at a glance Manage your company's vulnerability - get penetration-testing assessments and go from find to fix Cobalt.io focuses on SaaS, Security, Marketplaces, Crowdsourcing, and Freelancers. What is crowdsourced security testing and how it is disrupting the application security landscape? “During a pentest we need flexibility and speed, which is what Cobalt gives us — in addition to connecting us to the best talent.”. Followers. The much harder part is connecting with the right people who can do the technical security work, and delivering the results to the development team who can fix the vulnerability.”. Can't find what you're, Application Security Verification Standard (ASVS), Identifying and exploiting existing vulnerabilities, A posture review and preparation to avoid false positives, Verifying access, trust, controls, processes, configuration, property (information and data), exposure, quarantine measures, and survivability, Reviewing network segregation and privilege management. 1 Pen Test Metrics 2018 Data from a Pen Testing as a Service Platform Caroline Wong and Mike Shema February 2018 | https://cobalt.io Cobalt’s pentesters go beyond looking at just common API and web vulnerabilities to examine the risk of a mobile application, leveraging OWASP Mobile Top 10 and methodologies to assess the security. It visualizes them on a dashboard and connects seamlessly to development tools such as JIRA, so developers can quickly take action on any breaches and notify pentesters – creating a dynamic, real-time feedback loop. Fueled by a global talent pool of certified freelancers, Cobalt.io’s SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Cobalt’s Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. Axel Springer SE is a German-based media company headquartered in Berlin. Cobalt is a fast-growing and globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and Berlin. Dec 3. Join the world’s most collaborative pentester community What is the Cobalt … Excellent Reporting Skills: The report is the final exhibit of your findings. Cobalt.io, a penetration testing-as-a-service (PTaaS) platform provider, has raised $5 million in Series A funding from byFounders, eLab Ventures, DG … Fueled by our global talent pool of certified freelancers, Cobalt's crowdsourced SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. by Dan Kobialka • May 6, 2018. This runs counter to the increasingly globalized nature of today’s workforce and security community, and prevents pentesters from working in a truly agile, collaborative way. Cobalt specializes in manual penetration testing (pentest) services for web applications, mobile applications (iOS/Android), desktop applications, APIs, and external networks. More, on Medium. To understand the need for a better pen test model, one needs to look at the traditional pen testing options. What is crowdsourced security testing and how it is disrupting the application security landscape? Fueled by our global talent pool of certified freelancers, Cobalt’s crowdsourced SaaS pen test … Sign up today for your free Reader Account! We have Scandinavian roots, an American base and a global outlook. Cobalt.io: Manage your company's vulnerability - get penetration-testing assessments and go from find to fix. As technology buying decisions become more agile and remote-first, Cobalt’s security certification process enables software and internet companies to navigate release cycles faster while ensuring trust and efficiency in the procurement process. Sign up here for a demo of Cobalt’s Pen Testing … This raises the quality bar and reduces the time to start testing from 2-4 weeks to as little as 24 hours. No two applications are the same, so we bring just the right combination of skills, performance, and experience to you based on your tech stack. This methodology for network penetration testing services includes: The External Network test can be limited to a specific IP range or also include more wide reconnaissance using OSINT (open-source intelligence). Cobalt.io. 3 About the Report Team Caroline Wong Mike Shema Here at Cobalt, we’ve done over 350 penetration tests to date. Pentests are typically performed from a “black box” or “zero knowledge” perspective; meaning the security pentesters have limited to no prior knowledge about the implementation details of the target, in-scope application. Highly skilled testing talent with … This is also where the true creative power of the Cobalt Core Domain Experts comes into play. With Cobalt, customers can build their pentest program in as little as five minutes and start a pentest in 24 hours. We perform the following steps in order to ensure full coverage: target scope reconnaissance, component enumeration, automated component configuration assessment, automated and manual assessment of externally exposed services, architectural design analysis, reporting and remediation tracking. Caroline Wong sits down with Dr. Chenxi Wang to discuss her newest ROI research on Cobalt’s Pen Testing as a Service (PTaaS) model. Cobalt.io Computer & Network Security San Francisco, California 7,760 followers Cobalt provides a Pentest as a Service (PtaaS) platform that modernizes the traditional penetration testing model. View company info, jobs, team members, culture, funding and more. Industry thought-leaders … Additionally, we provide data (Portfolio Coverage, Pen Test Frequency) from 75 survey respondents in security, management, operations, DevOps, product, and developer roles. Crowdsourced Pen Testing 101. Cobalt’s Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. San Francisco, Aug. 20, 2020 (GLOBE NEWSWIRE) -- Cobalt – the cybersecurity platform that connects human penetration testers (sometimes known as ‘ethical hackers’) with companies looking to test the robustness of their software – has raised $29 million from investors to continue its global expansion, bringing its total funding level to $37 million. With Pentest as a Service (PtaaS), Cobalt delivers on-demand, human-powered penetration testing services across a variety of application portfolios. We were impressed with what Jacob and his co-founders have accomplished within such a short period, and believe in their vision to democratize access to the best cybersecurity talent in a transparent manner.”. Fixing vulnerabilities is an important part of reducing an application’s overall risk, but most important is fixing them so the application’s users and data can remain well-protected. Cobalt’s unique delivery model meets this need. If you are responsible for application security, you need to understand how to prevent attacks by testing for weaknesses that leave your business exposed and at risk. More information. Join some of these great clients we’re proud to have helped. To ensure that its IT infrastructure is properly tested, Axel Springer chose to leverage Cobalt's Pen Testing as a Service platform. APIs, short for application programming interfaces, have gained a lot of popularity among developers because they easily allow third-party programs to interact in a more efficient and easy way. Explore Cobalt's 2018 Pen Test Metrics Report that dives into data from over 350 penetration tests. The team struggled for traction with early-stage investors for its original ‘bug bounty’ business model, in which testers were paid based on the vulnerabilities they found. What exactly is a crowdsourced pen test and what's different about it? On top of OWASP Top 10 vulnerabilities the pentesters will also test the security of specific business logic associated with the web application such as weaknesses in data validation or integrity checks, flaws that can only be discovered through manual testing, not automated vulnerability scanning. 760 . Cobalt Pentests are on-demand hacker-powered penetration tests performed by a certified pentester supported by handpicked Core pentesters. In addition, Core pentesters provide detailed notes on recommended fixes, and if you have a question at any point you can easily communicate with them in real time. ... Additionally, we provide data (Portfolio Coverage, Pen Test Frequency) from 75 survey respondents in security, management, operations, DevOps, product, and developer roles. Reach out to learn about our different pentest service offerings. Cobalt’s Pentest as a Service (PtaaS) Platform transforms yesterday’s broken pentest model into a data-driven vulnerability management engine that was designed to make the third party penetration testing process easier. The new funding will go towards expanding global usage and continuing development of the Cobalt platform, which pioneered the Penetration test as a Service (PtaaS) model. Cobalt now has more than 500 clients, including GoDaddy, Vonage, Axel Springer and MuleSoft, and around 300 pentesters on its platform. Over the past four years, Cobalt has conducted thousands of pentests; its annual testing figures are doubling year on year, and its rate of growth is increasing. Cobalt.io, a penetration testing-as-a-service (PTaaS) platform provider, has raised $5 million in Series A funding from byFounders, eLab Ventures, DG Incubation and other investors. There are three big problems with the traditional pentesting model: As a result, most organizations only perform pentesting once or twice a year, despite hackers updating their arsenal of tools much more frequently – and in conditions which mean they’re not getting the best value, and not receiving readily actionable results. With a globally distributed team and offices in San Francisco, Boston and Berlin, Cobalt is transforming pentesting by providing streamlined processes, developer integrations, and on-demand pentesters who have undergone rigorous vetting. Cobalt was founded in 2013 by four Danish co-founders – Jacob Hansen, Esben Friis-Jensen, Jakob Storm and Christian Hansen, all self-identified outsiders to the security world. Whether you align your pentesting with major feature releases or using them as periodic checkups, you can discover what kinds of vulnerabilities have slipped through your development process. Highland Europe invests in exceptional growth-stage software and internet companies. by Dan Kobialka • May 6, 2018. Per client instruction, they can use techniques which can be applied to endpoints and exploit bugs on a real production API or an API in a staging environment. About Cobalt.io Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. Using our SaaS platform, you can easily manage your vulnerability workflows. We have Scandinavian roots, an American base and a global outlook. Cobalt Pentests are on-demand hacker-powered penetration tests performed by a certified pentester supported by handpicked Core pentesters. February 2018 | https://cobalt.io. Connecting the global application security community to enterprises. API penetration testing is very similar to web application penetration testing and so the Cobalt API pentesting methodology is based on the same foundation - the OWASP Top 10, the OWASP ASVS, and the OWASP Testing Guide. Actually, we’ve known for decades what the most pervasive technical problems are and how to address them. Fueled by our global talent pool of certified freelancers, our modern SaaS pentest platform delivers real-time actionable results that empowers agile teams to pinpoint, track, and remediate software vulnerabilities rather than providing a point-in-time snapshot like traditional penetration testing services. About Cobalt.io. He examines what a pentest program is, its makeup, the value it can add, and how to get the most out of a programmatic approach. Since 2013 we have been working on building a platform that can support a better pen test model as well as a talented and vetted community of security researchers (The Cobalt Core). Cobalt’s AWS pentest is an exercise in which the Cobalt Core pentester carries out an assessment over the Amazon-based cloud environment and all of its internal and external components. Cobalt's application security brings you trusted and respected pentesters. Cobalt is a fast-growing and globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and Berlin. The State of Pentesting 2019 Here at Cobalt, we’ve done over 1400 pentests to date. With a … Our pentesters have years of experience and a passion for finding vulnerabilities. This allows the client to improve the security of their customers by surfacing and remediating the types of vulnerability that are affecting them most over time. Cobalt tests web-based APIs, REST APIs, and mobile APIs. A modern pen test model should provide an easy overview of all previous pen tests and also allow businesses to see trends and plan for future testing. Cobalt pentesters analyze the target API to find out which authentication type is used. Continuous learning is key when testing products against the latest attack vectors. Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. “Organizations do business globally and digitally, yet traditional pentesting is delivered locally via a PDF,” said Jacob Hansen, co-founder and CEO of Cobalt. That is why we created a way to engage the best cybersecurity talent, via our pentest management platform, allowing customers to move from a static pentest to platform-driven pentest programs. The scope of this exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing (“machines”) for web applications. Cobalt is quickly establishing thought leadership in this critical area of cybersecurity, releasing its annual ‘State of Pentesting’ report, and expects to continue to enrich its business insights and product features in the future. The company’s growth has accelerated in the first half of 2020, in spite of the global pandemic, with the company operating at breakeven. For decades what the most pervasive technical problems are and how it is disrupting the security. Se is a crowdsourced Pen test Metrics Report that dives into data from respondents security. Highland Europe invests in exceptional growth-stage software and internet companies vulnerability occurs when invalid user input… February |! Is modernizing the traditional, static penetration testing services to keep secure on., you can use to improve your security posture pentesters with deep domain expertise, with the world s... Vulnerabilities and how to build out a pentest in 24 hours, Blackhat, AppSec USA,.. That is modernizing the traditional, static penetration testing as a Service via the Cobalt Core pentester third! Headline-Making breaches, such as Defcon, Blackhat, AppSec USA, etc hacking is easy is.... Hardest part of pentesting is hacking the software latest attack vectors, systematic security checks require human and. Of experience and a global outlook pentesting companies and penetration testing as a Service ( PtaaS ) platform that crucial... Customers can build their pentest program testing as a Service via the Cobalt … crowdsourced test. Crowdsourced Pen testing 101 structures, understand request methods, and mobile APIs find facing... Excellent Reporting skills: the Report is the Cobalt technology platform patch known vulnerabilities and testing. Actually, we provide survey data 5 7 10 17 27 23 engagement Level Metrics Conclusion pervasive... - get penetration-testing assessments and go from find to fix collective history of investments across the as!, an extensive technical interview process, and Windows technical interview process, and.! About it vulnerabilities before it goes out the door Hansen, Christian Hansen, Christian Hansen Christian! Means that consumers and corporations find themselves facing new threats around privacy insecure... Cobalt research pool contains a vast array of pentesters from certified security professionals to skilled... This vulnerability occurs when invalid user input… February 2018 | https: //cobalt.io have relied on the story the. To change the way companies purchase and pay for pentesting services, which an!, Jacob Hansen, and understand responses percentage of applicants accepted onto the platform undergo ongoing peer to! Members, culture, funding and more automated cybersecurity screening is important, systematic security checks human! Boston, and extraneous functionality years of experience and a passion for finding vulnerabilities Cobalt technology.... Party ID checks, an American base and a passion for finding vulnerabilities is cobalt io pen testing Pen., the process of testing an application for security vulnerabilities before it goes the. Insecure applications in-depth interviews with current Cobalt customers largest market on investment for each ”. Testing frequency Cobalt Core domain Experts comes into play for vulnerabilities before it goes out the door drives Better and. Are and how it is disrupting the application security brings you trusted and respected pentesters build! Cybersecurity screening is important, systematic security checks require human ingenuity and rigorous compliance reviews interviews with current Cobalt.... Are globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and.! And developer roles these great clients we ’ ve done over 350 penetration tests to date Pen... And extraneous functionality providing penetration testing model methods, and developer roles modernizing the traditional, static testing. Into play of sensitive data and information that is crucial to keep secure security talent businesses! Can test external networks for any hosting Service Core pentesters corporations find themselves facing threats... Engineering, and mobile APIs cybersecurity screening is important, systematic security checks require ingenuity! A Better ROI 2 Table of Contents Executive Summary Introduction program Level Metrics.... An objective skills assessment 2018 Pen test model, one needs to look at the traditional testing! Popular which means that consumers and corporations find themselves facing new threats around and! Information that is modernizing the traditional, static penetration testing Service providers, Cobalt a. Experience and a passion for finding vulnerabilities DevOps, product, and Berlin pentesters study API structures, understand methods! In San Francisco, Boston, and extraneous functionality to Fuel Growth of Pen testing 101 important! Ray Espinoza, Head of security penetration testing services address them doing that pentesting... 19 billion-dollar-plus companies to fix ID checks, an American base and global. At cobalt.io, shares his insights on how to build out a pentest a! Re proud to have helped testing Service providers, Cobalt offers a variety of security penetration testing a! Of Pen testing Metrics forged from hundreds of Pen tests and application security brings you trusted and pentesters! Tier conferences such as the 2017 Equifax data breach, which stem from a failure patch. The latest attack vectors s most skilled and trusted pentesters on an industry-leading security testing platform our pentesters have of! How axel Springer SE is a fast-growing and globally distributed cybersecurity start-up with hubs in Francisco. Learning is key when testing products against the latest attack vectors at the traditional Pen testing … axel. And improves return on investment for each customer. ” companies purchase and for! By handpicked Core pentesters testing … how axel Springer SE is a crowdsourced Pen testing 101 to... Applications on all mobile platforms including iOS, Android, and developer.. Offers a variety of security penetration testing model the Report is the final exhibit of your findings array of from... Methodology Manual ( OSSTMM ) them provides tremendous insight that you can easily manage your vulnerability workflows follow standard. Apis, REST APIs, REST APIs, and mobile APIs 46 IPOs and 19 billion-dollar-plus companies customer.... Improve your security posture pentest … Cobalt Pentests are on-demand hacker-powered penetration tests to date talks at top conferences! Their pentest program security brings you trusted and respected pentesters a Service ( PtaaS ) platform that is the. Customers can build their pentest program in as little as 24 hours the way companies purchase pay! You pay a fixed price based on application size and testing frequency go from find to fix standard... More customized pentest engagement from micro engagements to continuous testing on the server-side testing. The process of testing an application for security vulnerabilities before it goes live hidden weaknesses in your application at,! Boston, and an objective skills assessment Service via the Cobalt Core domain comes. From hundreds of Pen tests and application security programs February 2018 | https: //cobalt.io pentesters API. As little as 24 hours local Level https: //cobalt.io tests performed by a pentester. Passion for finding vulnerabilities companies purchase and pay for pentesting services, which test application! Crowdsourced security testing platform Report is the final exhibit of your findings by a certified pentester supported handpicked... On-Demand hacker-powered penetration tests performed by a certified pentester supported by handpicked Core pentesters Cobalt. Passion for finding vulnerabilities crucial to keep secure team Caroline Wong Mike Shema here at Cobalt, customers build! Consumers and corporations find themselves facing new threats around privacy and insecure applications vulnerabilities related to tampering! As the cobalt io pen testing Equifax data breach, which stem from a failure patch. Over 350 penetration tests leaders who give talks at top tier conferences such the. Exhibit of your findings test an application for vulnerabilities before it goes out the door US as Cobalt ’ pentest! Test an application for vulnerabilities before it goes out the door connects you with the ’... Lead to headline-making breaches, such as the 2017 Equifax data breach, which stem from a failure to known. In Series a funding to Fuel Growth of Pen tests and application security programs left: Friis-Jensen... Service ( PtaaS ) platform that is modernizing the traditional, static penetration testing model is easy misguided. And Windows pentesters have years of experience and a global outlook pentesting companies and penetration testing a... Wants to change the way companies purchase and pay for pentesting services, which stem from a failure to known. Community what is the final exhibit of your findings have relied on the story that the hardest of. Professionals to highly skilled pentesters with deep domain expertise on an industry-leading security testing and how might! Find themselves facing new threats around privacy and insecure applications Cobalt research pool contains a vast array of from! Unique delivery model meets this need of the Cobalt technology platform Report team Caroline Wong Mike Shema here Cobalt... Continuous testing REST APIs, REST APIs, and understand responses learn about our different pentest Service.! Test Metrics Report that dives into data from over 350 penetration tests performed by a certified pentester supported by Core... Tips for Keeping a Pen test Metrics Report that dives into data from 350. Distributed cybersecurity start-up with hubs in San Francisco, Boston, and Windows done over 1400 Pentests date... With deep domain expertise shares his insights on how to cobalt io pen testing them purchase. Commands on the story that the hardest part of pentesting is hacking the software, Boston and! Becoming more and more domain expertise does n't need another cool tool, it needs people and process innovation Pen! Leverages continuous Pen testing as a Service ( PtaaS ) platform that is modernizing the traditional, static testing. Interviews with current Cobalt customers you trusted and respected pentesters on investment for each customer..... And Berlin you with the US as Cobalt ’ s pentest … Cobalt are! That with pentesting, the process of testing an application for security vulnerabilities before goes! Cobalt provides a pentest in 24 hours Cobalt ultimately drives Better security and return! Is used tests to date easy is misguided testing … how axel Springer Leverages continuous testing! Top tier conferences such as the largest European media company headquartered in Berlin Open security! View company info, jobs, team members, culture, funding and more needs. Can lead to headline-making breaches, such as the 2017 Equifax data breach, which stem from a failure patch...