PTAAS EXCHANGE
If you missed the PtaaS Exchange in person, join us virtually to learn how to improve your security program in 2023.

Pentester Guides

Risks of open-source software

This article provides an overview of what open-source software is and its history. Core Pentester Ninad Mathpati explains that open-source software is any program whose source code is made available for use or modification and is developed as a public, open collaboration.
Feb 8, 2023
Est Read Time: 8 min

API Security Best Practices

Technology can be summarized as all the solutions produced to meet any need. As the devices providing Internet access increase daily, the traditional Monolith architecture has been replaced by the Microservice architecture due to the advantages such as scalability, faster deployment, ease of management, and many more. Core Pentester Orhan Yildirim shares his best practices for API Security.
Feb 3, 2023
Est Read Time: 3 min

Hacking Web Cache - Deep Dive in Web Cache Poisoning Attacks

Web cache poisoning is an attack where an attacker takes advantage of flaws in the caching mechanism. They attempt to store an altered and malicious response in the cache entry, forcing the website to serve malicious information to its users.  Core Pentester Harsh Bothra deep dives into these attacks and remediations.
Jan 31, 2023
Est Read Time: 11 min

OAuth Vulnerabilites Pt. 1

Welcome to part one of OAuth Vulnerabilities. Core Pentester Shubham Chaskar overviews Oauth, commonly used grant types, entities, misconfiguration, and more.
Jan 23, 2023
Est Read Time: 10 min

A Dive into Client-Side Desync Attacks

A client-side desync, a.k.a CSD, is an attack in which the victim's web browser is tricked into desynchronizing its connection to the vulnerable website. Core Pentester Harsh Bothra takes a look at how attackers can find these vulnerabilities in the wild.
Jan 16, 2023
Est Read Time: 7 min

Deep Dive into GraphQL Pt. 2

Welcome to part two of GraphQL! Core Pentester Michael Adcock tackles our newest deep dive into the open-source data query.
Jan 9, 2023
Est Read Time: 6 min

A Pentester’s Guide to Prototype Pollution Attacks

Core Pentester Harsh Bothra guides us through prototype pollution attacks in his latest blog. This covers a security vulnerability that allows attackers to exploit JavaScript runtimes.
Jan 2, 2023
Est Read Time: 8 min

All you need to know about JWT Pt. 2

Did you read our introductory blog on JSON tokens in November? Now time for a deeper dive into JSON Web Tokens, aka JWT. Core Pentester Ninad Mathpati expands on all things JWT.
Dec 26, 2022
Est Read Time: 12 min

Steampipe: Monitor Your Cloud Resources

Are you working in the cloud? If so, you can use an open-source tool named Steampipe to monitor your cloud infrastructure using SQL. One of Cobalt's Core Pentesters walks us through how Steampipe works in our latest Pentester Guide.
Dec 21, 2022
Est Read Time: 7 min
    1 2 3 4 5