WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

StartEngine Leverages Cobalt's Penetration Testing to Meet Regulatory Standards

StartEngine manages cyber risk with Cobalt's Pentest as a Service platform.

StartEngine is a well-known platform for equity crowdfunding, providing an opportunity for regular individuals to invest in emerging businesses and companies in their early stages. The  platform allows businesses from different industries to gather funds from the public. The primary goal of StartEngine is to make capital more accessible, empowering entrepreneurs to directly raise funds from their customers or the general public, while also offering individuals the chance to invest in non-public companies. To date, StartEngine has successfully assisted numerous companies in raising more than $1.1 billon. 

Penetration testing is of great importance for companies like StartEngine to protect their digital resources and customer data against possible cyber threats. StartEngine, being a crowdfunding platform, deals with confidential financial details from both investors and companies in search of investments.

“I like how modern and easy to use the interface is. It’s a big selling point and just handy to have an intuitive tool to use.”

Cameron Ehrlich Principal Engineer

Challenges

Vendor Selection: StartEngine struggled to find a single, suitable vendor for conducting pentests on web and mobile applications.

Depth of Testing: It was critical that StartEngine found a provider for comprehensive pen testing, covering all system aspects.

Regulatory Compliance: They faced a challenge in ensuring infrastructure meets SEC and FINRA security standards.

Results

Comprehensive Testing: Cobalt provided detailed pen tests for web and mobile applications, identifying security issues and suggesting fixes.

Efficient Management: Cobalt's platform enabled efficient management and prioritization of pen test findings as well as retesting

Reusable Assets: StartEngine was grateful for the ability to reuse assets for multiple pen tests, saving setup time.

Penetration testing is of great importance for companies like StartEngine to protect their digital resources and customer data against possible cyber threats. StartEngine, being a crowdfunding platform, deals with confidential financial details from both investors and companies in search of investments.

Preemptive security was StartEngine's primary concern. They wanted to prevent any unauthorized access to their systems that could lead to a data breach. Regular pen tests were a key part of their strategy to achieve this. They saw the value in regular pen testing and planned to conduct tests twice a year. Working with a reliable provider like Cobalt was part of their long-term security strategy. 

Finding a suitable vendor for conducting pen tests on web and mobile applications was a struggle. They also had difficulty finding a provider that could offer comprehensive pen testing, covering all aspects of their system. Ensuring their infrastructure met SEC and FINRA security standards was another significant challenge.

 “Having access to your team is super helpful. We’re able to ask questions along the process rather than waiting until later."

JAY PATEL, QA ENGINEER

Cobalt was able to provide detailed pen tests for web and mobile applications, identifying security issues, and suggesting fixes. Cobalt’s platform enabled efficient management and prioritization of pen test findings. StartEngine also appreciated the ability to reuse assets for multiple pen tests, saving them valuable setup time and the ability to retest immediately after remediation. They found it helpful to have access to Cobalt's team for support and to answer any questions they had during the process. Cobalt's ability to start the pen tests quickly after the contract was completed was another aspect that StartEngine found beneficial.