REPORT
The 25x Remediation Gap: See how elite security teams resolve risks in 10 days vs. 249
GET REPORT
REPORT
The 25x Remediation Gap: See how elite security teams resolve risks in 10 days vs. 249
GET REPORT

Blogs

Thoughts, perspectives, and industry commentary from the Cobalt team.

Generating Actionable Pentest Results with PTaaS

December 29, 2021
Est Read Time: 3 min
Pentesting requires companies to do more than simply receive a report at the end of the test.
Read more
Modernizing Pentesting

Types of Security Risks that Threaten Schools

December 20, 2021
Est Read Time: 3 min
Data security is a high priority across industries. This includes the education sector where confidential files and...
Read more
Cybersecurity Insights Modernizing Pentesting

Top Holiday Gifts for Programmers, Coders, and Engineers

December 14, 2021
Est Read Time: 4 min
Looking for the next great gift to give a special computer wizard in your life? We’ve got you covered!
Read more
Life at Cobalt

Pentesting vs DAST: What is Your DAST Tool Missing?

December 3, 2021
Est Read Time: 2 min
The uptick in technology and a digital-first approach to business provides many benefits. However, it also creates...
Read more
Cybersecurity Insights Modernizing Pentesting

Pentester Diaries Ep:10 Journey into Reverse Engineering and Exploit Development

November 30, 2021
Est Read Time: 4 min
Pentester Diaries Ep.10: Journey into Reverse Engineering and Exploit Development On this episode of Pentest Diaries,...
Read more
Cobalt Core

What Is Sensitive Data?

November 22, 2021
Est Read Time: 3 min
With large amounts of data processed each day by IT systems and networks, it’s imperative that organizations know how...
Read more
Cybersecurity Insights

How to Perform Azure Pentesting

November 17, 2021
Est Read Time: 3 min
Companies are benefiting from an increasing supply of cloud services. The ability to outsource features and functions...
Read more
Cloud Security

History of Pentest as a Service (PTaaS)

November 17, 2021
Est Read Time: 3 min
The beginning of computers and technology transformed the world as we know it, creating new opportunities as early as...
Read more
Modernizing Pentesting

From Bug Hunter to Pentester: Exploring the differences between these two careers

November 16, 2021
Est Read Time: 8 min
In the following blog, I will talk about how I transitioned from a Bug Bounty Hunter to a Pentester. We will be...
Read more
Cobalt Core

Practical Advice on Good API Design

November 14, 2021
Est Read Time: 6 min
When designing a good API, always start with requirements. Before writing a single line of documentation, do as much...
Read more
Modernizing Pentesting API Pentesting

Getting Started With Cobalt

November 9, 2021
Est Read Time: 2 min
Hey everyone, Mike Jang from Cobalt here. I’m a Staff Technical Writer, and I’m announcing the release of our first...
Read more
Product Updates

DevOps Best Practices

November 8, 2021
Est Read Time: 2 min
The use of the terms ‘DevOps’ and ‘DevSecOps’ are often used interchangeably, with the emphasis on security in...
Read more
DevSecOps

What is Web Application Penetration Testing?

November 2, 2021
Est Read Time: 3 min
Web application pentesting is the best method of discovering flaws in web applications. Otherwise known as penetration...
Read more
Modernizing Pentesting Web Application Pentesting

Adding clarity in the murky world of vulnerability risk

October 31, 2021
Est Read Time: 3 min
With a sea of information available to most modern security practitioners, actions need to be based on high quality...
Read more
Product Updates

Winning the Security Budget Fight With Tips From Security Executives

October 27, 2021
Est Read Time: 4 min
Are you preparing for next year's security budget? Budget negotiations can be pivotal in guaranteeing the right...
Read more
Cybersecurity Insights

Network Pentesting: Security Benefits & Solutions

October 19, 2021
Est Read Time: 2 min
Cyberattacks have plagued organizations for decades. As the world continues to adjust to the global pandemic, many are...
Read more
Modernizing Pentesting

Importing Findings Into DefectDojo With the Cobalt API

October 14, 2021
Est Read Time: 6 min
Make sure to check out our Integrations page for more info! At Cobalt, we aim to make security easier. We have covered...
Read more
Product Updates Modernizing Pentesting API Pentesting

Pentester Diaries Ep.9: Talking Certifications with Heath Adams

October 8, 2021
Est Read Time: 5 min
Pentest Diaries Ep.9: Talking Certifications with Heath Adams Welcome and happy Cybersecurity Awareness Month!
Read more
Cobalt Core
How Does Penetration Testing Differ from a Vulnerability Assessment cover image

How Does Penetration Testing Differ from a Vulnerability Assessment?

October 7, 2021
Est Read Time: 4 min
This article was refreshed in January 2023.
Read more
Modernizing Pentesting

PtaaS and Bug Bounty: Which to Choose for Security Testing

September 30, 2021
Est Read Time: 4 min
Fixing vulnerabilities is an important part of reducing an application’s overall risk to remain well-protected over...
Read more
Modernizing Pentesting

How to Achieve SOC 2 Type 2 Compliance

September 19, 2021
Est Read Time: 2 min
Back in May 2020, Cobalt achieved their SOC 2, Type 1 compliance and is excited to say it is now SOC 2 Type 2 compliant...
Read more
Compliance

Pentest Diaries Ep.8: Android Pentesting

September 17, 2021
Est Read Time: 6 min
Pentest Diaries Ep.8: Android Pentesting Highlights In this edition of Pentest Diaries, we had the opportunity to sit...
Read more
Cobalt Core Mobile Application Pentesting

From CSRF and File Upload to RCE - JAVA

September 16, 2021
Est Read Time: 6 min
I have come across many interesting vulnerabilities throughout my offensive security career. In this post, I would like...
Read more
Cobalt Core Vulnerabilities
Terraform, the less-common commands and options cover image

Terraform, The Less-Common Commands And Options

September 14, 2021
Est Read Time: 5 min
This post was originally published on cloudlad.io
Read more
Cybersecurity Insights

Pentesting for the Merger & Acquisition Sector: Cybersecurity Due Diligence

September 13, 2021
Est Read Time: 4 min
Mergers and acquisitions (M&A) are a main driver of growth for many organizations, with the main objective of...
Read more
Cybersecurity Insights

Introducing Cobalt’s Chief Information Security Officer: Andrew Obadiaru

September 10, 2021
Est Read Time: 2 min
With 20+ years in the security and technology industry and a history of managing and mitigating risk across changing...
Read more
Life at Cobalt

Cobalt Named to Quartz Inaugural List of Best Companies for Remote Workers

September 9, 2021
Est Read Time: 2 min
We are excited to announce that today Quartz unveiled its inaugural list of the best companies for remote workers, and...
Read more
NEWS

How Pentesting Differs from Ethical Hacking

August 31, 2021
Est Read Time: 3 min
Pentesting and ethical hacking consist of two similar, but very different cybersecurity practices.
Read more
Cybersecurity Insights

Get to Know Veera Pennala, Cobalt's Account Executive

August 23, 2021
Est Read Time: 2 min
Welcome, Veera! Tell us a bit about yourself and where you're based. I’m Veera, an Account Executive at Cobalt. I’m...
Read more
Life at Cobalt
iPhone held in front of a camera, iOS Pentesting 101cover image

iOS Pentesting 101

August 20, 2021
Est Read Time: 15 min
It is no secret that mobile devices are on the rise. According to the first-quarter 2021 Nielsen Total Audience Report...
Read more
Mobile Application Pentesting Vulnerabilities
DevSecOps: Types of Testing

DevSecOps: Types Of Testing

August 18, 2021
Est Read Time: 4 min
‘The ‘Sec’ in DevSecOps can be the Robin to your DevOps Batman — a trusty sidekick providing continuous backup.” -...
Read more
DevSecOps

Inc. Magazine Reveals Annual List of America’s Fastest-Growing Private Companies—the Inc. 5000

August 17, 2021
Est Read Time: 2 min
We are excited to announce that today, Inc. magazine revealed its annual list of America’s fastest growing private...
Read more
NEWS Life at Cobalt

Cobalt Platform Deep Dive: Customize Your Pentest Reports per Your Needs

August 16, 2021
Est Read Time: 2 min
All organizations that have undergone a pentest understand the importance of a pentest report. Pentest (PT) reports are...
Read more
Product Updates

Pentester Spotlight: Prateek Gianchandani

August 16, 2021
Est Read Time: 7 min
Prateek Gianchandani has been a part of the Cobalt Core since 2019. He is one of the 400+ pentesters worldwide who has...
Read more
Cobalt Core

Pentester Diaries Ep7: Tips for Communicating with Customers

August 12, 2021
Est Read Time: 15 min
Welcome back to Pentester Diaries. In this episode, Cobalt’s Grahame Turner interviews Core pentester Stefan Nicula on...
Read more
Vulnerabilities

Q2 Changelog 

August 4, 2021
Est Read Time: 1 min
CX-INTEGRATIONS
Read more
Product Updates

451 Research Takes a Close Look at Cobalt in Latest Report

August 3, 2021
Est Read Time: 2 min
Analysts at 451 Research are lauded for their data-driven, global insights. For anyone who isn’t familiar with this...
Read more
NEWS

Cobalt joins the German Cyber ​​Security Council e.V.

August 1, 2021
Est Read Time: 1 min
Organizations around the world are facing an unprecedented volume of cyberattacks, and therefore the security and...
Read more
NEWS

Launch Into Getting to Know the Cobalt Core

July 29, 2021
Est Read Time: 3 min
3… 2… 1… It takes the force of a multifaceted team to reach a milestone, whether it’s launching a rocket to the moon or...
Read more
Cobalt Core

Importing Pentest Analytics to Google Data Studio with the Cobalt API

July 26, 2021
Est Read Time: 3 min
Make sure to check out our Integrations page for more info! Last time we talked about how to import data into Google...
Read more
Modernizing Pentesting API Pentesting

Outcomes of Hackathons at Cobalt

July 16, 2021
Est Read Time: 5 min
This post is the third in a series of three posts about hackathons at Cobalt. Read the first post, Why we do hackathons...
Read more
Life at Cobalt

Average Cost of a Pentest

July 14, 2021
Est Read Time: 3 min
With so many cyber attacks occurring around the world, cybersecurity continues to grow in importance for companies....
Read more
Modernizing Pentesting

How We Run Hackathons at Cobalt

July 13, 2021
Est Read Time: 5 min
This post is the second in a series of three posts about hackathons at Cobalt. Read the first one "Why We Do Hackathons...
Read more
Life at Cobalt

Spotlight on Engineering | Encoding Customer Experience

July 13, 2021
Est Read Time: 3 min
Cobalt’s Customer Experience (CX) is split into three teams aimed at creating delightful experiences for our customers...
Read more
Life at Cobalt

Pentester Spotlight: Dhiraj Mishra

July 11, 2021
Est Read Time: 5 min
Dhiraj Mishra is one of the 350+ Core pentesters worldwide who has contributed to the over 6000 Cobalt pentests. We had...
Read more
Cobalt Core

Get to Know Marion Sornette, Cobalt's Sr. Customer Success Manager

July 7, 2021
Est Read Time: 1 min
Welcome, Marion! Tell us a bit about yourself and where you're based. I grew up near Toulouse in the South West of...
Read more
Life at Cobalt

The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation

June 29, 2021
Est Read Time: 2 min
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the...
Read more
Modernizing Pentesting

DevSecOps: A Modern Approach to Security

June 25, 2021
Est Read Time: 4 min
In the modern world, cybersecurity or lack thereof impacts almost every industry.
Read more
DevSecOps

Pentester Diaries Ep6: The Importance of Report Writing

June 24, 2021
Est Read Time: 18 min
Welcome back to Pentester Diaries. In this episode, longtime Core member and Cobalt Research Manager, Robert Kugler...
Read more
Vulnerabilities

Why We Do Hackathons at Cobalt

June 23, 2021
Est Read Time: 2 min
Create a culture of innovation At Cobalt, we want to create a culture of innovation. We started off very well in 2013...
Read more
Life at Cobalt

Parameter Tampering Vulnerability Using 3 Different Approaches

June 21, 2021
Est Read Time: 4 min
With the growing number of online transactions increasing, it is clear that payment security is crucial. I have created...
Read more
Vulnerabilities

Pentester Spotlight: Alex Moraga

June 16, 2021
Est Read Time: 7 min
Alex Moraga has been a part of the Cobalt Core since 2015. Over the course of his seasoned pentesting path, he has...
Read more
Cobalt Core

Announcing SOC 2 Type II Certification: Reinforcing our Commitment to Security

June 9, 2021
Est Read Time: 2 min
We are delighted to share the news that Cobalt is now SOC 2 Type II certified!
Read more
NEWS

Getting Started with Android Application Security

June 7, 2021
Est Read Time: 13 min
Security has always been a major concern for businesses, and this concern is even greater when it comes to mobile...
Read more
Mobile Application Pentesting Vulnerabilities

Cobalt API: Import Your Findings to Google Sheets

June 6, 2021
Est Read Time: 8 min
Make sure to check out our Integrations page for more info! Last week we announced the launch of the Cobalt API—a...
Read more
Cybersecurity Insights

What's Included in Pentest as a Service?

June 4, 2021
Est Read Time: 4 min
Pentest as a Service (PTaaS) brings together the human ingenuity of pentesting with the efficiency of a SaaS product.
Read more
Modernizing Pentesting

Pentester Diaries Ep5: Understanding Severity Ratings

June 2, 2021
Est Read Time: 12 min
Welcome back to Pentester Diaries, a podcast series that aims to take off the hacker hoodie and have a real...
Read more
Vulnerabilities

Cobalt Launches Public API to Further Modernize Pentesting

June 1, 2021
Est Read Time: 4 min
We are thrilled to announce the launch of the Cobalt API. As of today, customers can easily integrate data on their...
Read more
Product Updates API Pentesting

Mapping Cyberattacks to Maslow's Hierarchy of Needs

May 28, 2021
Est Read Time: 5 min
Maslow’s Hierarchy of Needs outlines the theory that human needs exist in a hierarchical structure. The hierarchy...
Read more
Cybersecurity Insights

How e-Commerce Stores Prepare for a PCI-DSS Audit

May 18, 2021
Est Read Time: 4 min
Website compliance can be a challenge. With so many different frameworks, ranging from privacy regulations to broader...
Read more
Compliance

How to Write an Effective Pentest Report: Vulnerability Reports

May 17, 2021
Est Read Time: 9 min
The pentest process is not limited to executing various test cases to identify security vulnerabilities. It is a...
Read more
Vulnerabilities

Pentester Spotlight: Valerio Brussani

May 17, 2021
Est Read Time: 5 min
Valerio Brussani joined the Cobalt Core, our highly-experienced, geographically-diverse community of pentesters, in...
Read more
Cobalt Core

What is the Purpose of Pentesting?

May 13, 2021
Est Read Time: 3 min
The primary purpose of pentesting is to perceive your business through the eyes of an attacker and proactively thwart...
Read more
Modernizing Pentesting

Cobalt Named to Inc. Magazine’s Annual List of Best Workplaces For 2021

May 12, 2021
Est Read Time: 1 min
I am thrilled to say that Cobalt has been named to Inc. magazine’s annual list of the Best Workplaces for 2021. The...
Read more
NEWS

Pentester Diaries Ep4: Beyond Security Hygiene

May 12, 2021
Est Read Time: 15 min
Welcome back to Pentester Diaries, a podcast series that aims to take off the hacker hoodie and have a real...
Read more
Vulnerabilities

Cobalt Platform Deep Dive: Scoping Pentests Based on Asset Size and Coverage

May 3, 2021
Est Read Time: 3 min
This blog post is part of an ongoing series in which members of the Cobalt product team provide deep dives into...
Read more
Product Updates

IaC Pipelines With Terraform And Cloud Build

May 2, 2021
Est Read Time: 8 min
“Today, most software exists, not to solve a problem, but to interface with other software.” — IO Angell In this blog...
Read more
Cybersecurity Insights

Meet Engineering Halfway: How Pentest as a Service Speeds Up Remediation

April 28, 2021
Est Read Time: 3 min
Getting your pentests done is half the battle. Arguably the most important step is what comes after — fixing the...
Read more
Modernizing Pentesting

Spotlight on Engineering: Tips From Our Hiring Team on How To Nail Our Interviews

April 26, 2021
Est Read Time: 5 min
We’ve said it before, we’ll say it again — Cobalt is scaling crazy fast! Over the next year our Engineering team is...
Read more
Life at Cobalt
How to Maintain ISO 27001 Certification

How to Maintain ISO 27001 Certification

April 23, 2021
Est Read Time: 4 min
Organizations need to cultivate a culture and Information Security Management Systems (ISMS) to allow compliance with...
Read more
Compliance

Pentester Diaries Ep3: Time Management & Pentest Organization

April 21, 2021
Est Read Time: 22 min
Welcome back to Pentester Diaries, a podcast series that aims to take off the hacker hoodie and have a real...
Read more
Cobalt Core

How to Identify the Different Types of Malware

April 16, 2021
Est Read Time: 3 min
Cyberattacks continue to rise, with the level of sophistication of the attacks growing as businesses and organizations...
Read more
Cybersecurity Insights

Scheduling Pentests in Minutes: How The Cobalt Platform Saves Teams Valuable Time

April 14, 2021
Est Read Time: 2 min
Here’s a breakdown of the steps security teams have to take to schedule a pentest via traditional vendors. Notice that...
Read more
Product Updates

Pentester Spotlight: Martina Matarí

April 8, 2021
Est Read Time: 6 min
Martina Matarí joined the Cobalt Core, our highly-experienced, geographically-diverse community of pentesters, in 2020....
Read more
Cobalt Core

Changelog — March 2021

April 7, 2021
Est Read Time: 1 min
It's been a while since our last Changelog post. We've been hard at work to push some bigger changes to the Cobalt...
Read more
Product Updates

On-Demand, Streamlined, Interactive: SANS Reviews Our Pentest as a Service Platform

April 6, 2021
Est Read Time: 2 min
Traditional pentesting still raises numerous operational challenges for agile and fast-paced companies. We surveyed 165...
Read more
Modernizing Pentesting

CISOs Assemble: Shaping a Security Strategy

April 5, 2021
Est Read Time: 4 min
Read more
Cybersecurity Insights

Pentester Diaries Ep2: 2FA Bypass Techniques

April 1, 2021
Est Read Time: 17 min
Welcome back to Pentester Diaries, a podcast series that aims to take off the hacker hoodie and have a real...
Read more
Cobalt Core

Understanding the CVSS Base Score: An Essential Guide

April 1, 2021
Est Read Time: 5 min
A company is only as secure as its software. Any time a business introduces new technology into operations, sensitive...
Read more
Cybersecurity Insights

What is Cybersecurity Maturity Model Certification (CMMC)?

March 25, 2021
Est Read Time: 4 min
Addressing cyber threats in any organization remains critical. Threats such as ransomware, phishing, and Trojans have...
Read more
Compliance

Cobalt Platform Deep Dive: Pentest Coverage Checklist

March 23, 2021
Est Read Time: 2 min
This blog post is part of an ongoing series in which members of the Cobalt product team provide deep dives into...
Read more
Product Updates DevSecOps

Cobalt’s Pentest Maturity Model: Which Level Are You?

March 23, 2021
Est Read Time: 3 min
The modern business world constantly faces digital threats. With companies facing these continuous threats,...
Read more
Cybersecurity Insights

Spotlight on Engineering: A Sneak Peek Into Cobalt's Engineering Teams

March 22, 2021
Est Read Time: 2 min
Over the past 7 years, Cobalt has evolved from a four-man startup into a provider of a leading Pentest as a Service...
Read more
Life at Cobalt

Crowdsourced Penetration Testing: PTaaS and PCI DSS Compliance

March 20, 2021
Est Read Time: 5 min
Various regulatory requirements that are lurking across different industries — involving different aspects of...
Read more
Compliance

Anatomy of the Session Management Tests

March 19, 2021
Est Read Time: 6 min
Note: This article has been created in light of the OWASP standards and descriptions.
Read more
Cobalt Core Vulnerabilities

Pentester Diaries Ep1: Understanding Business Logic

March 11, 2021
Est Read Time: 22 min
We are excited to share the first episode of a new podcast series, Pentester Diaries.
Read more
Vulnerabilities

Pentester Spotlight: Andreea Druga

March 4, 2021
Est Read Time: 7 min
Andreea Druga is a pentester with over six years of experience in the security arena with a master's degree in IT&C...
Read more
Cobalt Core
Got Cookies? Exploring Cookie Based Authentication Vulnerabilities in the Wild

Got Cookies? Exploring Cookie Based Authentication Vulnerabilities in the Wild

March 2, 2021
Est Read Time: 6 min
Cookies are a widely used way to enable authentication in many of the applications out there. Over time, there has been...
Read more
Vulnerabilities
Pentester's Guide to File Inclusion cover image

A Pentester’s Guide to File Inclusion

February 19, 2021
Est Read Time: 4 min
Read the Pentester’s Guide to File Inclusion for key insights into this common vulnerability.
Read more
Cobalt Core Vulnerabilities

Scope Based Recon Methodology: Exploring Tactics for Smart Recon

February 16, 2021
Est Read Time: 10 min
Reconnaissance (aka Recon) is an essential process in pentesting, especially Black Box Pentesting, where you don't have...
Read more
Vulnerabilities

Business Cost of Cybercrime

February 11, 2021
Est Read Time: 8 min
Businesses around the world have faced a lot of challenges this past year.
Read more
Cybersecurity Insights

Pentester Spotlight: Jesus Arturo Espinoza Soto

February 11, 2021
Est Read Time: 4 min
How curiosity led a PHP programmer to web hacking and a collaborative pentest community of technology tinkerers. Jesus...
Read more
Cobalt Core

How to Communicate the Business Impact of Vulnerabilities

February 8, 2021
Est Read Time: 3 min
You’ve discovered a new vulnerability in your infrastructure. If you’re lucky, it’s something you can handle without...
Read more
Cybersecurity Insights
Pentester’s Guide to WebSocket Pentesting cover image

A Pentester’s Guide to WebSocket Pentesting

February 5, 2021
Est Read Time: 4 min
What is WebSocket Hijacking? As OWASP states, the HTTP protocol only allows one request/response per TCP connection....
Read more
Web Application Pentesting Vulnerabilities

Prevent Whaling Phishing Attacks with Cybersecurity Awareness

January 29, 2021
Est Read Time: 5 min
Although whale phishing isn’t anything new and existed since the early 90s, the FBI reports an increase in cyberattacks...
Read more
Cybersecurity Insights Cybersecurity Services
Bypassing the protections with MFA Bypass Techniques cover image

Bypassing the Protections — MFA Bypass Techniques for the Win

January 27, 2021
Est Read Time: 6 min
Multi-Factor Authentication (MFA) often known as Two-Factor Authentication (2FA) is an added layer of protection added...
Read more
Vulnerabilities
Code injection cover image

A Pentester’s Guide to Code Injection

January 8, 2021
Est Read Time: 3 min
Learn about code injection vulnerabilities with the Pentester’s Guide to Code Injection.
Read more
Cobalt Core Vulnerabilities

Top Ten Famous Hackers

January 5, 2021
Est Read Time: 10 min
*This article was refreshed in January 2023. The top hackers in the world come from different backgrounds and...
Read more
Cybersecurity Insights
    RSS

    Always get the latest

    Sign up to get Cobalt insights delivered right to your inbox so you never miss a story.

    More resources

    Learn pentesting best practices, read answers to our most common questions
    and get our technical docs.
    Cobalt_homepage_cta_image@2x-1