Cobalt bug bounty programCobalt bug bounty programCobalt bug bounty program

Our Services

Down arrow

Cobalt Pen Tests

Cobalt Pen Tests are on-demand periodic vulnerability assessments performed by a certified researcher supported by handpicked Core researchers. You pay a fixed price based on application size and testing frequency. If you are looking for a focused application security assessment and penetration testing setup, where you get an actionable report for your team and clients, this is the best option for you.


How does it work?

Schedule a chat and we will help you setup the assessments according to your scope, timeline and budget. When ready, we will assign a pen test team with the relevant domain knowledge to get it moving!

Cobalt Pen Test Features

  • Actionable summary report

    Gets quickly to the heart of your issues

  • Shareable

    Easily share executive summary with stakeholders

  • Time boxed

    E.g. two week focused programs only

  • Cobalt Core Researchers

    Our strong community of trusted security researchers

  • OWASP top 10 coverage

    Checked for the most common vulnerabilities

  • Certified Researchers

    CISSP qualification or equivalent

Curated Bug Bounties

With our Bug Bounty Programs, you reward per bug, not per hour, and you set the bounty sizes as you think appropriate. Our Program Curator will open the program to our experienced core researchers and help you triage and evaluate all incoming reports. This will give you time to focus on the essentials – patching your vulnerabilities.


How does it work?

We guide you closely in how to setup a great bug bounty program. From setting the bounty sizes to scoping. Finally, we match you with one of our experienced program curators who will make sure your program runs smoothly.

Bug Bounties Features

  • Report management

    Cobalt Central, your secure inbox for vulnerabilities.

  • Cobalt Core Researchers

    Our strong community of trusted security researchers.

  • The Curator

    Your trusted security program manager.

  • Continuous Testing

    Keep vigilant eyes on your vulnerabilities.

Pen tests and Bounties Compared

We recommend to start with pen tests timed to fit the speed of your software development life cycle, which will give you wide coverage and a high signal to noise ratio in your reports. When you are ready you can then combine this with a Curated Bug Bounty Program giving you continuous testing from a larger group of vetted Core researchers.