NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Pentester Guides (5)

Source Code Review

Are you checking your new products for vulnerabilities in all capacities? Ninad Mathpati shares what you need to be doing during your Source Code Review and what attackers look for.
Nov 9, 2022
Est Read Time: 11 min

CSP and Bypasses

This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.
Oct 12, 2022
Est Read Time: 9 min

Web Socket Vulnerabilites

WebSockets are an exciting technology that has been gaining traction in the industry. Many companies are using the technology, especially in their real-time services
Sep 27, 2022
Est Read Time: 9 min

Secure Software Best Practices: Protect Against Server-Side Request Forgery

See examples of Server-Side Request Forgery (SSRF) exploitation, and learn how to minimize your risks.
Sep 26, 2022
Est Read Time: 7 min

Secure Software Best Practices: Validate User Input

Protect your systems from bad user input. In this article, we share best practices to validate user input, securely.
Sep 23, 2022
Est Read Time: 6 min

Secure Software Best Practices: Prevent Security Misconfigurations

Configure your software properly to avoid security issues.
Sep 21, 2022
Est Read Time: 4 min

Is your wifi connection secure? How attackers take advantage of public WIFI

Do you connect to public wifi networks when you are out? You might be putting yourself and your data at risk. Core Pentester Orhan Yildirim shares how attackers take advantage of these public networks.
Sep 6, 2022
Est Read Time: 6 min

Cobalt Pentest Case Study: OAuth Redirect to Account Takeover

Cobalt Core Penteser Edu Garcia recently used an interesting attack method while working on a Cobalt pentest. In this blog, he shares how he did it and provides a solution to the vulnerability.
Aug 31, 2022
Est Read Time: 3 min

File Upload Vulnerabilities

This blog aims to demonstrate how applications can be compromised using simple file upload functionalities. Core Pentester Shubham Chaskar will show how to bypass common defense mechanisms and upload web shells.
Aug 24, 2022
Est Read Time: 9 min
    3 4 5 6 7