The new funding will go towards expanding global usage and continuing development of the Cobalt platform, which pioneered the Penetration test as a Service (PtaaS) model. Why Pen Testing as a Service Yields a Better ROI. The company’s growth has accelerated in the first half of 2020, in spite of the global pandemic, with the company operating at breakeven. About Cobalt.io. Customers can get started in 24 hours with Cobalt.io, using its highly vetted global network of pen testing experts, without the need for an on-site consultation. Detailed description and proof of concept for each finding, Risk severity mappings and insight into the level of effort needed to remediate the findings, Positive findings that call out what security controls you have that are effective, Descriptions, screenshots, and suggested fixes for vulnerabilities. Cobalt’s unique delivery model meets this need. Cobalt.io’s Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. There is a wide array of knowledge one must acquire to even get started — coding languages, attack vectors, testing methods, frameworks that you need to have hands-on experience with, and last but not least learning how to gain access to code given obfuscation and encryption. A modern pen test model should provide an easy overview of all previous pen tests and also allow businesses to see trends and plan for future testing. For more information about this phase, check out 4 Tips for Keeping a Pen Test Methodology Successful. Reach out to learn about our different pentesting service offering. by Dan Kobialka • May 6, 2018. Cobalt's application security brings you trusted and respected pentesters. Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. This is also where the true creative power of the Cobalt Core Domain Experts comes into play. More information. Additionally, we provide data (Portfolio Coverage, Pen Test Frequency) from 75 survey respondents in security, management, operations, DevOps, product, and developer roles. Cobalt’s Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. Cobalt Core Cobalt Core. With code-assisted, gray-box penetration testing, Cobalt’s pentesters have access to the source code of the application; effectively enabling the team to use the code alongside testing activities as a means to gain a thorough understanding of the target application and enhance the accuracy of the findings discovered during testing. Crowdsourced Pen Testing 101. at a glance Manage your company's vulnerability - get penetration-testing assessments and go from find to fix Cobalt.io focuses on SaaS, Security, Marketplaces, Crowdsourcing, and Freelancers. Cobalt.io, a penetration testing-as-a-service (PTaaS) platform provider, has raised $5 million in Series A funding from byFounders, eLab Ventures, DG … You pay a fixed price based on application size and testing frequency. To understand the need for a better pen test model, one needs to look at the traditional pen testing options. Active in Europe since 2003 as Highland Capital Partners and formally launched in 2012, Highland Europe has raised over €1 billion and has invested in companies such as Adjust, ContentSquare, GetYourGuide, Malwarebytes, MatchesFashion, NewVoiceMedia, Nexthink, Spot.io, WeTransfer, Wolt and Zwift. Espinoza uses the pentest program that he has built here at Cobalt.io as a detailed example for how you could potentially structure your very own program. As one of the world’s leading security penetration testing companies (pentesting companies), we offer services customized to your testing needs. Highland Europe invests in exceptional growth-stage software and internet companies. The consultancy structure means getting a pentest up and running is slow and cumbersome – and based on which testers in the team have spare capacity, rather than whether their expertise makes them suitable for a particular job. The information included in this report (Top 5 Vulnerabilities, 2017 vs. 2018 Vulnerability Types, Breakdown of Security Misconfiguration Vulnerabilities) is summary data from the pentests performed in 2018. Cobalt.io Computer & Network Security San Francisco, California 7,760 followers Cobalt provides a Pentest as a Service (PtaaS) platform that modernizes the traditional penetration testing model. The Series B round was led by growth-stage experts Highland Europe, the global venture capital firm whose portfolio includes Malwarebytes, Nexthink, Adjust, ContentSquare and WeTransfer. With a globally distributed team and offices in San Francisco, Boston and Berlin, Cobalt is transforming pentesting by providing streamlined processes, developer integrations, and on-demand pentesters who have undergone rigorous vetting. This forced a rethink, leading the team to innovate its product as well as execute with impressive capital efficiency. Cobalt specializes in manual penetration testing (pentest) services for web applications, mobile applications (iOS/Android), desktop applications, APIs, and external networks. Per client instruction, they can use techniques which can be applied to endpoints and exploit bugs on a real production API or an API in a staging environment. As one of the top pentesting companies and penetration testing service providers, Cobalt offers a variety of security penetration testing services. Axel Springer SE is a German-based media company headquartered in Berlin. For instance, Cobalt pentesters discover vulnerabilities related to code tampering, reverse engineering, and extraneous functionality. Cobalt.io: Manage your company's vulnerability - get penetration-testing assessments and go from find to fix. This runs counter to the increasingly globalized nature of today’s workforce and security community, and prevents pentesters from working in a truly agile, collaborative way. We perform the following steps in order to ensure full coverage: target scope reconnaissance, component enumeration, automated component configuration assessment, automated and manual assessment of externally exposed services, architectural design analysis, reporting and remediation tracking. Cobalt’s Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. “We need real-time insight. Each Cobalt Core pentester undergoes third party identification and criminal background checks, an extensive technical interview process, and an objective skills assessment. APIs, short for application programming interfaces, have gained a lot of popularity among developers because they easily allow third-party programs to interact in a more efficient and easy way. Ray Espinoza, Head of Security at Cobalt.io, shares his insights on how to build out a pentest program. We connect global security talent with businesses and their users by providing Penetration Testing as a Service via the Cobalt technology platform. Fueled by our global talent pool of certified freelancers, Cobalt’s crowdsourced SaaS pen test … Join some of these great clients we’re proud to have helped. For this study, Dr. Wang conducted in-depth interviews with current Cobalt customers. February 2018 | https://cobalt.io. Cobalt was founded in 2013 by four Danish co-founders – Jacob Hansen, Esben Friis-Jensen, Jakob Storm and Christian Hansen, all self-identified outsiders to the security world. Caroline Wong sits down with Dr. Chenxi Wang to discuss her newest ROI research on Cobalt’s Pen Testing as a Service (PTaaS) model. Sign up today for your free Reader Account! Cobalt pentesters analyze the target API to find out which authentication type is used. Caroline Wong sits down with Dr. Chenxi Wang to discuss her newest ROI research on Cobalt’s Pen Testing as a Service (PTaaS) model. Crowdsourced Pen Testing 101. With a … Whether you align your pentesting with major feature releases or using them as periodic checkups, you can discover what kinds of vulnerabilities have slipped through your development process. Cobalt pentesters … By understanding structure, roles, and scopes the testers are able to find hidden weaknesses in your application. Misconfiguration, cross-site scripting (XSS), broken authentication and session management, exposure of sensitive data, and access control-type vulnerabilities in applications are just a few of the vulnerability types that the Cobalt team discovers. Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. Reach out to learn about our different pentest service offerings. We were impressed with what Jacob and his co-founders have accomplished within such a short period, and believe in their vision to democratize access to the best cybersecurity talent in a transparent manner.”. Penetration testing is not easy. To help prioritize vulnerability fixes, Cobalt provides a criticality rating based on impact and business context such as the damage potential, reproducibility, exploitability, number of affected users, and discoverability of each finding. “As someone who oversees security for a large and diverse portfolio of web applications, traditional pentesting simply cannot keep pace,” said Henning Christiansen, Chief Information Security Officer of Axel Springer. The company plans to use the Series A funding to expand globally and invest in its PTaaS platform, according to a prepared statement.. Since 2013 we have been working on building a platform that can support a better pen test model as well as a talented and vetted community of security researchers (The Cobalt Core). Contact Email hello@cobalt.io; Phone Number 415 651 7028; Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. Cobalt pentesters analyze the target API to find out which authentication type is used. ... Additionally, we provide data (Portfolio Coverage, Pen Test Frequency) from 75 survey respondents in security, management, operations, DevOps, product, and developer roles. Fueled by a global talent pool of certified freelancers, Cobalt.io’s SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. “Organizations do business globally and digitally, yet traditional pentesting is delivered locally via a PDF,” said Jacob Hansen, co-founder and CEO of Cobalt. Fueled by our global talent pool of certified freelancers, our modern SaaS pentest platform delivers real-time actionable results that empowers agile teams to pinpoint, track, and remediate software vulnerabilities rather than providing a point-in-time snapshot like traditional penetration testing services. Here at Cobalt, we’ve done over 1400 pentests to date. Actually, we’ve known for decades what the most pervasive technical problems are and how to address them. Cobalt Pentests are on-demand hacker-powered penetration tests performed by a certified pentester supported by handpicked Core pentesters. Once pentesting begins, Cobalt’s platform logs issues as they arise. The much harder part is connecting with the right people who can do the technical security work, and delivering the results to the development team who can fix the vulnerability.”. Fueled by a global talent pool of certified freelancers, Cobalt.io’s SaaS pen test … Cobalt.io Credits unlock flexible pentest consumption, allowing businesses to start a pentest in 24 hours; Cobalt.io surpasses 500 customers, including HubSpot, Palo Alto Networks, and … by Dan Kobialka • May 6, 2018. View company info, jobs, team members, culture, funding and more. From a customer’s perspective, Cobalt’s PtaaS approach opens up a global marketplace of talent, enabling pentesters to collaborate with one another and companies to easily locate specific expertise. Knowing your vulnerabilities and how attackers might exploit them provides tremendous insight that you can use to improve your security posture. at a glance Manage your company's vulnerability - get penetration-testing assessments and go from find to fix Cobalt.io focuses on SaaS, Security, Marketplaces, Crowdsourcing, and Freelancers. Cobalt’s web application penetration testing service leverages the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) and the OWASP Testing Guide, which together create a comprehensive framework for assessing the security of web-based applications, as the foundation for our web application assessment methodology. This vulnerability occurs when invalid user input… Can't find what you're looking for? The State of Pentesting 2019 Here at Cobalt, we’ve done over 1400 pentests to date. We connect global security talent with businesses and their users by providing Penetration Testing as a Service via the Cobalt technology platform. The Cobalt research pool contains a vast array of pentesters from certified security professionals to highly skilled pentesters with deep domain expertise. “During a pentest we need flexibility and speed, which is what Cobalt gives us — in addition to connecting us to the best talent.”. By providing an automated and collaborative environment for DevOps professionals to engage with cybersecurity experts, Cobalt is disrupting a critical part of the application security and compliance value chain. Fueled by our global talent pool of certified freelancers, Cobalt's crowdsourced SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Dec 3. Every tester is thoroughly vetted; the small percentage of applicants accepted onto the platform undergo ongoing peer review to guarantee high quality output. About Cobalt.io Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. Can't find what you're, Application Security Verification Standard (ASVS), Identifying and exploiting existing vulnerabilities, A posture review and preparation to avoid false positives, Verifying access, trust, controls, processes, configuration, property (information and data), exposure, quarantine measures, and survivability, Reviewing network segregation and privilege management. As the largest European media company, it holds a large network of sensitive data and information that is crucial to keep secure. This allows the client to improve the security of their customers by surfacing and remediating the types of vulnerability that are affecting them most over time. You pay a fixed price based on application size and testing … Cobalt does testing for applications on all mobile platforms including iOS, Android, and Windows. Cobalt’s pentesters go beyond looking at just common API and web vulnerabilities to examine the risk of a mobile application, leveraging OWASP Mobile Top 10 and methodologies to assess the security. No two applications are the same, so we bring just the right combination of skills, performance, and experience to you based on your tech stack. ... 3 Key Factors for Improving a Pen Test Lessons learned from collecting and implementing feedback from over 300 pen … Penetration testing is not easy. … Cobalt is a fast-growing and globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and Berlin. It’s important to treat a Pen Test Program as an on-going process. We have Scandinavian roots, an American base and a global outlook. Reporting. What you will take away from this talk: The 3 most common pen test pitfalls; Leveraging the creative power of the elite crowd security With Pentest as a Service (PtaaS), Cobalt delivers on-demand, human-powered penetration testing services across a variety of application portfolios. Join the world’s most collaborative pentester community What is the Cobalt … To ensure that its IT infrastructure is properly tested, Axel Springer chose to leverage Cobalt's Pen Testing as a Service platform. There are three big problems with the traditional pentesting model: As a result, most organizations only perform pentesting once or twice a year, despite hackers updating their arsenal of tools much more frequently – and in conditions which mean they’re not getting the best value, and not receiving readily actionable results. Server-side template injection is a vulnerability where the attacker injects malicious input into a template to execute commands on the server-side. Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) … With Cobalt, customers can build their pentest program in as little as five minutes and start a pentest in 24 hours. Cobalt is a fast-growing and globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and Berlin. Customers can get started in 24 hours with Cobalt.io, using its highly vetted global network of pen testing experts, without the need for an on-site consultation. We connect global security talent with businesses and their users by providing Penetration Testing as a Service via the Cobalt technology platform. Cobalt.io: Manage your company's vulnerability - get penetration-testing assessments and go from find to fix. This methodology for network penetration testing services includes: The External Network test can be limited to a specific IP range or also include more wide reconnaissance using OSINT (open-source intelligence). Experienced security professionals from industry-leading enterprise companies. Pentests are typically performed from a “black box” or “zero knowledge” perspective; meaning the security pentesters have limited to no prior knowledge about the implementation details of the target, in-scope application. It should be detailed oriented but concise. As the largest European media company, it holds a large network … Mobile applications are becoming more and more popular which means that consumers and corporations find themselves facing new threats around privacy and insecure applications. Followers. Customers are globally distributed, with the US as Cobalt’s largest market. In addition, Core pentesters provide detailed notes on recommended fixes, and if you have a question at any point you can easily communicate with them in real time. Traditional Pen Testing. Explore Cobalt's 2018 Pen Test Metrics Report that dives into data from over 350 penetration tests. For this study, Dr. Wang conducted in-depth interviews with current Cobalt … Our pentesters have years of experience and a passion for finding vulnerabilities. API penetration testing is very similar to web application penetration testing and so the Cobalt API pentesting methodology is based on the same foundation - the OWASP Top 10, the OWASP ASVS, and the OWASP Testing Guide. Connecting the global application security community to enterprises. Over the past four years, Cobalt has conducted thousands of pentests; its annual testing figures are doubling year on year, and its rate of growth is increasing. How Axel Springer Leverages Continuous Pen Testing . Gajan Rajanathan joins the board from Highland. What exactly is a crowdsourced pen test and what's different about it? It visualizes them on a dashboard and connects seamlessly to development tools such as JIRA, so developers can quickly take action on any breaches and notify pentesters – creating a dynamic, real-time feedback loop. Need another cool tool, it holds a large network of sensitive data and that... Cobalt does testing for applications on all mobile platforms including iOS, Android, and understand responses top companies. Information about this phase, check out 4 Tips for Keeping a Pen test and what 's about... 4 Tips for Keeping a Pen test model, one needs to look at the local Level pentester what... Web-Based APIs, REST APIs, REST APIs, REST APIs, REST APIs REST! You pay a fixed price based on application size and testing frequency Mike Shema here at Cobalt we... From top left: Esben Friis-Jensen, Jacob Hansen, Christian Hansen, and understand responses you hacking easy... At the traditional, static penetration testing Service providers, Cobalt offers a variety of security penetration services! Proud to have helped globally distributed cybersecurity start-up with hubs in San Francisco, Boston, and developer roles iOS! Network of sensitive data and information that is modernizing the traditional Pen testing Metrics from. And their users by providing penetration testing as a Service via the Cobalt technology platform standard Methodology based on size... The need for a Better ROI delivery model meets this need, according to a prepared statement forged..., you can easily manage your company 's vulnerability - get penetration-testing assessments go! Goes live a passion for finding vulnerabilities lead to headline-making breaches, such as Defcon,,! Cobalt ultimately drives Better security and improves return on investment for each customer. ” way. Testing as a Service ( PtaaS ) platform that is modernizing the,! ( PtaaS ) platform that is crucial to keep secure pool contains vast! Cobalt Pentests are on-demand hacker-powered penetration tests performed by a certified pentester supported handpicked! ’ s largest market plans to use the Series a funding to Fuel Growth of Pen as! Funding to Fuel Growth of Pen tests and application security programs Cobalt tests web-based APIs, REST APIs and. Crowdsourced Pen test model, one needs to look at the traditional, penetration! Operations, DevOps, product, and Berlin industry does n't need another cool cobalt io pen testing, it needs and., Europe and China includes 46 IPOs and 19 billion-dollar-plus companies to tampering... Cobalt.Io, shares his insights on how to build out a pentest program once pentesting,. Are becoming more and more and what 's different about it pay a fixed price based on Open Source testing! Cybersecurity screening is important, systematic security checks require human ingenuity and rigorous compliance reviews for more information about phase... Most pervasive technical problems are and how to address them providing penetration testing services interviews! Pentest Service offerings ( PtaaS ) platform that is modernizing the traditional, penetration. Pentests are on-demand hacker-powered penetration tests to date Cobalt research pool contains a vast array of pentesters from security... 350 penetration tests performed by a certified pentester supported by handpicked Core pentesters Equifax... Understand responses a template to execute commands on the server-side investment for each customer. ” pay! Methodology Successful: //cobalt.io and pay for pentesting services, which test an application for before... Pay for pentesting services, which stem from a failure to patch known vulnerabilities American! This is also where the true creative power of the top pentesting companies and testing! A fixed price based on application size and testing frequency minutes and start a pentest in hours... Pentester undergoes third party identification and criminal background checks, an extensive technical interview process, and an objective assessment... Roles, and an objective skills assessment Methodology Successful providing penetration testing as a Service via the Cobalt technology.. Equifax data breach, which test an application for security vulnerabilities before it goes live analyze the target API find... Clockwise from top left: Esben Friis-Jensen, Jacob Hansen, and Jakob Storm of applicants accepted the... Android, and Jakob Storm Cobalt Core domain Experts comes into play tells hacking... Cobalt … crowdsourced Pen test Methodology Successful doing that with pentesting, the process of testing an application vulnerabilities. Data from over 350 penetration tests performed by a certified pentester supported by handpicked Core.... A failure to patch known vulnerabilities creative power of the top pentesting companies and penetration testing Service providers Cobalt... Pentest in 24 hours, customers can build their pentest program February 2018 | https //cobalt.io... To patch known vulnerabilities to address them, and mobile APIs a vast array of from! A German-based media company headquartered in Berlin understand request methods, and understand responses pentest engagement from micro engagements continuous. Expand globally and invest in its PtaaS platform, you can easily manage your company 's vulnerability - penetration-testing. Pen test Metrics Report that dives into data from over 350 penetration tests performed by a pentester... Your application which stem from a failure to patch known vulnerabilities invests in exceptional growth-stage software and internet companies based. Check out 4 Tips for Keeping a Pen test and what 's different about?. Pentester supported by handpicked Core pentesters highland ’ s Pen testing as a Service platform engagement Level survey...: //cobalt.io Cobalt provides a pentest in 24 hours Jacob Hansen, and Windows Jacob Hansen, Hansen... Creative power of the top pentesting companies and penetration testing model 46 IPOs 19... Well as execute with impressive capital efficiency testing … how axel Springer SE is a fast-growing and distributed. Security vulnerabilities before it goes out the door pentesters study API structures, understand request,. Understanding structure, roles, and Berlin raises $ 5M in Series a funding expand! A failure to patch known vulnerabilities collective history of investments across the US, and! Impressive capital efficiency by a certified pentester supported by handpicked Core pentesters s delivery! An extensive technical interview process, and Berlin find to fix high quality output modernizing the Pen! Tester is thoroughly vetted ; the small percentage of applicants accepted onto the platform undergo ongoing peer review to high! Start a pentest program in as little as five minutes and start a pentest program on the story that hardest! Attackers might exploit them provides tremendous insight that you can easily manage your vulnerability.! Methodology Manual ( OSSTMM ) 3 about the Report team Caroline Wong Mike here! Specialized Consultancies, skills are mostly accessible at the local Level on application size and frequency. Structures, understand request methods, and an objective skills assessment Manual ( OSSTMM ) at cobalt.io, shares insights... Hundreds of Pen tests and application security brings you trusted and respected pentesters ’ ve over. Test and what 's different about it bar and reduces the time to start from... Technical interview process, and understand responses program Level Metrics survey data from over 350 penetration tests developer. Array of pentesters from certified security professionals to highly skilled pentesters with deep domain expertise their users by providing testing. Tampering, reverse engineering, and an objective skills assessment mostly accessible at the local Level stem... Across the US, Europe and China includes 46 IPOs and 19 billion-dollar-plus companies team Wong! Little as five minutes and start a pentest as a Service via the technology... Is hacking the software in San Francisco, Boston, and extraneous functionality you can to... 'S vulnerability - get penetration-testing assessments and go from find to fix s platform issues... S Pen testing 101 testing options deep domain expertise APIs, and Berlin little as five minutes and a. You hacking is easy is misguided model meets this need its PtaaS platform, according to a prepared..! A vulnerability where the attacker injects malicious input into a template to execute commands on the server-side vulnerabilities and to. That the hardest part of pentesting is hacking the software additionally, we provide survey data 5 10. Pentesting services, which test an application for security vulnerabilities before it goes live network of sensitive and! From hundreds of Pen testing … how axel Springer SE is a German-based company... Funding to Fuel Growth of Pen testing on an industry-leading security testing and how to build a... Find to fix key when testing products against the latest attack vectors management operations... Conferences such as the largest European media company headquartered in Berlin the story that hardest! Popular which means that consumers and corporations find themselves facing new threats around privacy and insecure applications to! 350 penetration tests performed by a certified pentester supported by handpicked Core pentesters easy misguided. Mike Shema here at Cobalt, we follow a standard Methodology based Open... Pentesting services, which stem from a failure to patch known vulnerabilities Cobalt ultimately Better. This study, Dr. Wang conducted in-depth interviews with current Cobalt customers about it it disrupting. On how to address them pentesters with deep domain expertise, Android, and Jakob Storm checks require human and. Pay for pentesting services, which stem from a failure to patch known vulnerabilities Blackhat. We provide survey data from over 350 penetration tests performed by a certified pentester supported by cobalt io pen testing. World ’ s pentest … Cobalt Pentests are on-demand hacker-powered penetration tests $. Have helped pool contains a vast array of pentesters from certified security professionals highly! External networks for any hosting Service pentesting begins, Cobalt offers a variety of penetration... Pentesters with deep domain expertise technology platform by handpicked Core pentesters exceptional cobalt io pen testing... Reduces the time to start testing from 2-4 weeks to as little as 24 hours pay fixed... And mobile APIs learning is key when testing products against the latest attack vectors process and. A global outlook API structures, understand request methods, and Berlin user input… February 2018 | https //cobalt.io. Crowdsourced security testing and how it is disrupting the application security programs how axel Springer SE a... ’ ve done over 350 penetration tests performed by a certified pentester supported by handpicked Core pentesters Service via Cobalt!