Menu Icon

Penetration Testing Services

Knowing your vulnerabilities and how attackers might exploit them provides tremendous insight on how to improve your security posture.

Knowing your vulnerabilities and how attackers might exploit them provides tremendous insight on how to improve your security posture.

Modern Penetration Testing Services for Security and Development Teams

Fueled by our exclusive community of testers, Cobalt’s modern SaaS pentest platform delivers the real-time insights agile teams need to remediate risk quickly and innovate securely. Our carefully curated and thoroughly vetted testers, called Cobalt Core, are highly experienced in doing assessments and penetration testing of web applications, mobile applications, web APIs, internal and external networks, and cloud configurations on Amazon Web Services, Microsoft Azure, and Google Cloud Platform. If your application does not fall into these categories, we're still happy to chat and see how we can help.
Web Application Pentest

Web Application Pentest

Cobalt’s web application penetration testing service leverages the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) and the OWASP Testing Guide. Together, they create a comprehensive framework for assessing the security of web-based applications, as the foundation for our web application assessment methodology. On top of OWASP Top 10 vulnerabilities, the pentesters will also test the security of specific business logic associated with the web application such as weaknesses in data validation or integrity checks — flaws that can only be discovered through manual testing, not automated vulnerability scanning.

The State of Pentesting 2021 reportArrow Right
API Pentest

API Pentest

API penetration testing is very similar to web application penetration testing and so the Cobalt API pentesting methodology is based on the same foundation — the OWASP Top 10, the OWASP ASVS, and the OWASP Testing Guide. Cobalt tests web-based APIs, REST APIs, and mobile APIs. Cobalt pentesters analyze the target API to find out which authentication type is used, study API structures, understand request methods, responses, roles, and exploit bugs on a real production API or an API in a staging environment.

Common API security testing practicesArrow Right
Mobile Application Pentest

Mobile Application Pentest

Cobalt does testing for applications on all mobile platforms including iOS, Android, and Windows. Cobalt’s pentesters go beyond looking at just common API and web vulnerabilities to examine the risk of a mobile application, leveraging OWASP Mobile Top 10 and other methodologies to assess its security.

Getting started with Android application securityArrow Right
External Network Pentest

External Network Pentest

Cobalt can test external networks for any hosting service. Cobalt pentesters will carry out the testing without detailed network or infrastructure diagrams and without any accounts or additional user information (unless required as part of the scope). We follow a standard methodology based on Open Source Security Testing Methodology Manual (OSSTMM). The External Network test can be limited to a specific IP range or include more wide reconnaissance using OSINT (open-source intelligence).

AWS Pentest

AWS Pentest

For Cobalt’s AWS pentest, a Cobalt Core pentester carries out an assessment over the Amazon-based cloud environment and all of its internal and external components. We follow an industry standard methodology primarily based on the standards supported by Amazon's Security Hub and additional security testing methodologies such as OWASP ASVS and the OWASP Top 10.

Most common AWS vulnerabilitiesArrow Right
Code Assisted Pentest

Code Assisted Pentest

Pentests are typically performed from a “black box” or “zero knowledge” perspective; meaning the security pentesters have limited to no prior knowledge about the implementation details of the target, in-scope application. With code-assisted, gray-box penetration testing, Cobalt’s pentesters have access to the source code of the application, effectively enabling the team to use the code alongside testing activities as a means to gain a thorough understanding of the target application and enhance the accuracy of the discovered findings.

Additional Pentest Services

Additional Pentest Services

Can't find what you're looking for? Reach out to learn about a more customized pentest, from micro engagements to continuous testing. As one of the world’s leading security penetration testing companies, we offer services customized to your testing needs.

Schedule a demo for more informationArrow Right

Meet the Cobalt Core

Our team of 300+ highly vetted, certified pentesters.

Only 5% of applicants are admitted into the Core team.

Our pentestersArrow Right
A good pentest for us is the right people, doing the right tests. But then it's also communicating that effectively and then partnering with our organization in order to actually close those vulnerabilities once they've been found.Read the full storyArrow Right
Eric Galis Headshot, VP of Compliance and Security at Cengage
Eric Galis
VP of Compliance and Security at Cengage
Cengage

Accelerate Your Find-to-Fix Cycles

To help prioritize vulnerability fixes, Cobalt provides a criticality rating based on impact and business context such as the damage potential, reproducibility, exploitability, number of affected users, and discoverability of each finding. In addition, our pentesters provide detailed notes on recommended fixes, and if you have a question you can easily communicate with them in real time.

Schedule a demo for more infoArrow Right

Want to see Cobalt Platform in action?

schedule a demo