Professional Services Pentests

Run advanced pentest engagements with the Cobalt Professional Services team.

Professional Services are an extension of our core PtaaS platform offering. Our security experts can run advanced pentest engagements for your organization, acting as an extension of your internal security team.

Need an Advanced Pentest? Contact Us »

Pentest Engagements

The Cobalt Professional Services team can run the following pentest engagements:

  • IoT ecosystem testing
  • Thick client application testing
  • Wireless network testing
  • Physical social engineering
  • Threat modeling
  • Phishing
  • Red teaming
  • Security hardening
  • Secure code review
  • Pentest program management

Can’t find what you need? Contact us to plan a pentest tailored to your needs.

Pentest Process

Lifecycle of the Cobalt pentest program

Here are the stages of an advanced pentest engagement:

Stage Description
1 Discover You define what you need to test and contact the Cobalt Professional Services team.
2 Plan We arrange a kickoff call to plan, scope, and schedule your pentest. During this stage, we:
  • Determine the pentest scope, including the engagement type and pentest methodology.
  • Create a Statement of Work.
  • Set pentest timelines.
3 Test The Cobalt Professional Services team tests your asset using the determined pentest methodology.
  • We share vulnerabilities that we discover in real time, in a dedicated Slack channel.
  • At this stage, you can start remediating findings.
4 Remediate The testing process is complete. Remediate findings that pentesters discovered.
  • We provide remediation guidance during testing.
  • We don’t provide free retesting for advanced pentests.
5 Report We share a report once the pentest engagement is complete.
  • For advanced pentests, the report sections may differ compared to standard pentests.
  • We also offer a debrief call where you can ask questions about the remediation, report, and testing that we performed.
6 Analyze Once the pentest is complete, analyze the security posture of your asset.
  • Deep dive into the pentest report to assess discovered vulnerabilities with your development and security teams.
  • Take the required remediation actions.
  • Identify what you expect from your next pentest for this asset.

Asset Types

For advanced pentests run by the Cobalt Professional Services team, we support additional asset types, beyond our standard asset types. You may see these asset types in the Cobalt UI:

Asset Type Description
IoT An IoT ecosystem. As defined by NIST, an IoT device has at least one transducer (sensor or actuator) for interacting directly with the physical world and at least one network interface, such as Ethernet, Wi-Fi, or Bluetooth, for interfacing with the digital world.
Physical An office, building, campus, or a physical device.
Thick Client An application installed locally on a user’s computer.
Wireless Network A network that allows devices to stay connected without using wires of any kind.
Other Asset used in other advanced pentest engagements, such as phishing, read teaming, security hardening, and more.

How to Launch a Pentest

A Specialized pentest that you see in the Cobalt UI is a pentest engagement conducted by the Cobalt Professional Services team.

Specialized pentest in the Cobalt UI

To launch an advanced pentest, contact our Professional Services team at professional_services@cobalt.io. You can’t create an advanced pentest or set up a special asset in the UI—we’ll do that for you.

Once we’ve set up a Specialized pentest, you can:

  • Edit asset details, except for the asset type.
  • Edit pentest details. Some pentest parameters may slightly differ for Specialized pentests.


Was this page helpful?

Yes No Create an Issue

Last modified June.06.2023