Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Pen Testing Service

Pen Testing Service

Pen Testing Service

Cobalt specializes in manual penetration testing for web applications, mobile applications (iOS/Android), desktop applications, APIs, and external networks. Using our SaaS platform, you can easily manage your vulnerability workflows.

Cobalt certified researchers@2x

Skill set matching
for each test


No two applications are the same, so we bring just the right combination of skills, performance, and experience to you based on your tech stack. We draw on a core of 100+ heavily vetted, high quality security researchers to find the right skills to match to your security requirements, business needs, and schedule. Cobalt connects you with the world’s most skilled and trusted pen testers on an industry-leading security testing platform. We don’t just give you the next pen tester waiting on the bench, instead we handpick the testers that fit your testing needs.


The Cobalt research pool contains a vast array of pen testers from certified security professionals to highly skilled researchers with deep domain expertise. Our researchers have years of experience and a passion for finding vulnerabilities. Each Core researcher undergoes third party ID checks and an extensive technical interview process.

Core researcher@2x
Cobalt certified researchers@2x

What to fix and
how to get it fixed


Fixing vulnerabilities is an important part of reducing an application’s overall risk, but most important is fixing them so the application’s users and data can remain well-protected.


To help prioritize vulnerability fixes, Cobalt provides a criticality rating based on impact and business context such as the damage potential, reproducibility, exploitability, number of affected users, and discoverability of each finding. In addition, our Core researchers provide detailed notes on recommended fixes, and if you have a question at any point you can easily communicate to them in real time.

Pen test finding@2x

Our Pen Testing Service Offerings

Cobalt offers a variety of penetration testing services. Can't find what you're looking for? Reach out to learn about our different pen testing service offerings.

Web Application Pen Testing Service


Cobalt’s web application penetration testing service leverages the Open Web Application Security Project (OWASP) Application Security Verification Standard and testing methodologies, a comprehensive framework for assessing the security of web-based applications, as the foundation for our web application assessment methodology. On top of OWASP Top 10 vulnerabilities the researchers will also test the security of specific business logic associated with the web application. Misconfiguration, cross-site scripting (XSS), authentication and session, exposure of sensitive data, and access control-type vulnerabilities in applications are just a few of the vulnerability types that the Cobalt team discovers.

API Pen Testing Service


APIs, short for application programming interfaces, have recently gained a lot of popularity among developers because they easily allow third-party programs to interact in a more efficient and easy way. Cobalt tests web based APIs, REST APIs, and mobile APIs. Cobalt pen testers analyze the target API to find out which authentication type is used. Cobalt pen testers study API structures, understand request methods, and understand responses. Per client instruction, they can use techniques which can be applied to endpoints and exploit bugs on a real production API or staging environments. By understanding structure, roles, and scopes the testers are able to find hidden weaknesses in your application.

Mobile Application Pen Testing Service


Mobile applications are becoming more and more popular which means that consumers and corporations find themselves facing new threats around privacy and insecure applications. Cobalt does testing for all mobile platforms including iOS, Android, and Windows. Cobalt’s pen testers go beyond looking at just API and web vulnerabilities to examine the risk of a mobile application leveraging OWASP methodologies to assess the security.

External Network Pen Testing Service


Cobalt can test external networks for any hosting service. Cobalt researchers will carry out the testing without detailed network or infrastructure diagrams and without any accounts or additional user information (unless required as part of the scope). At Cobalt, we follow a standard methodology based on OSSTMM for network penetration testing, which includes reconnaissance, service discovery, automatic, and manual pen testing. The External Network test can be limited to a specific IP range or also include more wide reconnaissance using OSINT (open-source intelligence).

AWS Pen Testing Service


AWS Pen Testing is a popular service, driven by the growth of Amazon Web Service capabilities. Cobalt’s AWS pen test is an exercise in which the Cobalt Core team of security researchers carries out an assessment over the Amazon-based cloud environment and all of its internal and external components. At Cobalt, we follow an industry standard methodology primarily based on Amazon’s CIS Security Standard and additional security testing methodologies such as ASVS and OWASP. We perform the following steps in order to ensure full coverage: target scope reconnaissance, component enumeration, automated component configuration assessment, automated and manual assessment of externally exposed services, architectural design analysis, reporting and remediation tracking.

Additional Pen Testing Services


Can't find what you're looking for? Reach out to learn about a more customized pen test engagement from micro engagements to continuous testing.