NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Blog

Thoughts, perspectives, and industry commentary from the Cobalt team.

Compromise Assessment: A Comprehensive Guide

The blog explains the importance of compromise assessments as a crucial step in detecting and responding to security threats in an organization. It highlights the key objectives of conducting a compromise assessment and provides a step-by-step guide from data collection to analysis and reporting. The blog emphasizes the need for ongoing assessments to stay ahead of potential attacks and maintain the security of the organization's assets.
Pentester Guides Community
Mar 6, 2023
Est Read Time: 13 min
Read more
The Life of a Security Bug cover image

The Life of a Bug

With this post I'll present a way to better understand bugs, from their origin until their death. I’ll do this by introducing the idea of a security bug pipeline and Fix-to-Fix framework.
Modernizing Pentesting
Mar 3, 2023
Est Read Time: 5 min
Read more
Decoding the Differences: Black, Gray, and White-Box Pentests

Decoding the Differences: Black, Gray, and White-Box Pentests

Different types of pentesting methods have designated colors with the key differences.
Cybersecurity Insights
Mar 1, 2023
Est Read Time: 6 min
Read more

Security Touchpoints in the Big Data Lifecycle

More and more teams want to access the sensitive data you're managing? Here's a guide on how to keep it secure while enabling the business to innovate.
Cybersecurity Insights
Feb 28, 2023
Est Read Time: 9 min
Read more

Pentester’s Guide to XPATH Injection

XPath is a powerful language used to query and manipulate XML documents. It allows you to extract data, transform XML documents, query large datasets, and modify the structure and content of XML documents. XPath injection attacks occur when an attacker manipulates XPath statements to gain unauthorized access to sensitive data.
Pentester Guides Community
Feb 27, 2023
Est Read Time: 6 min
Read more

Back to Basics: How to Build Resilient Blue Teams

A comprehensive guide on how security teams can keep up with organizational change.
Cybersecurity Insights
Feb 24, 2023
Est Read Time: 11 min
Read more

Pentester Spotlight: Goonjeta Malhotra

“Pentesting allowed me to challenge my skills and knowledge, to think of creative ways to exploit and identify vulnerabilities, and always to find ways to improve security posture." That's what Core Pentester Goonjeta Malhotra said about her journey into pentesting. Learn more about Goonjeta in here Pentester Spotlight.
Pentester Stories Community
Feb 23, 2023
Est Read Time: 2 min
Read more
Introduction to Chrome Browser Extension Security Testing cover image

Introduction to Chrome Browser Extension Security Testing

Browser extensions are software components that enhance the functionality of existing programs, specifically web browsers by modifying the user interface and interaction with websites, allowing users to customize their browsing experience. However, they also pose a security risk as they interact directly with untrusted web content and have vulnerabilities that malicious website operators and network attackers can exploit. This blog highlights the importance of Chrome browser extension security, permissions, testing for vulnerabilities, real-time attack scenarios, and mitigation methods.
Pentester Guides Community
Feb 20, 2023
Est Read Time: 13 min
Read more

Getting Started in Pentesting

Interested in pentesting but don't know where to start? Our Core Pentesters have you covered. Read to hear their tips and advice on how to get started.
Community
Feb 16, 2023
Est Read Time: 4 min
Read more
    11 12 13 14 15

    Always get the latest

    Sign up to get Cobalt insights delivered right to your inbox so you never miss a story.

    More resources

    Learn pentesting best practices, read answers to our most common questions
    and get our technical docs.