NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Pentester Guides (4)

All you need to know about JWT Pt. 2

Did you read our introductory blog on JSON tokens in November? Now time for a deeper dive into JSON Web Tokens, aka JWT. Core Pentester Ninad Mathpati expands on all things JWT.
Dec 26, 2022
Est Read Time: 13 min

Steampipe: Monitor Your Cloud Resources

Are you working in the cloud? If so, you can use an open-source tool named Steampipe to monitor your cloud infrastructure using SQL. One of Cobalt's Core Pentesters walks us through how Steampipe works in our latest Pentester Guide.
Dec 21, 2022
Est Read Time: 8 min

Introduction to Command Injection Vulnerability

We've covered code injection attacks in recent blogs, but do you happen to know about command injection attacks? Core Pentester Harsh Bothra walks us through the differences and covers all you need to know to protect yourself against command injection attacks.
Dec 14, 2022
Est Read Time: 8 min

Hunting for Broken Link Hijacking (BLH)

How often are you checking to ensure there are no broken links on your webpage? If you aren't checking, attackers could be taking advantage using a broken link hijacking attack. Core Pentester Harsh Bothra writes about what scenarios to watch out for.
Dec 7, 2022
Est Read Time: 4 min

JSON Web Tokens

JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. With the rise of JWT, Core Pentester Saad Nasir gives an introduction to the new security token.
Dec 5, 2022
Est Read Time: 9 min

Introduction to Serverless Vulnerabilities

Core Pentester Harsh Bothra introduces us to serverless vulnerabilities. He reviews the top 10 vulnerabilities and concludes with how to remediate them.
Nov 23, 2022
Est Read Time: 6 min

Red Teaming vs. Pentesting

Core Pentester Saad Nasir writes about what the difference between red teaming and pentesting is based on his own experiences. Saad is a Pentester in Cobalt's Core and on the Red Team at SolarWinds.
Nov 21, 2022
Est Read Time: 2 min

PtaaS Roadshow Recap: Into the Hacker’s Mind

Cobalt Core members Vanessa Sauter, Derek Carlin, and Andreea Cristina Druga share insights on how to prepare for a pentest, what tools they use to stress test your assets, and the steps they take to check what vulnerabilities you’re susceptible to.
Nov 18, 2022
Est Read Time: 5 min

Common Vulnerabilities in NodeJS Applications

Node.js is an open-source and cross-platform JavaScript runtime environment. Today we are going to look at 3 different vulnerabilities by analyzing the source code of an application and how you can detect and exploit them. 
Nov 18, 2022
Est Read Time: 7 min
    2 3 4 5 6