WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

Pentester Guides (2)

Browser Security: Same Origin Policy vs CORS, Misconfigurations

This blog guides how to understand and evaluate CORS (Cross-Origin Resource Sharing) misconfigurations. As pentesters,...
Jun 11, 2024
Est Read Time: 12 min

LLMNR Poisoning, NTLM Relay and More

In this article we’ll touch on what are the hash types used in Windows systems, what is the LLMNR protocol, how it...
Jan 31, 2024
Est Read Time: 14 min

Introduction to Secure Code Review

Code is the backbone of modern software applications. Understanding the importance of secure code development is...
Oct 11, 2023
Est Read Time: 5 min

Introduction to Access Control Vulnerabilities

What is Access Control? Access Control plays a pivotal role in performing a penetration test.
Sep 14, 2023
Est Read Time: 8 min

iOS App Pentesting and Security with Real-World Case Studies Part 2

In part 2 of our IOS pentesting series, we will explore two additional case studies. One of them is about a ride-sharing app, and the other is about an E-commerce app. These case studies highlight the risks associated with insecure practices in iOS app development, such as hardcoding credentials and the exploitation of third-party libraries, emphasizing the importance of secure coding, data storage, and access control measures.
Jun 26, 2023
Est Read Time: 3 min

Learning iOS App Pentesting and Security Part 1

This blog is a three-part series focused on iOS app penetration testing. Swaroop Yermalkar, who is a Core Penetration Tester, shares their experiences and knowledge in various types of pentesting, including mobile app security. The blog aims to provide a comprehensive guide to improving knowledge of iOS security and penetration testing methodologies through real-world case studies.
Jun 13, 2023
Est Read Time: 5 min

AWAE/OSWE Preparation and Exam Guide

This blog is a personal account from Reando Veshi of preparing for and taking the OSWE (Advanced Web Attacks and Exploitation) exam. Reando shares his experience along with tips that helped him in his journey.
May 30, 2023
Est Read Time: 9 min

A Pentester's Guide to Source Code Review

This blog post guides how to conduct a source code review project, focusing on advice for those new to the task. The post covers the purpose of a source code review, the process for conducting one, and the information needed to conduct a proper assessment.
May 15, 2023
Est Read Time: 17 min

Cobalt Core Academy: Thick Client Pentesting with Harsh Bothra

Learn about thick client pentests in this Cobalt Core Academy with expert insights from Cobalt Lead, Harsh Bothra.
May 5, 2023
Est Read Time: 3 min
    1 2 3 4 5