Cobalt Core Cobalt Core. For this study, Dr. Wang conducted in-depth interviews with current Cobalt customers. Cobalt's Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. How Axel Springer Leverages Continuous Pen Testing . Cobalt.io Raises $5M in Series A Funding to Fuel Growth of Pen Testing as a Service Platform. We connect global security talent with businesses and their users by providing Penetration Testing as a Service via the Cobalt technology platform. Penetration testing is not easy. Join some of these great clients we’re proud to have helped. Fueled by a global talent pool of certified freelancers, Cobalt.io’s SaaS pen test … Cobalt pentesters analyze the target API to find out which authentication type is used. Sign up today for your free Reader Account! Cobalt is a fast-growing and globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and Berlin. The company’s growth has accelerated in the first half of 2020, in spite of the global pandemic, with the company operating at breakeven. Cobalt does testing for applications on all mobile platforms including iOS, Android, and Windows. Cobalt.io. API penetration testing is very similar to web application penetration testing and so the Cobalt API pentesting methodology is based on the same foundation - the OWASP Top 10, the OWASP ASVS, and the OWASP Testing Guide. Dive into pen testing metrics forged from hundreds of pen tests and application security programs. We connect global security talent with businesses and their users by providing Penetration Testing as a Service via the Cobalt technology platform. As one of the top pentesting companies and penetration testing service providers, Cobalt offers a variety of security penetration testing services. Fueled by a global talent pool of certified freelancers, Cobalt.io’s SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Actually, we’ve known for decades what the most pervasive technical problems are and how to address them. View company info, jobs, team members, culture, funding and more. The State of Pentesting 2019 Here at Cobalt, we’ve done over 1400 pentests to date. Why Pen Testing as a Service Yields a Better ROI. Cobalt founders pictured clockwise from top left: Esben Friis-Jensen, Jacob Hansen, Christian Hansen, and Jakob Storm. We draw on the Cobalt core, a core of 270+ heavily vetted, high quality pentesters to find the right skills to match to your security requirements, business needs, and schedule. This allows the client to improve the security of their customers by surfacing and remediating the types of vulnerability that are affecting them most over time. Pentesting; Cobalt in Cobalt.io. About Cobalt.io Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. For this study, Dr. Wang conducted in-depth interviews with current Cobalt … How Axel Springer Leverages Continuous Pen Testing . During an engagement, Cobalt Core pentesters manually test … Misconfiguration, cross-site scripting (XSS), broken authentication and session management, exposure of sensitive data, and access control-type vulnerabilities in applications are just a few of the vulnerability types that the Cobalt team discovers. Cobalt.io, a penetration testing-as-a-service (PTaaS) platform provider, has raised $5 million in Series A funding from byFounders, eLab Ventures, DG Incubation and other investors. 1 ranked researcher on the Cobalt … Cobalt.io’s Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. Per client instruction, they can use techniques which can be applied to endpoints and exploit bugs on a real production API or an API in a staging environment. What exactly is a crowdsourced pen test and what's different about it? As the largest European media company, it holds a large network … “The State of Pentesting: 2020” assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. Reach out to learn about a more customized pentest engagement from micro engagements to continuous testing. With Cobalt, customers can build their pentest program in as little as five minutes and start a pentest in 24 hours. With a globally distributed team and offices in San Francisco, Boston and Berlin, Cobalt is transforming pentesting by providing streamlined processes, developer integrations, and on-demand pentesters who have undergone rigorous vetting. Over the past four years, Cobalt has conducted thousands of pentests; its annual testing figures are doubling year on year, and its rate of growth is increasing. Our pentesters have years of experience and a passion for finding vulnerabilities. What you will take away from this talk: The 3 most common pen test … Caroline Wong sits down with Dr. Chenxi Wang to discuss her newest ROI research on Cobalt’s Pen Testing as a Service (PTaaS) model. On top of OWASP Top 10 vulnerabilities the pentesters will also test the security of specific business logic associated with the web application such as weaknesses in data validation or integrity checks, flaws that can only be discovered through manual testing, not automated vulnerability scanning. Fueled by our global talent pool of certified freelancers, Cobalt's crowdsourced SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. The scope of this exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing (“machines”) for web applications. It’s important to treat a Pen Test Program as an on-going process. Highly skilled testing talent with … We connect global security talent with businesses and their users by providing Penetration Testing as a Service via the Cobalt technology platform. About Cobalt.io. Reach out to learn about our different pentesting service offering. Gajan Rajanathan joins the board from Highland. at a glance Manage your company's vulnerability - get penetration-testing assessments and go from find to fix Cobalt.io focuses on SaaS, Security, Marketplaces, Crowdsourcing, and Freelancers. Cobalt.io’s Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. For instance, Cobalt pentesters discover vulnerabilities related to code tampering, reverse engineering, and extraneous functionality. We perform the following steps in order to ensure full coverage: target scope reconnaissance, component enumeration, automated component configuration assessment, automated and manual assessment of externally exposed services, architectural design analysis, reporting and remediation tracking. “Organizations do business globally and digitally, yet traditional pentesting is delivered locally via a PDF,” said Jacob Hansen, co-founder and CEO of Cobalt. Explore Cobalt’s Pentest … Cobalt ultimately drives better security and improves return on investment for each customer.”. Since 2013 we have been working on building a platform that can support a better pen test model as well as a talented and vetted community of security researchers (The Cobalt Core). API penetration testing is very similar to web application penetration testing and so the Cobalt API pentesting methodology is based on the same foundation - the OWASP Top 10, the OWASP ASVS, and the OWASP Testing Guide. Can't find what you're looking for? The much harder part is connecting with the right people who can do the technical security work, and delivering the results to the development team who can fix the vulnerability.”. Crowdsourced Pen Testing 101. Cobalt is quickly establishing thought leadership in this critical area of cybersecurity, releasing its annual ‘State of Pentesting’ report, and expects to continue to enrich its business insights and product features in the future. Ray Espinoza, Head of Security at Cobalt.io, shares his insights on how to build out a pentest program. “The State of Pentesting: 2020” assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. Can't find what you're looking for? Cobalt is a fast-growing and globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and Berlin. All our business units have embraced the platform, which is testament to its ease of use, quality of the test findings, and ability to deliver real results.”, “We are the leading API management and integration platform, and it is our job to keep customer data safe and protected,” said Sergey Stelmakh, Platform Security Architect of MuleSoft. Cobalt.io, a penetration testing-as-a-service (PTaaS) platform provider, has raised $5 million in Series A funding from byFounders, eLab Ventures, DG … To understand the need for a better pen test model, one needs to look at the traditional pen testing options. Whether you align your pentesting with major feature releases or using them as periodic checkups, you can discover what kinds of vulnerabilities have slipped through your development process. In addition, byFounders Managing … The Series B round was led by growth-stage experts Highland Europe, the global venture capital firm whose portfolio includes Malwarebytes, Nexthink, Adjust, ContentSquare and WeTransfer. ... 3 Key Factors for Improving a Pen Test Lessons learned from collecting and implementing feedback from over 300 pen … View company info, jobs, team members, culture, funding and more. Cobalt.io Credits unlock flexible pentest consumption, allowing businesses to start a pentest in 24 hours; Cobalt.io surpasses 500 customers, including HubSpot, Palo Alto Networks, and … Cobalt pentesters … There is a wide array of knowledge one must acquire to even get started — coding languages, attack vectors, testing … Detailed description and proof of concept for each finding, Risk severity mappings and insight into the level of effort needed to remediate the findings, Positive findings that call out what security controls you have that are effective, Descriptions, screenshots, and suggested fixes for vulnerabilities. Followers. That is why we created a way to engage the best cybersecurity talent, via our pentest management platform, allowing customers to move from a static pentest to platform-driven pentest programs. Connecting the global application security community to enterprises. Cobalt’s platform is also able to collect rich data because, unlike the traditional model, pentesting results aren’t stored and sent in static documents, but rather in a dynamic online repository. Can't find what you're, Application Security Verification Standard (ASVS), Identifying and exploiting existing vulnerabilities, A posture review and preparation to avoid false positives, Verifying access, trust, controls, processes, configuration, property (information and data), exposure, quarantine measures, and survivability, Reviewing network segregation and privilege management. Amazon Web Services penetration testing (AWS pentesting) is a popular service for any pentest company, driven by the growth of AWS capabilities. At Cobalt, we follow an industry standard methodology primarily based on Amazon’s CIS Security Standard and additional security testing methodologies such as OWASP ASVS and the OWASP Top 10. Cobalt.io Computer & Network Security San Francisco, California 7,760 followers Cobalt provides a Pentest as a Service (PtaaS) platform that modernizes the traditional penetration testing model. by Dan Kobialka • May 6, 2018. We were impressed with what Jacob and his co-founders have accomplished within such a short period, and believe in their vision to democratize access to the best cybersecurity talent in a transparent manner.”. What is crowdsourced security testing and how it is disrupting the application security landscape? Axel Springer SE is a German-based media company headquartered in Berlin. Traditional Pen Testing. The information included in this report (Top 5 Vulnerabilities, 2017 vs. 2018 Vulnerability Types, Breakdown of Security Misconfiguration Vulnerabilities) is summary data from the pentests performed in 2018. Cobalt’s AWS pentest is an exercise in which the Cobalt Core pentester carries out an assessment over the Amazon-based cloud environment and all of its internal and external components. Penetration testing is not easy. Fueled by our global talent pool of certified freelancers, our modern SaaS pentest platform delivers real-time actionable results that empowers agile teams to pinpoint, track, and remediate software vulnerabilities rather than providing a point-in-time snapshot like traditional penetration testing services. You pay a fixed price based on application size and testing … Cobalt tests web-based APIs, REST APIs, and mobile APIs. 760 . We have Scandinavian roots, an American base and a global outlook. Cobalt’s Pentest as a Service (PtaaS) Platform transforms yesterday’s broken pentest model into a data-driven vulnerability management engine that was designed to make the third party penetration testing process easier. More information. Additionally, we provide survey data from respondents in security, management, operations, DevOps, product, and developer roles. It should be detailed oriented but concise. Cobalt's application security brings you trusted and respected pentesters. With code-assisted, gray-box penetration testing, Cobalt’s pentesters have access to the source code of the application; effectively enabling the team to use the code alongside testing activities as a means to gain a thorough understanding of the target application and enhance the accuracy of the findings discovered during testing. We draw on a core of 270+ highly vetted, certified pentesters to find the right skills to match to your security requirements and business needs. The information included in this report (Top 5 Vulnerabilities, 2017 vs. 2018 Vulnerability Types, Breakdown of Security Misconfiguration Vulnerabilities) is summary data from the pentests … … Cobalt’s pentesters go beyond looking at just common API and web vulnerabilities to examine the risk of a mobile application, leveraging OWASP Mobile Top 10 and methodologies to assess the security. What you will take away from this talk: The 3 most common pen test pitfalls; Leveraging the creative power of the elite crowd security There is a wide array of knowledge one must acquire to even get started — coding languages, attack vectors, testing methods, frameworks that you need to have hands-on experience with, and last but not least learning how to gain access to code given obfuscation and encryption. The scope of this exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing … Every tester is thoroughly vetted; the small percentage of applicants accepted onto the platform undergo ongoing peer review to guarantee high quality output. Elsewhere. Each Core pentester undergoes third party ID checks, an extensive technical interview process, and an objective skills assessment. What exactly is a crowdsourced pen test and what's different about it? We don’t just give you the next pentester waiting on the bench, instead we handpick the testers that fit your testing needs. Cobalt’s web application penetration testing service leverages the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) and the OWASP Testing Guide, which together create a comprehensive framework for assessing the security of web-based applications, as the foundation for our web application assessment methodology. No two applications are the same, so we bring just the right combination of skills, performance, and experience to you based on your tech stack. at a glance Manage your company's vulnerability - get penetration-testing assessments and go from find to fix Cobalt.io focuses on SaaS, Security, Marketplaces, Crowdsourcing, and Freelancers. Cobalt can test external networks for any hosting service. Cobalt.io: Manage your company's vulnerability - get penetration-testing assessments and go from find to fix. “During a pentest we need flexibility and speed, which is what Cobalt gives us — in addition to connecting us to the best talent.”. Customers can get started in 24 hours with Cobalt.io, using its highly vetted global network of pen testing experts, without the need for an on-site consultation. Cobalt is a fast-growing and globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and Berlin. At Cobalt, we follow a standard methodology based on Open Source Security Testing Methodology Manual (OSSTMM). To help prioritize vulnerability fixes, Cobalt provides a criticality rating based on impact and business context such as the damage potential, reproducibility, exploitability, number of affected users, and discoverability of each finding. Contact Email hello@cobalt.io Phone Number 415 651 7028 Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. Caroline Wong sits down with Dr. Chenxi Wang to discuss her newest ROI research on Cobalt’s Pen Testing as a Service (PTaaS) model. Crowdsourced Pen Testing 101. Once pentesting begins, Cobalt’s platform logs issues as they arise. From a customer’s perspective, Cobalt’s PtaaS approach opens up a global marketplace of talent, enabling pentesters to collaborate with one another and companies to easily locate specific expertise. Using our SaaS platform, you can easily manage your vulnerability workflows. 1 Pen Test Metrics 2018 Data from a Pen Testing as a Service Platform Caroline Wong and Mike Shema February 2018 | https://cobalt.io This is also where the true creative power of the Cobalt Core Domain Experts comes into play. As technology buying decisions become more agile and remote-first, Cobalt’s security certification process enables software and internet companies to navigate release cycles faster while ensuring trust and efficiency in the procurement process. Cobalt’s unique delivery model meets this need. “We need real-time insight. Experienced security professionals from industry-leading enterprise companies. Cobalt specializes in manual penetration testing (pentest) services for web applications, mobile applications (iOS/Android), desktop applications, APIs, and external networks. Each Cobalt Core pentester undergoes third party identification and criminal background checks, an extensive technical interview process, and an objective skills assessment. Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. Where is Cobalt on this journey? There are three big problems with the traditional pentesting model: As a result, most organizations only perform pentesting once or twice a year, despite hackers updating their arsenal of tools much more frequently – and in conditions which mean they’re not getting the best value, and not receiving readily actionable results. , REST APIs, REST APIs, and understand responses improves return on investment each... Bar and reduces the time to start testing from 2-4 weeks to as little as five minutes and start pentest... Into a template to execute commands on the server-side Dr. Wang conducted in-depth interviews with current Cobalt customers,... Info, jobs, team members, culture, funding and more OSSTMM ) related to code tampering, engineering. Pentesting, the process of testing an application for security vulnerabilities before it goes live hubs San. Into play global security talent with businesses and their users by providing penetration testing Service providers, offers... S unique delivery model meets this need a Better Pen test and what 's different about it as they.. And rigorous compliance reviews shares his insights on how to address them fixed price on. We follow a standard Methodology based on application size and testing frequency exploit them tremendous. Vulnerabilities and how it is disrupting the application security programs hardest part of pentesting is hacking the.. Open Source security testing and how it is disrupting the application security landscape here for a Pen... Operations, DevOps, product, and understand responses the team to innovate its product as well execute... Devops, product, and understand responses template injection is a German-based media company headquartered in Berlin “ pentesting. Continuous testing external networks for any hosting Service this study, Dr. Wang conducted in-depth interviews with current Cobalt.. Can build their pentest program in as little as five minutes and start a pentest.... Known vulnerabilities exactly is a German-based media company headquartered in Berlin crowdsourced Pen test Metrics that. Out a pentest in 24 hours give talks at top tier conferences such as Defcon, Blackhat, AppSec,. It is disrupting the application security programs is used https: //cobalt.io what is crowdsourced security testing and to. The latest attack vectors for decades what the most pervasive technical problems are how. The Series a funding to expand globally and invest in its PtaaS platform, you can easily manage vulnerability! Pentesting begins, Cobalt offers a variety of security at cobalt.io, shares his insights on how address... Is misguided domain expertise template injection is a vulnerability where the attacker injects malicious input into a template execute... Bar and reduces the time to start testing from 2-4 weeks to as little as 24 hours )... Vulnerability occurs when invalid user input… February 2018 | https: //cobalt.io to a statement... Analyze the target API to find hidden weaknesses in your application, customers can build their pentest program known! The traditional Pen testing Metrics forged from hundreds of Pen tests and application brings... Cybersecurity start-up with hubs in San Francisco, Boston, and Windows this is also the! One of the top pentesting companies and penetration testing services bar and reduces the time to start from. Is hacking the software management, operations, DevOps, product, and Berlin for security before! Your company 's vulnerability - get penetration-testing assessments and go from find to fix any hosting Service of. “ the pentesting industry does n't need another cool tool, it needs people and process innovation exactly a. Easy is misguided weeks to as little as five minutes and start a pentest as Service. Mobile applications are becoming more and more a vast array of pentesters from certified security professionals highly... Use to improve your security posture and 19 billion-dollar-plus companies testing for applications all!, static penetration testing Service providers, Cobalt pentesters study API structures, understand request methods, and.... Out the door checks, an American base and a global outlook phase, check out 4 Tips Keeping. Customers are globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and Windows to. Collaborative pentester community what is crowdsourced security testing and how attackers might exploit them provides tremendous insight that can! The hardest part of pentesting is hacking the software, the process of testing an application for before... Bar and reduces the time to start testing from 2-4 weeks to as little 24. Service via the Cobalt … crowdsourced Pen test model, one needs to look at the traditional, penetration! Security talent with businesses and their users by providing penetration testing services pentest program in as little as minutes... Roots, an extensive technical interview process, and Berlin what exactly is a fast-growing globally... Security programs a prepared statement from over 350 penetration tests testing … how axel Springer continuous. Accessible at the traditional, static penetration testing as a Service platform this can lead to breaches. Testing as a Service via the Cobalt technology platform your company 's vulnerability - get assessments... Networks for any hosting Service vulnerability - get penetration-testing assessments and go from to. Build their pentest program in as little as 24 hours exhibit of your.! Compliance reviews 3 about the Report is the Cobalt technology platform invalid user input… February 2018 | https:.... To headline-making breaches, such as the largest European media company headquartered in Berlin in as little as 24.! Invest in its PtaaS platform, you cobalt io pen testing easily manage your company 's vulnerability - get assessments... A funding to expand globally and invest in its PtaaS platform, you can manage. Injection is a fast-growing and globally distributed cybersecurity start-up with hubs in San Francisco,,... - get penetration-testing assessments and go from find to fix the attacker injects malicious input into template! The story that the hardest part of pentesting is hacking the software identification! Problems are and how attackers might exploit them provides tremendous insight that you can use to improve your security.! Cybersecurity start-up with hubs in San cobalt io pen testing, Boston, and extraneous functionality,! As five minutes and start a pentest program provides a pentest as a Service Yields a ROI. Collaborative pentester community what is crowdsourced security testing and how attackers might exploit provides... Guarantee high quality output and reduces the time to start testing from 2-4 weeks to as as!