Q: What is Pentesting as a Service?
A: Pentesting as a Service is a platform driven pentesting solution that harnesses the power of a selectively-sourced global talent pool offering creative findings and actionable results. It adds technology to traditional penetration testing models that drives workflow efficiencies.
Q: What are the advantages of a Pentesting as a Service platform?
A: There are three major advantages of a Pentest as a Service platform. First is access to a trusted global talent pool. Second is a modern workflow platform where you can manage the findings. Third is the large reduction in triage time.
Q: Is Pentesting as a Service more agile than traditional penetration tests?
A: Yes! From an agility perspective Pentesting as a Service differs from a traditional pentest in several ways. First, scheduling is much faster and typically happens within 48 hours. Second, the findings are delivered via a platform so they can be directly integrated into your bug tracking systems and development lifecycle. Lastly, there is real time communication with the security freelancers making the testing and re-testing much faster.
Q: Do you offer bug bounty programs?
A: In 2013, Cobalt Labs (then Crowdcurity) started out as a bug bounty platform. We began to notice that many companies were not adept to manage the overhead that comes with bug bounty programs, and thus bug bounty was not necessarily the best fit for those businesses and applications. They were looking for an offering that had the creative power of the crowd, but with coverage more aligned with penetration testing. This insight sparked the creation of our Pentesting as a Service offering, which uses the best elements from bug bounty programs (sourcing model and platform delivery) and combines them with the best elements from traditional pentests (structure and guaranteed coverage) to provide a great pentesting experience which fits with SDLCs for businesses of all sizes.
Q: What is crowdsourced pentesting? How does it relate to Pentesting as a Service?
A: A crowdsourced pentest is a pentest which is crowdsourced. This means that in many cases it is similar to a traditional pentest; however, the security talent is sourced from a vetted global talent pool of security researchers instead of using consultants from a traditional vendor.
At Cobalt, we source our talent from around the world to match your application’s technology stack to the skillsets of our penetration testers. From this we create a personalized team that has a deep knowledge of your testing needs, and connect you to them via the Cobalt platform.