Try Now
Get hands on with Cobalt's PtaaS Platform

Busra Demir

Busra is a Lead Cobalt Core Pentester with a passion for offensive security research, CTFs, and certifications. She has currently completed her OSCE, OSCP, and OSWP certifications.

Anatomy of the Session Management Tests

Note: This article has been created in light of the OWASP standards and descriptions.
Mar 19, 2021
Est Read Time: 6 min

A Pentester’s Guide to File Inclusion

Read the Pentester’s Guide to File Inclusion for key insights into this common vulnerability.
Feb 19, 2021
Est Read Time: 4 min

A Pentester’s Guide to WebSocket Pentesting

What is WebSocket Hijacking? As OWASP states, the HTTP protocol only allows one request/response per TCP connection....
Feb 5, 2021
Est Read Time: 4 min

A Pentester’s Guide to Code Injection

Learn about code injection vulnerabilities with the Pentester’s Guide to Code Injection.
Jan 8, 2021
Est Read Time: 4 min

A Pentester's Guide to Server Side Template Injection (SSTI)

Server-side template injection is a vulnerability where the attacker injects malicious input into a template to execute commands on the server-side.
Dec 24, 2020
Est Read Time: 3 min

A Pentester’s Guide to Command Injection

Get expert insights with a command injection tutorial with insights from pentesting experts at Cobalt, a Pentest as a Service (PtaaS) provider.
Dec 11, 2020
Est Read Time: 3 min

How to Execute an XML External Entity Injection (XXE)

What's XXE? An XML External Entity vulnerability is a type of attack against an application that parses XML input. This...
Nov 26, 2020
Est Read Time: 4 min

A Pentester’s Guide to Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application...
Nov 13, 2020
Est Read Time: 4 min

A Pentester’s Guide to Cross-Site Scripting (XSS)

Examine a common security vulnerability, Cross-Site Scripting (XSS).
Oct 30, 2020
Est Read Time: 8 min
    1 2