Q: Why should I use Cobalt?
A: At Cobalt we believe that modern applications deserves something different than generic vulnerability scanners and overpriced consultants. Therefore we have built a top class platform which connects you to top application security researchers to provide you agile pen tests and curated bug bounties.
Q: What kinds of applications can you test?
A: Our vetted and trusted group of security researchers, called Cobalt Core, is highly experienced in doing assessments and penetration testing of websites, web applications, mobile apps and APIs. If your application does not fall into these categories, we're still happy to have a chat and hear if we can help.
Q: Are you a bug bounty platform?
A: In 2013, Cobalt Labs (then Crowdcurity) started out exclusively as a bug bounty platform, and we still offer bug bounty programs as a core part of our service. But we also realized that most businesses are not Google and Facebook, and bug bounty programs are not necessarily the best fit for all businesses and applications. Therefore we have created our timeboxed penetration testing service, which uses some of the best elements from bug bounty programs (incentive and sourcing model) to create a great pen testing experience.
Q: Cobalt Pen Tests or Bug Bounty?
A: If you have never done manual penetration testing on your application before, we recommend to start with periodic Cobalt pen tests. This gives you a great vulnerability assessment from 2-3 top researchers. If you have already done significant security testing and you have a fast SDLC, you can consider doing the curated bug bounty program, which gives you continuous testing from multiple vetted researchers.