Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Pentesting Service

Pentesting Service

Pentesting Service

Cobalt specializes in manual penetration testing for web applications, mobile applications (iOS/Android), desktop applications, APIs, and external networks. Using our SaaS platform, you can easily manage your vulnerability workflows.

Cobalt certified researchers@2x

Skill set matching
for each test


No two applications are the same, so we bring just the right combination of skills, performance, and experience to you based on your tech stack. We draw on a core of 100+ heavily vetted, high quality security researchers to find the right skills to match to your security requirements, business needs, and schedule. Cobalt connects you with the world’s most skilled and trusted pentesters on an industry-leading security testing platform. We don’t just give you the next pentester waiting on the bench, instead we handpick the testers that fit your testing needs.


The Cobalt research pool contains a vast array of pentesters from certified security professionals to highly skilled researchers with deep domain expertise. Our researchers have years of experience and a passion for finding vulnerabilities. Each Core researcher undergoes third party ID checks and an extensive technical interview process.

Core researcher@2x
Cobalt certified researchers@2x

What to fix and
how to get it fixed


Fixing vulnerabilities is an important part of reducing an application’s overall risk, but most important is fixing them so the application’s users and data can remain well-protected.


To help prioritize vulnerability fixes, Cobalt provides a criticality rating based on impact and business context such as the damage potential, reproducibility, exploitability, number of affected users, and discoverability of each finding. In addition, our Core researchers provide detailed notes on recommended fixes, and if you have a question at any point you can easily communicate to them in real time.

Pen test finding@2x

Our Pentesting Service Offerings

Cobalt offers a variety of penetration testing services. Can't find what you're looking for? Reach out to learn about our different pentesting service offerings.

Web Application Pentesting Service


Cobalt’s web application penetration testing service leverages the Open Web Application Security Project (OWASP) Application Security Verification Standard and testing methodologies, a comprehensive framework for assessing the security of web-based applications, as the foundation for our web application assessment methodology. On top of OWASP Top 10 vulnerabilities the researchers will also test the security of specific business logic associated with the web application. Misconfiguration, cross-site scripting (XSS), authentication and session, exposure of sensitive data, and access control-type vulnerabilities in applications are just a few of the vulnerability types that the Cobalt team discovers.

API Pentesting Service


APIs, short for application programming interfaces, have recently gained a lot of popularity among developers because they easily allow third-party programs to interact in a more efficient and easy way. Cobalt tests web based APIs, REST APIs, and mobile APIs. Cobalt pentesters analyze the target API to find out which authentication type is used. Cobalt pentesters study API structures, understand request methods, and understand responses. Per client instruction, they can use techniques which can be applied to endpoints and exploit bugs on a real production API or staging environments. By understanding structure, roles, and scopes the testers are able to find hidden weaknesses in your application.

Mobile Application Pentesting Service


Mobile applications are becoming more and more popular which means that consumers and corporations find themselves facing new threats around privacy and insecure applications. Cobalt does testing for all mobile platforms including iOS, Android, and Windows. Cobalt’s pentesters go beyond looking at just API and web vulnerabilities to examine the risk of a mobile application leveraging OWASP methodologies to assess the security.

External Network Pentesting Service


Cobalt can test external networks for any hosting service. Cobalt researchers will carry out the testing without detailed network or infrastructure diagrams and without any accounts or additional user information (unless required as part of the scope). At Cobalt, we follow a standard methodology based on OSSTMM for network penetration testing, which includes reconnaissance, service discovery, automatic, and manual pentesting. The External Network test can be limited to a specific IP range or also include more wide reconnaissance using OSINT (open-source intelligence).

AWS Pentesting Service


AWS Pentesting is a popular service, driven by the growth of Amazon Web Service capabilities. Cobalt’s AWS pentest is an exercise in which the Cobalt Core team of security researchers carries out an assessment over the Amazon-based cloud environment and all of its internal and external components. At Cobalt, we follow an industry standard methodology primarily based on Amazon’s CIS Security Standard and additional security testing methodologies such as ASVS and OWASP. We perform the following steps in order to ensure full coverage: target scope reconnaissance, component enumeration, automated component configuration assessment, automated and manual assessment of externally exposed services, architectural design analysis, reporting and remediation tracking.

Additional Pentesting Services


Can't find what you're looking for? Reach out to learn about a more customized pentest engagement from micro engagements to continuous testing.