Menu Icon
< back to main
Busra Demir

Busra Demir

Busra is a Lead Cobalt Core Pentester with a passion for offensive security research, CTFs, and certifications. She has currently completed her OSCE, OSCP, and OSWP certifications.

 • 5 min read

A Pentester’s Guide to Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

Busra Demir
Busra Demir
Pentester Guides
A Pentester’s Guide to Command Injection
 • 5 min read

A Pentester’s Guide to Command Injection

Get expert insights with a command injection tutorial with insights from pentesting experts at Cobalt, a Pentest as a Service (PtaaS) provider.

A Pentester’s Guide to Cross-Site Scripting (XSS)
 • 7 min read

A Pentester’s Guide to Cross-Site Scripting (XSS)

Examine a common security vulnerability, Cross-Site Scripting (XSS).

Anatomy of the Session Management Tests
 • 8 min read

Anatomy of the Session Management Tests

Busra Demir examines the common security vulnerability tests for Session Management.

A Pentester’s Guide to Code Injection
 • 5 min read

A Pentester’s Guide to Code Injection

Learn about code injection vulnerabilities with the Pentester’s Guide to Code Injection.

A Pentester's Guide to Server Side Template Injection (SSTI)
 • 5 min read

A Pentester's Guide to Server Side Template Injection (SSTI)

Server-side template injection is a vulnerability where the attacker injects malicious input into a template to execute commands on the server-side.

A Pentester’s Guide to File Inclusion
 • 4 min read

A Pentester’s Guide to File Inclusion

Read the Pentester’s Guide to File Inclusion for key insights into this common vulnerability.

How to Execute an XML External Entity Injection (XXE)
 • 4 min read

How to Execute an XML External Entity Injection (XXE)

Learn about situations where XXE can be leveraged to perform server-side request forgery (SSRF) attacks to compromise the underlying server or other back-end infrastructure.

Never miss a story

Stay updated about Cobalt news as it happens