Cobalt Methodologies
An overview of Cobalt methodologies.
Cobalt pentesters follow specific methodologies for different test and asset types.
By default, our pentesters test for industry standard vulnerabilities from:
- Open Web Application Security Project (OWASP).
- Includes different “Top 10” lists for web, API, mobile, AI/LLM, and cloud systems.
- Open Source Security Testing Methodology Manual (OSSTMM) (PDF).
- Used for internal and external networks.
For more information on how we pentest, refer to the detailed pages associated with your asset.
The Methodology is usually fixed, based on the Test Type or the Asset Type you defined earlier. If you choose a combined asset type, such as Web + API, you can limit the test to either of the individual methodologies: