PTaaS Checklist
Don't just "check the box". Learn 7 factors that will ensure your next pentest is a strategic advantage for your business.
PTaaS Checklist
Don't just "check the box". Learn 7 factors that will ensure your next pentest is a strategic advantage for your business.

Pentester Guides (5)

See all content

A Dive into Client-Side Desync Attacks

A client-side desync, a.k.a CSD, is an attack in which the victim's web browser is tricked into desynchronizing its connection to the vulnerable website. Core Pentester Harsh Bothra takes a look at how attackers can find these vulnerabilities in the wild.
Cobalt Core Pentester Guides
Jan 16, 2023
Est Read Time: 7 min
Read more

Deep Dive into GraphQL Pt. 2

Welcome to part two of GraphQL! Core Pentester Michael Adcock tackles our newest deep dive into the open-source data query.
Pentester Guides API Pentesting
Jan 9, 2023
Est Read Time: 8 min
Read more
A Pentester's Guide to Prototype Solution Attacks

A Pentester’s Guide to Prototype Pollution Attacks

Core Pentester Harsh Bothra guides us through prototype pollution attacks in his latest blog. This covers a security vulnerability that allows attackers to exploit JavaScript runtimes.
Cobalt Core Pentester Guides
Jan 2, 2023
Est Read Time: 8 min
Read more
All you need to know about JWT Pt. 2

All you need to know about JWT Pt. 2

Did you read our introductory blog on JSON tokens in November? Now time for a deeper dive into JSON Web Tokens, aka JWT. Core Pentester Ninad Mathpati expands on all things JWT.
Cobalt Core Pentester Guides
Dec 26, 2022
Est Read Time: 13 min
Read more

Steampipe: Monitor Your Cloud Resources

Are you working in the cloud? If so, you can use an open-source tool named Steampipe to monitor your cloud infrastructure using SQL. One of Cobalt's Core Pentesters walks us through how Steampipe works in our latest Pentester Guide.
Cobalt Core Pentester Guides
Dec 21, 2022
Est Read Time: 8 min
Read more

Introduction to Command Injection Vulnerability

We've covered code injection attacks in recent blogs, but do you happen to know about command injection attacks? Core Pentester Harsh Bothra walks us through the differences and covers all you need to know to protect yourself against command injection attacks.
Cobalt Core Pentester Guides
Dec 14, 2022
Est Read Time: 8 min
Read more
Hunting for Broken Link Hijacking (BLH) cover image

Hunting for Broken Link Hijacking (BLH)

How often are you checking to ensure there are no broken links on your webpage? If you aren't checking, attackers could be taking advantage using a broken link hijacking attack. Core Pentester Harsh Bothra writes about what scenarios to watch out for.
Cobalt Core Pentester Guides
Dec 7, 2022
Est Read Time: 4 min
Read more

Introduction to Serverless Vulnerabilities

Core Pentester Harsh Bothra introduces us to serverless vulnerabilities. He reviews the top 10 vulnerabilities and concludes with how to remediate them.
Cobalt Core Pentester Guides
Nov 23, 2022
Est Read Time: 6 min
Read more
Redteaming vs. Pentesting

Red Teaming vs. Pentesting

Core Pentester Saad Nasir writes about what the difference between red teaming and pentesting is based on his own experiences. Saad is a Pentester in Cobalt's Core and on the Red Team at SolarWinds.
Cobalt Core Pentester Guides
Nov 21, 2022
Est Read Time: 2 min
Read more
    3 4 5 6 7