Enhancing Security Posture: Cobalt’s Pentest Results for Metalshub

Recently, Cobalt conducted a thorough penetration test (pentest) of Metalshub to evaluate its risk posture and uncover any security weaknesses that could compromise our data, systems, or reputation.

The pentest, conducted by a team of two experts between Nov 13, 2023, and Nov 27, 2023, focused on assessing our platform’s functionality, business logic, and vulnerabilities. The evaluation encompassed a manual analysis supplemented by tools, targeting vulnerabilities outlined in the OWASP Top 10 and the OWASP Application Security Verification Standard (ASVS).

Upon completion, the pen-testers categorised vulnerabilities based on severity:

• Critical: 0
• High: 0
• Medium: 0
• Low: 2
• Informational: 1

Notably, all low-severity findings were promptly addressed and retested. While critical vulnerabilities were absent, the assessment highlighted areas for improvement, particularly in HTTP response headers and technology exposure.While the assessment did not reveal authentication, command injection, session management, or SQL injection (SQLi) issues, we diligently reviewed reported vulnerabilities for mitigation purposes.

In conclusion, Cobalt’s pentest of Metalshub underscores the importance of continuous security evaluation and improvement in today’s digital landscape. By addressing identified vulnerabilities and implementing robust security measures, we can fortify our defences against evolving cyber threats, safeguarding its data, systems, and reputation.