Cobalt Methodologies

An overview of Cobalt methodologies.

Cobalt pentesters follow specific methodologies for different test and asset types.

By default, our pentesters test for industry standard vulnerabilities from:

Open Web Application Security Project (OWASP).
- Includes different “Top 10” lists for web, API, mobile, AI/LLM, and cloud systems.
Open Source Security Testing Methodology Manual (OSSTMM) (PDF).
- Used for internal and external networks.

For more information on how we pentest, refer to the detailed pages associated with your asset.

Web
API
Mobile
Internal Network
External Network
Cloud Configuration Review
Desktop
AI/LLM

The Methodology is usually fixed, based on the Test Type or the Asset Type you defined earlier. If you choose a combined asset type, such as Web + API, you can limit the test to either of the individual methodologies:

Choice of Methodologies

Last modified March 31, 2025