Q: What is Pen Testing as a Service?
A: Pen Testing as a Service is a platform driven pen testing solution that harnesses the power of a selectively-sourced global talent pool offering creative findings and actionable results. It adds technology to traditional penetration testing models that drives workflow efficiencies.
Q: What are the advantages of a Pen Testing as a Service platform?
A: There are three major advantages of a Pen Test as a Service platform. First is access to a trusted global talent pool. Second is a modern workflow platform where you can manage the findings. Third is the large reduction in triage time.
Q: Is Pen Testing as a Service more agile than traditional penetration tests?
A: Yes! From an agility perspective Pen Testing as a Service differs from a traditional pen test in several ways. First, scheduling is much faster and typically happens within 48 hours. Second, the findings are delivered via a platform so they can be directly integrated into your bug tracking systems and development lifecycle. Lastly, there is real time communication with the security freelancers making the testing and re-testing much faster.
Q: Do you offer bug bounty programs?
A: In 2013, Cobalt Labs (then Crowdcurity) started out as a bug bounty platform. We began to notice that many companies were not adept to manage the overhead that comes with bug bounty programs, and thus bug bounty was not necessarily the best fit for those businesses and applications. They were looking for an offering that had the creative power of the crowd, but with coverage more aligned with penetration testing. This insight sparked the creation of our Pen Testing as a Service offering, which uses the best elements from bug bounty programs (sourcing model and platform delivery) and combines them with the best elements from traditional pen tests (structure and guaranteed coverage) to provide a great pen testing experience which fits with SDLCs for businesses of all sizes.
Q: What is crowdsourced pen testing? How does it relate to Pen Testing as a Service?
A: A crowdsourced pen test is a pen test which is crowdsourced. This means that in many cases it is similar to a traditional pen test; however, the security talent is sourced from a vetted global talent pool of security researchers instead of using consultants from a traditional vendor.
At Cobalt, we source our talent from around the world to match your application’s technology stack to the skillsets of our penetration testers. From this we create a personalized team that has a deep knowledge of your testing needs, and connect you to them via the Cobalt platform.