Demo
Discover how Cobalt's PtaaS platform can benefit your business.

Pentester Guides

Introduction to Serverless Vulnerabilities

Core Pentester Harsh Bothra introduces us to serverless vulnerabilities. He reviews the top 10 vulnerabilities and concludes with how to remediate them.
Nov 23, 2022
Est Read Time: 6 min

Red Teaming vs. Pentesting

Core Pentester Saad Nasir writes about what the difference between red teaming and pentesting is based on his own experiences. Saad is a Pentester in Cobalt's Core and on the Red Team at SolarWinds.
Nov 21, 2022
Est Read Time: 2 min

PtaaS Roadshow Recap: Into the Hacker’s Mind

Cobalt Core members Vanessa Sauter, Derek Carlin, and Andreea Cristina Druga share insights on how to prepare for a pentest, what tools they use to stress test your assets, and the steps they take to check what vulnerabilities you’re susceptible to.
Nov 18, 2022
Est Read Time: 5 min

Common Vulnerabilities in NodeJS Applications

Node.js is an open-source and cross-platform JavaScript runtime environment. Today we are going to look at 3 different vulnerabilities by analyzing the source code of an application and how you can detect and exploit them. 
Nov 18, 2022
Est Read Time: 6 min

Source Code Review

Are you checking your new products for vulnerabilities in all capacities? Ninad Mathpati shares what you need to be doing during your Source Code Review and what attackers look for.
Nov 9, 2022
Est Read Time: 10 min

CSP and Bypasses

This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.
Oct 12, 2022
Est Read Time: 9 min

Web Socket Vulnerabilites

WebSockets are an exciting technology that has been gaining traction in the industry. Many companies are using the technology, especially in their real-time services
Sep 27, 2022
Est Read Time: 8 min

Secure Software Best Practices: Protect Against Server-Side Request Forgery

See examples of Server-Side Request Forgery (SSRF) exploitation, and learn how to minimize your risks.
Sep 26, 2022
Est Read Time: 7 min

Secure Software Best Practices: Validate User Input

Protect your systems from bad user input. In this article, we share best practices to validate user input, securely.
Sep 23, 2022
Est Read Time: 6 min
    1 2 3 4 5