PROMO
Limited Time: Get 40% Off a Comprehensive Pentest for AI and LLM Applications
Get The Offer
PROMO
Limited Time: Get 40% Off a Comprehensive Pentest for AI and LLM Applications
Get The Offer

Pentester Guides (4)

See all content

OAuth Vulnerabilites Pt. 2

March 20, 2023
Est Read Time: 10 min
OAuth is a widely-used protocol that enables users to authorize third-party applications to access their data from other services, such as social media or cloud storage. However, like any technology, OAuth is not immune to vulnerabilities. This is Pt. 2 of a two-part series by Core Pentester Shubham Chaskar.
Read more
Cobalt Core Pentester Guides

Active Directory Series: Active Directory Fundamentals

March 13, 2023
Est Read Time: 12 min
Active Directory is a Microsoft service that provides centralized management of user accounts, devices, and access to resources in a networked environment. It allows IT professionals to create and manage users, groups, computers, and other resources on a network, and control access to those resources based on policies and permissions.
Read more
Cobalt Core Pentester Guides

Pentester’s Guide to XPATH Injection

February 27, 2023
Est Read Time: 6 min
XPath is a powerful language used to query and manipulate XML documents. It allows you to extract data, transform XML documents, query large datasets, and modify the structure and content of XML documents. XPath injection attacks occur when an attacker manipulates XPath statements to gain unauthorized access to sensitive data.
Read more
Cobalt Core Pentester Guides
Introduction to Chrome Browser Extension Security Testing cover image

Introduction to Chrome Browser Extension Security Testing

February 20, 2023
Est Read Time: 13 min
Browser extensions are software components that enhance the functionality of existing programs, specifically web browsers by modifying the user interface and interaction with websites, allowing users to customize their browsing experience. However, they also pose a security risk as they interact directly with untrusted web content and have vulnerabilities that malicious website operators and network attackers can exploit. This blog highlights the importance of Chrome browser extension security, permissions, testing for vulnerabilities, real-time attack scenarios, and mitigation methods.
Read more
Cobalt Core Pentester Guides

Introduction to LDAP Injection Attack

February 13, 2023
Est Read Time: 7 min
LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and managing directory services over a network. LDAP injection is a type of attack that targets vulnerabilities in implementations of the LDAP. Core Pentester Harsh Bothra shows us how an attacker does this injection and how to protect against it.
Read more
Cobalt Core Pentester Guides

Risks of Open-Source Software

February 8, 2023
Est Read Time: 8 min
This article provides an overview of what open-source software is and its history. Core Pentester Ninad Mathpati explains that open-source software is any program whose source code is made available for use or modification and is developed as a public, open collaboration.
Read more
Pentester Guides

API Security Best Practices

February 3, 2023
Est Read Time: 4 min
As the devices providing Internet access increase daily, the traditional Monolith architecture has been replaced by the Microservice architecture due to the advantages such as scalability, faster deployment, ease of management, and many more. Core Pentester Orhan Yildirim shares his best practices for API Security.
Read more
Pentester Guides API Pentesting
Pentester Insights: Deep Dive in Web Cache Poisoning Attacks

Hacking Web Cache - Deep Dive in Web Cache Poisoning Attacks

January 31, 2023
Est Read Time: 9 min
Web cache poisoning is an attack where an attacker takes advantage of flaws in the caching mechanism. They attempt to store an altered and malicious response in the cache entry, forcing the website to serve malicious information to its users.  Core Pentester Harsh Bothra deep dives into these attacks and remediations.
Read more
Cobalt Core Pentester Guides Web Application Pentesting

OAuth Vulnerabilites Pt. 1

January 23, 2023
Est Read Time: 10 min
Welcome to part one of OAuth Vulnerabilities. Core Pentester Shubham Chaskar overviews Oauth, commonly used grant types, entities, misconfiguration, and more.
Read more
Pentester Guides
    2 3 4 5 6
    RSS