Q: Why Should I Use Cobalt?
A: At Cobalt, we believe that modern applications deserve something better than generic vulnerability scanners and overpriced penetration testing consultants. We have built a best-in-class SaaS platform which provides on-demand pentesting by connecting you to top application pentesters around the world.
Q: How is Cobalt different from traditional penetration test models?
A: There are two main characteristics that set us apart from traditional penetration testing models: 1. We source our pentesters from a large global talent pool of vetted freelancers, which means we can be agile without compromising quality or increasing price, and 2. We deliver all the reporting and communication through a modern online platform, making it easier for you to collaborate continuously with the pentesters and integrate seamlessly with your SDLC.
Q: What types of applications can be tested?
A: Our vetted and trusted group of pentesters, called Cobalt Core, is highly experienced in doing assessments and penetration testing of web applications, mobile applications, web APIs, external networks, and Amazon Web Services. If your application does not fall into these categories, we’re still happy to have a chat and see if we can help.
Q: Can you help with PCI, HIPAA, SOC-2 compliance?
A: We can fulfill the penetration test requirements for most compliance needs, including vendor assessments, PCI, HIPAA, SOC-2, etc. Schedule a demo to get more insight on the certifications we can help you with.
Q: Does Cobalt offer other security services beyond pentesting?
Q: Do you offer pentests outside of compliance requirements?
A: Yes. Cobalt offers pentesting that can go beyond fulfilling compliance obligations. Cobalt buckets pentests into two offerings: Comprehensive Pentesting and Agile Pentesting. Comprehensive Pentesting encompasses all vulnerability categories across an asset. Primary use cases include compliance testing, customer requests, and M&A due diligence. Agile Pentesting has a targeted scope focused on a specific piece of an asset or a specific vulnerability across an asset. Primary use cases include new release testing, delta testing, exploitable vulnerability testing, single OWASP category testing, and microservice testing.