WEBINAR
Join us to explore what 10 years of data tells us about real risks during the State of Pentesting 2025 webinar.
WEBINAR
Join us to explore what 10 years of data tells us about real risks during the State of Pentesting 2025 webinar.

Busra Demir

Busra is a former Lead Cobalt Core Pentester with a passion for offensive security research, capture the flag exercises, and certifications. She has currently completed her OSCE, OSCP, and OSWP certifications.

Anatomy of the Session Management Tests

Note: This article has been created in light of the OWASP standards and descriptions.
Cobalt Core Pentester Guides
Mar 19, 2021
Est Read Time: 6 min
Read more
Pentester's Guide to File Inclusion cover image

A Pentester’s Guide to File Inclusion

Read the Pentester’s Guide to File Inclusion for key insights into this common vulnerability.
Cobalt Core Pentester Guides
Feb 19, 2021
Est Read Time: 4 min
Read more
Pentester’s Guide to WebSocket Pentesting cover image

A Pentester’s Guide to WebSocket Pentesting

What is WebSocket Hijacking? As OWASP states, the HTTP protocol only allows one request/response per TCP connection....
Pentester Guides Web Application Pentesting
Feb 5, 2021
Est Read Time: 4 min
Read more
Code injection cover image

A Pentester’s Guide to Code Injection

Learn about code injection vulnerabilities with the Pentester’s Guide to Code Injection.
Cobalt Core Pentester Guides
Jan 8, 2021
Est Read Time: 3 min
Read more
Server side template injection cover image

A Pentester's Guide to Server Side Template Injection (SSTI)

Server-side template injection is a vulnerability where the attacker injects malicious input into a template to execute commands on the server-side.
Cobalt Core Pentester Guides
Dec 24, 2020
Est Read Time: 3 min
Read more

A Pentester’s Guide to Command Injection

Get expert insights with a command injection tutorial with insights from pentesting experts at Cobalt, a Pentest as a Service (PtaaS) provider.
Pentester Guides
Dec 11, 2020
Est Read Time: 3 min
Read more

How to Execute an XML External Entity Injection (XXE)

What's XXE? An XML External Entity vulnerability is a type of attack against an application that parses XML input. This...
Pentester Guides
Nov 26, 2020
Est Read Time: 4 min
Read more

A Pentester’s Guide to Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application...
Pentester Guides
Nov 13, 2020
Est Read Time: 4 min
Read more
A Pentester’s Guide to Cross-Site Scripting (XSS) cover image

A Pentester’s Guide to Cross-Site Scripting (XSS)

Examine a common security vulnerability, Cross-Site Scripting (XSS).
Pentester Guides
Oct 30, 2020
Est Read Time: 8 min
Read more
    1 2