NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Busra Demir

Busra is a former Lead Cobalt Core Pentester with a passion for offensive security research, capture the flag exercises, and certifications. She has currently completed her OSCE, OSCP, and OSWP certifications.

Anatomy of the Session Management Tests

Note: This article has been created in light of the OWASP standards and descriptions.
Cobalt Core Pentester Guides
Mar 19, 2021
Est Read Time: 6 min
Read more
Pentester's Guide to File Inclusion cover image

A Pentester’s Guide to File Inclusion

Read the Pentester’s Guide to File Inclusion for key insights into this common vulnerability.
Cobalt Core Pentester Guides
Feb 19, 2021
Est Read Time: 4 min
Read more
Pentester’s Guide to WebSocket Pentesting cover image

A Pentester’s Guide to WebSocket Pentesting

What is WebSocket Hijacking? As OWASP states, the HTTP protocol only allows one request/response per TCP connection....
Pentester Guides
Feb 5, 2021
Est Read Time: 4 min
Read more
Code injection cover image

A Pentester’s Guide to Code Injection

Learn about code injection vulnerabilities with the Pentester’s Guide to Code Injection.
Cobalt Core Pentester Guides
Jan 8, 2021
Est Read Time: 3 min
Read more
Server side template injection cover image

A Pentester's Guide to Server Side Template Injection (SSTI)

Server-side template injection is a vulnerability where the attacker injects malicious input into a template to execute commands on the server-side.
Cobalt Core Pentester Guides
Dec 24, 2020
Est Read Time: 3 min
Read more

A Pentester’s Guide to Command Injection

Get expert insights with a command injection tutorial with insights from pentesting experts at Cobalt, a Pentest as a Service (PtaaS) provider.
Pentester Guides
Dec 11, 2020
Est Read Time: 3 min
Read more

How to Execute an XML External Entity Injection (XXE)

What's XXE? An XML External Entity vulnerability is a type of attack against an application that parses XML input. This...
Pentester Guides
Nov 26, 2020
Est Read Time: 4 min
Read more

A Pentester’s Guide to Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application...
Pentester Guides
Nov 13, 2020
Est Read Time: 4 min
Read more
A Pentester’s Guide to Cross-Site Scripting (XSS) cover image

A Pentester’s Guide to Cross-Site Scripting (XSS)

Examine a common security vulnerability, Cross-Site Scripting (XSS).
Pentester Guides
Oct 30, 2020
Est Read Time: 8 min
Read more
    1 2