Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Your Global Handpicked Application Security Team

No two applications are the same, so we take care to bring just the right combination of skills and experience to yours.

  • 15200Bugs
  • 417Security Programs
  • 3332Years of Hacking
  • 127Countries

Certified Researchers

Security professionals with a recognised certification such as CISSP. We always include one certified researcher on all of our Cobalt Pen Test engagements.

Bug Bounty Hunters

Typically self-taught security researchers with solid pen testing skills from participating in top bug bounty programs. Highly motivated and always ready for a new challenge.

Domain Experts

These are highly skilled researchers with deep domain expertise who would typically be at the level of making presentations at various security conferences.

Our Vetting Process

Icon  bug blue

1Get Invited

To become eligible for the Core team a security researcher needs firstly to be invited by either a customer or another Core researcher.


We then review and vet individual applications for achievement and experience.

3Deliver Value

Finally, a potential Core researcher needs to deliver significant value to at least one of the programs they get invited to while in the trial period.


Once admitted, new Core researchers are measured continuously via our internal reputation system, Rep, as well as score highly on our quality system, derived from customer feedback. Only the top 5% of researchers make it into our Core team.