GIVEAWAY
Win the ultimate AI security check with a free pentest giveaway!
GIVEAWAY
Win the ultimate AI security check with a free pentest giveaway!

Pentester Guides (2)

See all content

iOS App Pentesting and Security with Real-World Case Studies Part 2

In part 2 of our IOS pentesting series, we will explore two additional case studies. One of them is about a ride-sharing app, and the other is about an E-commerce app. These case studies highlight the risks associated with insecure practices in iOS app development, such as hardcoding credentials and the exploitation of third-party libraries, emphasizing the importance of secure coding, data storage, and access control measures.
Cobalt Core Pentester Guides Mobile Application Pentesting
Jun 26, 2023
Est Read Time: 3 min
Read more

Learning iOS App Pentesting and Security Part 1

This blog is a three-part series focused on iOS app penetration testing. Swaroop Yermalkar, who is a Core Penetration Tester, shares their experiences and knowledge in various types of pentesting, including mobile app security. The blog aims to provide a comprehensive guide to improving knowledge of iOS security and penetration testing methodologies through real-world case studies.
Cobalt Core Pentester Guides Mobile Application Pentesting
Jun 13, 2023
Est Read Time: 5 min
Read more

Video: AWAE/OSWE For Humans

This blog is a personal account from Reando Veshi of preparing for and taking the OSWE (Advanced Web Attacks and Exploitation) exam. Reando shares his experience along with tips that helped him in his journey.
Cobalt Core Pentester Guides
May 30, 2023
Est Read Time: 6 min
Read more

A Pentester's Guide to Source Code Review

This blog post guides how to conduct a source code review project, focusing on advice for those new to the task. The post covers the purpose of a source code review, the process for conducting one, and the information needed to conduct a proper assessment.
Cobalt Core Pentester Guides
May 15, 2023
Est Read Time: 17 min
Read more
Cobalt Core Academy: Thick Client Pentesting with Harsh Bothra cover image

Cobalt Core Academy: Thick Client Pentesting with Harsh Bothra

Learn about thick client pentests in this Cobalt Core Academy with expert insights from Cobalt Lead, Harsh Bothra.
Cobalt Core Pentester Guides
May 5, 2023
Est Read Time: 3 min
Read more

Mass Assignment & APIs - Exploitation in the Wild

APIs have become an integral part of many applications, with REST APIs being a popular choice for implementation. However, this popularity has led to security risks, with OWASP API Top 10 identifying vulnerabilities commonly found in APIs, including mass assignment. Harsh Bothra writes about this in his latest blog.
Cobalt Core Pentester Guides API Pentesting
May 1, 2023
Est Read Time: 6 min
Read more

Exploiting Buffer Overflow Vulnerabilities: A Step-by-Step Guide (Part 2)

Buffer overflow vulnerability happens when data written to a buffer exceeds its size, which may overwrite important data or execute malicious code. Attackers can exploit these vulnerabilities to gain unauthorized access, execute malicious code, or steal sensitive data. This blog will provide an overview of buffer overflow exploitation, including its causes, consequences, and the methods attackers use to exploit it. It's important to understand the basics before diving into exploitation and steps of buffer overflow.
Cobalt Core Pentester Guides
Apr 24, 2023
Est Read Time: 18 min
Read more

A Pentester’s Guide to Dependency Confusion Attacks

This blog post discusses the concept of "Dependency Confusion" in software development, where malicious code is injected into third-party dependencies, such as libraries or frameworks, that applications use.
Cobalt Core Pentester Guides
Apr 17, 2023
Est Read Time: 7 min
Read more

CSRF & Bypasses

This article discusses Cross-Site Request Forgery (CSRF) attacks, a web security vulnerability where an attacker tricks an authenticated website user into performing an unwanted action, such as transferring funds or changing their email address, by exploiting the user's browser cookies. The article explains how CSRF attacks work and how attackers can bypass CSRF token validation to exploit vulnerabilities in web applications. It also discusses several techniques that can be used to bypass CSRF defense, including removing the referer header, bypassing the regex, and using different Content-Type values.
Cobalt Core Pentester Guides
Apr 10, 2023
Est Read Time: 8 min
Read more
    1 2 3 4 5