

We also managed to be on the front lines when critical, widespread vulnerabilities emerged. Our team’s ability to respond fast and help our customers detect them and guide remediation played an instrumental role in promptly reducing the attack surface.

 I’m proud of everyone on the team and grateful for their effort, contribution, and how they continue to support each other and the wider infosec community.

Adrian Furtuna, Founder and CEO

A stronger team that celebrates trust and dedication

The crew doubled in the past year across the board and also specifically expanded with new team members who joined our vulnerability research team.

Daniel Bechenea, Sniper Lead

2021 has been a constant battle to balance following emerging critical CVEs, developing Sniper from the ground up (and constantly improving it), and growing an autonomous team that can develop modules of huge value to our customers.

 From a two-people team at the beginning of the year, we grew into a half a dozen people who are strengthening as a platform for detecting, exploiting, and doing post-exploitation for high-risk vulnerabilities.

 Offering our customers a reliable, effective alternative to Metasploit is a challenge we embraced and are pursuing with passion and commitment.”

Daniel Bechenea, Security Research Lead

Building for you and with you

Building the tools to amplify your best work cannot happen without spending time with customers to understand what they need. Our customer success team did just that and we plan to double down on it in 2022 and beyond. If you want to talk to us, we’re always here to listen and help.

Mihaita Adina, head of Customer Success Engineer

Our customers were mostly curious to explore new, enhanced security testing tools such as Sniper Automatic Exploiter or the new Website Vulnerability Scanner.

 We received a lot of questions and requests about detecting the Log4Shell vulnerability, which made us happy (and proud) to know customers rely on us to give them the tools they need in trying times that test their limits.  

 In 2021, the customer success team focused on being closer to our customers through more in-depth one-on-one conversations where we actively seek feedback to better understand their specific needs. We always feed these learnings into our product development cycle to make the platform better and stronger every day.

Adina Mihaita, Head of Customer Success  

Growing with intention and focus

Robert Tanase, Product Manager grew a lot in 2021 as a product.

 We launched a unique tool in the market – Sniper Auto-Exploiter – which detects and exploits high-risk vulnerabilities automatically.

 We followed that with a feature that supports our customers to work with their teams more effectively: Shared Items & Workspaces. Dedicated notifications for specific workspaces also helped offensive security specialists have a stronger observability over their assets.

The new Website Scanner also brought new capabilities to with its ability to reduce false positives.

 A lot happened below the hood, much of which you can see in the monthly platform updates, but also tons of improvements that aren’t directly visible but play a substantial role in making a reliable arsenal you can always count on.

Robert Tanase, Product Lead

The invisible layer we all depend on

Andrei Pitis, Chairman of the Board

Cybersecurity plays an instrumental part in our daily lives. It makes technology better, helping it contribute to the progress of the human race.

 This might come as a surprise for many people, so here are a few thoughts to sit with.

People don’t ‘see’ cybersecurity. Just as a few other things, like the legal system, the less you notice it, the more useful it is!

 Without cybersecurity, companies wouldn’t be able to have IT systems connected to the Internet. Tech companies would not exist and everyday people wouldn’t be able to have online accounts. The cybersecurity industry also allows governments to store and operate sensitive data in a safe way.

 To defend and protect all this data, we need the skill and expertise of ‘friendly’ attackers – ethical hackers that do professional pentesting.

 In 2021, we at, continued to supply them with the tools they need to do their jobs. Each day they use our tools, they make sure infrastructures companies or governments rely on are safe for the rest of the world to use them.

This is our contribution to making the internet a safer place – allowing people to interact, discover, share, and learn without noticing that cybersecurity is there, as part of their daily lives. 

Andrei Pitis, Chairman of the Board

The right people who make everything better

As we wrap up a difficult but rewarding year, we wanted to say THANK YOU for your trust, for your time, for your feedback, and for your personal dedication to this mission we share!

We are grateful for our team, for our customers, and for everyone who remains kind, generous, and supportive, no matter the challenges they face.

Here’s to a year filled with good people and memorable moments we can share and learn from!

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

I can see your vulns image

Related articles

Suggested articles

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account


© 2013-2024 has a LinkedIn account it's very active on

Join over 45,000 security specialists to discuss career challenges, get pentesting guides and tips, and learn from your peers. Follow us on LinkedIn! has a YouTube account where you can find tutorials and useful videos

Expert pentesters share their best tips on our Youtube channel. Subscribe to get practical penetration testing tutorials and demos to build your own PoCs!

G2 award badge recognized as a Leader in G2’s Spring 2023 Grid® Report for Penetration Testing Software. Discover why security and IT pros worldwide use the platform to streamline their penetration and security testing workflow.

OWASP logo is a Corporate Member of OWASP (The Open Web Application Security Project). We share their mission to use, strengthen, and advocate for secure coding standards into every piece of software we develop.