DAST
Continuously monitor web applications for vulnerabilities at scale with Cobalt Dynamic Application Security Testing (DAST).
DAST
Continuously monitor web applications for vulnerabilities at scale with Cobalt Dynamic Application Security Testing (DAST).

Then & Now: One Year Pentesting at Cobalt with Arif

Arif (@payloadartist) joined the Core last April and shared his experience of how things have been for him at Cobalt for the past year.
 

How were you introduced to pentesting? How did you end up finding Cobalt? 

I was introduced to pentesting when as a teenager I was fascinated with web security and hacking. At that time, I had no idea what I was doing but I knew if I were to do a job, this would be it. The beginning was difficult, of course. I’m sure a lot of us felt lost when the secrets of information security didn’t unfold in front of us nicely. The beginning for most people is mountains of research to hike through.

However, I continued to crave more from the information I found. I wanted to turn my passion into a profession. A way to get paid to ethically hack. The journey hasn’t been easy. It took time to engage with many clients, build long-lasting relations, and offer my consultation and advice to several organizations. This is how I was introduced to pentesting as a profession. 

I have also been involved in bug bounty hunting. I constantly like to study new attack vectors and vulnerabilities, which is why I also made a resource for pentesters and bug bounty hunters where one can research particular types of security vulnerabilities through a large collection of write-ups on Bug Bounty Hunting.

Throughout my career, I’ve learned that I wanted more than the 9-5. I love challenges, so Cobalt appealed to me the most; it was the perfect thing for me.

I first came to know about the Core from someone who had already joined. All I knew back then was it is an exclusive community of the top pentesters across the globe. Naturally, I became curious about the platform.

What were your first impressions of the Cobalt platform?

Cobalt truly lives up to the promise of top-tier talent in pentesting, as was evident when I worked here. It also gives clients the ability to link up with great teams across the globe.

It's a game-changer for companies who have stuck to traditional pentesting services for years, which can be inefficient and expensive. The move towards a scalable agile pentesting approach is essential for modern AppSec teams. Cobalt’s PtaaS model fixes the traditional 1-2 months-long process to plan and organize penetration tests. It allows you to take advantage of the immense power of the PtaaS software automation and a community of pentesters with diverse skills tailored to your application security needs. Cobalt is disrupting PtaaS, it is one of a kind. If you are looking for an upgraded and cheaper solution to traditional pentesting to deliver results at scale, look no further than Cobalt! 

What was it like to use the platform from a pentester’s perspective? 

From the pentester perspective, Cobalt’s platform has been phenomenal. The platform is very intuitive and easy to use. It makes vulnerability management and pentest report writing a pleasant experience, rather than a repetitive task. Also, it gives me great satisfaction that our feedback for improvement reaches the right ears. Then the team continues to constantly improve the platform by adding more and more useful features.

In my honest opinion, Cobalt has revolutionized the process of traditional pentesting by improving the ease of workflow in its platform, covering all aspects of pentesting such as scoping, sharing critical information, vulnerability reporting, pentest report writing, and client interaction. 

What were the highlights from your first engagement?

The team members doubled up as mentors - my lead was very supportive. I am still in touch with my team lead; they are still here to offer me advice or assistance. 

What is Cobalt Core again? It's not the odd 9-5 job you do, Cobalt Core lives up to the true meaning of a close community. Your senior becomes a friend and mentor. There is no corporate politics in play here that people working at larger consultancies suffer daily. A notion that stifles the professional growth of people who experience it. 

There was no stress during the first engagement, despite it being my first time at a new company, it was not a daunting experience. Instead, it was very smooth and pleasant. We made long-lasting bonds with each other as a team, and the client was also satisfied with one of my unique findings. What more could you ask for on a first engagement? 

What new skills have you learned in the first few months at Cobalt?

My ability to work as a team has improved over my time here at Cobalt. My existing skills improved while learning in-depth about ingenious web application attacks during different engagements. Cobalt also helped me improve my report writing skills, as well.

We never stop learning here. I learned plenty of stuff, like new approaches to manual application security testing, reconnaissance, enumeration, and so much from my teammates. If I could say one thing, I would stay here for the rest of my career just to learn from my fellow teammates who are exceptional researchers and team players.

How does it feel working with pentesters from around the world?

There's a lot of diversity and differences between cultures, but our community shares the common hacker culture. I got to meet people across the globe. Nationality isn't a factor amongst hackers, we share a culture of curiosity and taking things apart, which is common to us all!

What advice would you give to someone just joining the core?

Cobalt has very high expectations from you, don't let them down. Be a good team member, respect everyone the same, not just your leader. Respect every core member. Good teamwork is what makes up the “Core” part of a pentest. Also, stay up-to-date with recent attack vectors, don’t be afraid to get creative, and think out of the box - don’t just stick to a basic checklist. 

Cobalt Core Secret Sauce CTA Image 2022

 

Back to Blog
About Cobalt
Cobalt provides Pentest Services via our industry-leading Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model with streamlined processes, developer integrations, and on-demand pentesters. The Cobalt blog is where we highlight industry best practices, showcase some of our top-tier talent, and share information that's of interest to the cybersecurity community. More By Cobalt
Cobalt Recognized as Only 'Leader' in G2's Penetration Testing Grid
It’s official: users love us! G2 named Cobalt the only leader in the Grid® Report for Penetration Testing Winter Report.
Blog
Jan 7, 2022