Blog: Rethinking Application Security | Cobalt | Edu Garcia

Platform
- - Cobalt Platform
    
    Modern offensive security platform
  - Dynamic Application Security Testing
    
    Automated application security scanning
  - Pricing
    
    Explore the flexible Cobalt credit model
Services
- - Application Security
    
    Secure your apps without slowing down development
  - Application Pentest
  - Secure Code Review
  - Threat Modeling
  - Network Security
    
    Protect systems and data with offensive security
  - Network Pentest
  - Red Teaming
- - Cloud Security
    
    Secure your cloud infrastructure
  - Brand Protection
    
    Safeguard your reputation
  - Digital Risk Assessment
  - Social Engineering
  - Device Security
    
    Secure your devices from threats
  - Device Hardening
  - IoT Testing
Solutions
- - PtaaS
    
    On-demand Pentesting as a Service
  - Pentest Program Management
    
    Optimize pentesting with proven management
- - Goal-Based Pentest
    
    Simulated attack to test your security defenses
  - Secure SDLC
    
    Develop securely and deploy confidently
  - Offensive Security Program
    
    Minimize risk efficiently and effectively
- - For IT & Information Security Teams
    
    Explore the benefits of an offensive security platform
  - For DevOps Teams
    
    Explore the benefits of continuous security testing
  - Compliance
    
    Comprehensive pentesting for compliance
About
- - About Us
    
    Who we are
  - Leadership
    
    The minds driving our mission forward
  - Cobalt Core
    
    Community of skilled, vetted security experts
  - Partners
    
    Explore Cobalt's partner network
- - Customers
    
    Real customer stories straight from the source
  - Press
    
    Read the latest news at Cobalt
  - Careers
    
    Redefine and reimagine modern offensive security
  - Contact Us
    
    Connect with a team member
- - GigaOm Radar Report
    
    Featured
    
    Download
Resources
- - Resource Library
    
    Rethinking offensive security
  - Blog
    
    Insights from security leaders, pentesters, and developers
- - Events & Webinars
    
    Explore thought-provoking security topics
  - InfoSec Podcast
    
    Explore the stories of cybersecurity experts
- - The OffSec Shift Report 2024
    
    Featured
    
    Download
login
get started

Platform
- - Cobalt Platform
    
    Modern offensive security platform
  - Dynamic Application Security Testing
    
    Automated application security scanning
  - Pricing
    
    Explore the flexible Cobalt credit model
Services
- - Application Security
    
    Secure your apps without slowing down development
  - Application Pentest
  - Secure Code Review
  - Threat Modeling
  - Network Security
    
    Protect systems and data with offensive security
  - Network Pentest
  - Red Teaming
- - Cloud Security
    
    Secure your cloud infrastructure
  - Brand Protection
    
    Safeguard your reputation
  - Digital Risk Assessment
  - Social Engineering
  - Device Security
    
    Secure your devices from threats
  - Device Hardening
  - IoT Testing
Solutions
- - PtaaS
    
    On-demand Pentesting as a Service
  - Pentest Program Management
    
    Optimize pentesting with proven management
- - Goal-Based Pentest
    
    Simulated attack to test your security defenses
  - Secure SDLC
    
    Develop securely and deploy confidently
  - Offensive Security Program
    
    Minimize risk efficiently and effectively
- - For IT & Information Security Teams
    
    Explore the benefits of an offensive security platform
  - For DevOps Teams
    
    Explore the benefits of continuous security testing
  - Compliance
    
    Comprehensive pentesting for compliance
About
- - About Us
    
    Who we are
  - Leadership
    
    The minds driving our mission forward
  - Cobalt Core
    
    Community of skilled, vetted security experts
  - Partners
    
    Explore Cobalt's partner network
- - Customers
    
    Real customer stories straight from the source
  - Press
    
    Read the latest news at Cobalt
  - Careers
    
    Redefine and reimagine modern offensive security
  - Contact Us
    
    Connect with a team member
- - GigaOm Radar Report
    
    Featured
    
    Download
Resources
- - Resource Library
    
    Rethinking offensive security
  - Blog
    
    Insights from security leaders, pentesters, and developers
- - Events & Webinars
    
    Explore thought-provoking security topics
  - InfoSec Podcast
    
    Explore the stories of cybersecurity experts
- - The OffSec Shift Report 2024
    
    Featured
    
    Download
login
get started

Edu Garcia

Eduardo Garcia is a Security Analyst with more than 15 years of experience performing various computer security projects, including penetration tests (internal and external), web application security, Android apps, and anti-malware research. He currently works as a Cobalt Team Lead and appears in the Bug Bounty hall of fame for important companies like Paypal. He also is the author of the popular Burp Suite extensions, Burp Bounty and Burp Bounty Pro.

Pentest Case Study: OAuth Open Redirect to Account Takeover

Cobalt Pentest Case Study: OAuth Redirect to Account Takeover

Cobalt Core Penteser Edu Garcia recently used an interesting attack method while working on a Cobalt pentest. In this blog, he shares how he did it and provides a solution to the vulnerability.

Pentester Guides Community

Aug 31, 2022

Est Read Time: 3 min