Cobalt Penetration Testing Methodologies

By default, our pentesters test for industry standard vulnerabilities from:

• Open Web Application Security Project (OWASP).
  • Includes different “Top 10” lists for web, API, mobile, and cloud systems.
• Open Source Security Testing Methodology Manual (OSSTMM) (PDF).
  • Used for internal and external networks.

For more information on how we pentest, refer to the detailed pages associated with your asset.

• Web
• API
• Mobile
• Internal Network
• External Network
• Cloud
• Desktop
• Azure AD

In most cases, the Methodology is fixed, based on the Asset Type you defined earlier. However, if you selected a combined asset type, such as Web + API, you can limit the test to either of the individual methodologies:

Review the methodology for your asset, from the links shown earlier. Each methodology includes default requirements based on standards such as:

• OWASP
• OSSTMM

You’re welcome to include additional requirements.

Next, you’ll want to set up and share Test Credentials for your pentesters.