Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest


Liz Warner


LendInvest is the world’s largest peer-to-peer marketplace for property lending. Founded in 2013, the London-based Fintech startup is changing the way people invest in property, bringing the principles of peer-to-peer lending to the UK mortgage market. LendInvest helps investors to make better returns and borrowers to get access to finance that is fast, transparent and fair.

Investing in Security

The LendInvest business is growing fast, having lent almost £400 million of bridging finance on 700 properties in the past two years alone. As the business continues to expand rapidly, the company’s management is dedicated to ensuring the safety and security of the LendInvest platform which is used continuously by thousands of lenders, borrowers and mortgage brokers.

Liz Warner, CTO of LendInvest, states:

"Our business is disrupting the status quo in property investing. To continue to do this competitively and responsibly, it was crucial to identify a trustworthy, cost-effective and easy-to-manage security program partner to keep our lending platform as secure as possible."

A Managed Private Security Program

Following a competitive tender process, LendInvest selected Cobalt’s private managed bug bounty program.

In this program between three to five new security researchers are invited to join the ongoing real-time bug bounty program every month. This means new features are tested, and the platform as a whole gets a fresh review. Researchers are only paid for reports LendInvest considers to be valid.

Additionally, as part of the managed bug bounty program LendInvest has been matched one-to-one with a CISSP-certified security engineer who has experience in penetration testing and in managing a bug bounty program. The security engineer’s responsibilities are:

  • Respond to new security reports within 24 hours
  • Triage reports so that LendInvest can focus on the important security reports
  • Remediate security threats by suggesting fixes and rewards


The Managed Program has been a great fit for LendInvest, who wanted to connect with top security researchers and to be able to efficiently handle incoming security reports. The security researchers examine for common vulnerabilities such as Cross-Site Scripting or Broken Authentication but also dig deeper and test for more subtle application logic attacks.

Liz Warner adds:

"Our experience on the Cobalt program has been extremely satisfying and instructive. Having a dedicated resource has been very helpful. He was fast to respond to reports and offered great advice on how to fix potential issues with minimal delay. This hands-on surveillance and assistance saved our team valuable time and effort that we could then use to focus on our business."

With Cobalt’s managed security program, LendInvest received:

  • Ongoing testing and coverage of OWASP top 10 security threats
  • Access to vetted security researchers with the right skills and certifications
  • The capability to become a leader in security practices for peer-to-peer platforms

Liz Warner concluded:

"As an agile company, we are continually releasing new features. The Cobalt security platform has enabled us to validate our security on an ongoing basis to stay on top of new security threats. This makes our platform safer for our customers and other stakeholders."