NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Community (3)

Overflow Vulnerabilities

Overflow vulnerabilities occur when a program or system accepts more data than it can handle, leading to memory corruption and potentially allowing attackers to execute malicious code. Core Pentester Ninad Mathpati writes about these types of vulnerabilities and how to prevent them.
Apr 3, 2023
Est Read Time: 14 min

10 Steps to Secure Your Azure Cloud Environment

The blog discusses ten essential steps to secure your Azure cloud environment, ranging from access management to network security. It emphasizes the use of Azure CLI to implement these best practices and safeguard against potential security threats. The steps include multifactor authentication, compliance standards, encryption, backups, and disaster recovery plans, among others.
Mar 29, 2023
Est Read Time: 11 min

Pentester Spotlight: Herane Malhotra

This month's Pentester Spotlight features Herane Malhotra, a Core Pentester since 2021 and Lead.
Mar 26, 2023
Est Read Time: 2 min

OAuth Vulnerabilites Pt. 2

OAuth is a widely-used protocol that enables users to authorize third-party applications to access their data from other services, such as social media or cloud storage. However, like any technology, OAuth is not immune to vulnerabilities. This is Pt. 2 of a two-part series by Core Pentester Shubham Chaskar.
Mar 20, 2023
Est Read Time: 10 min

Active Directory Series: Active Directory Fundamentals

Active Directory is a Microsoft service that provides centralized management of user accounts, devices, and access to resources in a networked environment. It allows IT professionals to create and manage users, groups, computers, and other resources on a network, and control access to those resources based on policies and permissions.
Mar 13, 2023
Est Read Time: 12 min

Compromise Assessment: A Comprehensive Guide

The blog explains the importance of compromise assessments as a crucial step in detecting and responding to security threats in an organization. It highlights the key objectives of conducting a compromise assessment and provides a step-by-step guide from data collection to analysis and reporting. The blog emphasizes the need for ongoing assessments to stay ahead of potential attacks and maintain the security of the organization's assets.
Mar 6, 2023
Est Read Time: 13 min

Pentester’s Guide to XPATH Injection

XPath is a powerful language used to query and manipulate XML documents. It allows you to extract data, transform XML documents, query large datasets, and modify the structure and content of XML documents. XPath injection attacks occur when an attacker manipulates XPath statements to gain unauthorized access to sensitive data.
Feb 27, 2023
Est Read Time: 6 min

Pentester Spotlight: Goonjeta Malhotra

“Pentesting allowed me to challenge my skills and knowledge, to think of creative ways to exploit and identify vulnerabilities, and always to find ways to improve security posture." That's what Core Pentester Goonjeta Malhotra said about her journey into pentesting. Learn more about Goonjeta in here Pentester Spotlight.
Feb 23, 2023
Est Read Time: 2 min

Introduction to Chrome Browser Extension Security Testing

Browser extensions are software components that enhance the functionality of existing programs, specifically web browsers by modifying the user interface and interaction with websites, allowing users to customize their browsing experience. However, they also pose a security risk as they interact directly with untrusted web content and have vulnerabilities that malicious website operators and network attackers can exploit. This blog highlights the importance of Chrome browser extension security, permissions, testing for vulnerabilities, real-time attack scenarios, and mitigation methods.
Feb 20, 2023
Est Read Time: 13 min
    1 2 3 4 5