Learn how Cobalt’s Pentest as a Service (PtaaS) model makes you faster, better, and more efficient.
Learn how Cobalt’s Pentest as a Service (PtaaS) model makes you faster, better, and more efficient.

Harsh Bothra

Harsh Bothra is a Security Engineer with expertise in Web application, API, Android Application, Thick Client, and Network Pentesting. He has over 5 years of experience in Cybersecurity and penetration testing. He has written multiple books on ethical hacking including Mastering Hacking and Hacking: Be a Hacker with Ethics, presented at various security conferences, and is an active bug bounty hunter.

Mass Assignment & APIs - Exploitation in the Wild

APIs have become an integral part of many applications, with REST APIs being a popular choice for implementation. However, this popularity has led to security risks, with OWASP API Top 10 identifying vulnerabilities commonly found in APIs, including mass assignment. Harsh Bothra writes about this in his latest blog.
May 1, 2023
Est Read Time: 6 min

A Pentester’s Guide to Dependency Confusion Attacks

This blog post discusses the concept of "Dependency Confusion" in software development, where malicious code is injected into third-party dependencies, such as libraries or frameworks, that applications use.
Apr 17, 2023
Est Read Time: 7 min

Pentester’s Guide to XPATH Injection

XPath is a powerful language used to query and manipulate XML documents. It allows you to extract data, transform XML documents, query large datasets, and modify the structure and content of XML documents. XPath injection attacks occur when an attacker manipulates XPath statements to gain unauthorized access to sensitive data.
Feb 27, 2023
Est Read Time: 6 min

Introduction to LDAP Injection Attack

LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and managing directory services over a network. LDAP injection is a type of attack that targets vulnerabilities in implementations of the LDAP. Core Pentester Harsh Bothra shows us how an attacker does this injection and how to protect against it.
Feb 13, 2023
Est Read Time: 7 min

Hacking Web Cache - Deep Dive in Web Cache Poisoning Attacks

Web cache poisoning is an attack where an attacker takes advantage of flaws in the caching mechanism. They attempt to store an altered and malicious response in the cache entry, forcing the website to serve malicious information to its users.  Core Pentester Harsh Bothra deep dives into these attacks and remediations.
Jan 31, 2023
Est Read Time: 11 min

A Dive into Client-Side Desync Attacks

A client-side desync, a.k.a CSD, is an attack in which the victim's web browser is tricked into desynchronizing its connection to the vulnerable website. Core Pentester Harsh Bothra takes a look at how attackers can find these vulnerabilities in the wild.
Jan 16, 2023
Est Read Time: 7 min

A Pentester’s Guide to Prototype Pollution Attacks

Core Pentester Harsh Bothra guides us through prototype pollution attacks in his latest blog. This covers a security vulnerability that allows attackers to exploit JavaScript runtimes.
Jan 2, 2023
Est Read Time: 8 min

Introduction to Command Injection Vulnerability

We've covered code injection attacks in recent blogs, but do you happen to know about command injection attacks? Core Pentester Harsh Bothra walks us through the differences and covers all you need to know to protect yourself against command injection attacks.
Dec 14, 2022
Est Read Time: 8 min

Hunting for Broken Link Hijacking (BLH)

How often are you checking to ensure there are no broken links on your webpage? If you aren't checking, attackers could be taking advantage using a broken link hijacking attack. Core Pentester Harsh Bothra writes about what scenarios to watch out for.
Dec 7, 2022
Est Read Time: 4 min
    1 2