NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
Get a demo
Platform
Cobalt Platform
Modern offensive security platform
Dynamic Application Security Testing
Automated application security scanning
Pricing
Explore the flexible Cobalt credit model
Services
Application Security
Secure your apps without slowing down development
Application Pentest
Secure Code Review
Threat Modeling
Network Security
Protect systems and data with offensive security
Network Pentest
Red Teaming
Cloud Security
Secure your cloud infrastructure
Brand Protection
Safeguard your reputation
Digital Risk Assessment
Social Engineering
Device Security
Secure your devices from threats
Device Hardening
IoT Testing
Solutions
PtaaS
On-demand Pentesting as a Service
Pentest Program Management
Optimize pentesting with proven management
Goal-Based Pentest
Simulated attack to test your security defenses
Secure SDLC
Develop securely and deploy confidently
Offensive Security Program
Minimize risk efficiently and effectively
For IT & Information Security Teams
Explore the benefits of an offensive security platform
For DevOps Teams
Explore the benefits of continuous security testing
Compliance
Comprehensive pentesting for compliance
About
About Us
Who we are
Leadership
The minds driving our mission forward
Cobalt Core
Community of skilled, vetted security experts
Partners
Explore Cobalt's partner network
Customers
Real customer stories straight from the source
Press
Read the latest news at Cobalt
Careers
Redefine and reimagine modern offensive security
Contact Us
Connect with a team member
GigaOm Radar Report
Featured
Download
Resources
Resource Library
Rethinking offensive security
Blog
Insights from security leaders, pentesters, and developers
Events & Webinars
Explore thought-provoking security topics
InfoSec Podcast
Explore the stories of cybersecurity experts
The OffSec Shift Report 2024
Featured
Download
login
get started
Explore benefits
Platform
Cobalt Platform
Modern offensive security platform
Dynamic Application Security Testing
Automated application security scanning
Pricing
Explore the flexible Cobalt credit model
Services
Application Security
Secure your apps without slowing down development
Application Pentest
Secure Code Review
Threat Modeling
Network Security
Protect systems and data with offensive security
Network Pentest
Red Teaming
Cloud Security
Secure your cloud infrastructure
Brand Protection
Safeguard your reputation
Digital Risk Assessment
Social Engineering
Device Security
Secure your devices from threats
Device Hardening
IoT Testing
Solutions
PtaaS
On-demand Pentesting as a Service
Pentest Program Management
Optimize pentesting with proven management
Goal-Based Pentest
Simulated attack to test your security defenses
Secure SDLC
Develop securely and deploy confidently
Offensive Security Program
Minimize risk efficiently and effectively
For IT & Information Security Teams
Explore the benefits of an offensive security platform
For DevOps Teams
Explore the benefits of continuous security testing
Compliance
Comprehensive pentesting for compliance
About
About Us
Who we are
Leadership
The minds driving our mission forward
Cobalt Core
Community of skilled, vetted security experts
Partners
Explore Cobalt's partner network
Customers
Real customer stories straight from the source
Press
Read the latest news at Cobalt
Careers
Redefine and reimagine modern offensive security
Contact Us
Connect with a team member
GigaOm Radar Report
Featured
Download
Resources
Resource Library
Rethinking offensive security
Blog
Insights from security leaders, pentesters, and developers
Events & Webinars
Explore thought-provoking security topics
InfoSec Podcast
Explore the stories of cybersecurity experts
The OffSec Shift Report 2024
Featured
Download
login
get started
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
Get a demo
Pentester Guides (8)
Filter by Topic
Agile Pentesting
Cobalt Core
Community
Compliance
Cybersecurity Insights
Cybersecurity Services
DevSecOps
Industry Breakdowns
Life at Cobalt
LLM Security
Modernizing Pentesting
NEWS
Partners
Pentester Guides
Pentester Stories
Product Updates
A Pentester’s Guide to WebSocket Pentesting
What is WebSocket Hijacking? As OWASP states, the HTTP protocol only allows one request/response per TCP connection....
Pentester Guides
Feb 5, 2021
Est Read Time: 4 min
Read more
Bypassing the Protections — MFA Bypass Techniques for the Win
Multi-Factor Authentication (MFA) often known as Two-Factor Authentication (2FA) is an added layer of protection added...
Pentester Guides
Jan 27, 2021
Est Read Time: 6 min
Read more
A Pentester’s Guide to Code Injection
Learn about code injection vulnerabilities with the Pentester’s Guide to Code Injection.
Cobalt Core
Pentester Guides
Jan 8, 2021
Est Read Time: 3 min
Read more
A Pentester's Guide to Server Side Template Injection (SSTI)
Server-side template injection is a vulnerability where the attacker injects malicious input into a template to execute commands on the server-side.
Cobalt Core
Pentester Guides
Dec 24, 2020
Est Read Time: 3 min
Read more
A Pentester’s Guide to Command Injection
Get expert insights with a command injection tutorial with insights from pentesting experts at Cobalt, a Pentest as a Service (PtaaS) provider.
Pentester Guides
Dec 11, 2020
Est Read Time: 3 min
Read more
How to Execute an XML External Entity Injection (XXE)
What's XXE? An XML External Entity vulnerability is a type of attack against an application that parses XML input. This...
Pentester Guides
Nov 26, 2020
Est Read Time: 4 min
Read more
A Pentester’s Guide to Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application...
Pentester Guides
Nov 13, 2020
Est Read Time: 4 min
Read more
A Pentester’s Guide to Cross-Site Scripting (XSS)
Examine a common security vulnerability, Cross-Site Scripting (XSS).
Pentester Guides
Oct 30, 2020
Est Read Time: 8 min
Read more
A Pentester’s Guide to HTTP Request Smuggling
What is HTTP Request Smuggling? HTTP request smuggling is an attack technique that is conducted by interfering with the...
Pentester Guides
Oct 15, 2020
Est Read Time: 9 min
Read more
6
7
8
9
10
.svg){kind=icon}
.svg){kind=icon}
