FAST TRACK
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.
FAST TRACK
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.

Cobalt’s Code-Assisted Pentests

Learn more about Cobalt's code-assisted pentests.

Pentesters typically perform “black box” or “zero-knowledge” pentests; meaning the they have limited to no prior knowledge about the implementation details of the target application.

With code-assisted, gray-box penetration testing, Cobalt’s pentesters have access to the source code of the application. This effectively enables the team to use the code alongside testing activities as a means to gain a thorough understanding of the target application and enhance the accuracy of the discovered findings. 

The most important aspect of a code-assisted pentest is the deep coverage testing and accuracy of findings. Cobalt’s code-assisted pentest should not be confused with a code review because it only analyzes attack vectors.

From the perspective of Stefan Nicula, Cobalt Core pentester, “In order to prepare for a code-assisted pentest, from the customer’s side, the pentesting team needs as much access as possible to the source code. This includes GitHub sources or sharing the internal codebase. Additionally, the version shared should be the one that’s being actively tested during the project.

We also need to take into account different integrations or plugins that might be interacting with our primary target. If those auxiliary components are considered in scope as well, the team will require access to their code too. Again, one of the primary things required is working access to the repo/codebase.”

From past projects Stefan has worked on with access to the source code, there are some notable findings that are usually hidden in different functionalities but detected easily by leveraging the code:

  1. SQL Injection: a code injection technique that leverages SQL to manipulate the backend database and exfiltrate data.
  2. XXE (XML External Entity): opens the door to attacks against an application’s processing of XML input.
  3. Code Injection: attackers execute malicious code on an application.
  4. Command Injection: attackers complete a series of unplanned commands on a host operating system.
  5. Server-Side Template Injection: commonly found in web applications where an attacker injects malicious input into a template to execute commands on the server-side.

In a code-assisted scenario, pentesters will allocate dedicated resources and time to search through the code-base by following a high-level methodology regarding common vulnerabilities, usage of different potentially dangerous functions, and web server configurations. 

The biggest plus in a code-assisted project is the coverage against injection types of attacks and misconfigurations. By having access to the code base, the pentesting team will always have an advantage which leads to efficiency.

Learn more about Cobalt’s modern pentesting services for security and development teams.

Back to Blog
About Cobalt
Cobalt combines talent and technology to provide end-to-end offensive security solutions that enable organizations to remediate risk across a dynamically changing attack surface. As the innovators of Pentest as a Service (PtaaS), Cobalt empowers businesses to optimize their existing resources, access an on-demand community of trusted security experts, expedite remediation cycles, and share real-time updates and progress with internal teams to mitigate future risk. More By Cobalt
A Pentester's Guide to Server Side Template Injection (SSTI)
Server-side template injection is a vulnerability where the attacker injects malicious input into a template to execute commands on the server-side.
Blog
Dec 24, 2020