Cobalt.io wants to change the way companies purchase and pay for pentesting services, which test an application for vulnerabilities before it goes live. Today, the company announced a number of enhancements to the platform.
Jacob Hansen, CEO and co-founder at Cobalt, says the pentesting business typically involves an expensive and time-consuming exercise, which culminates with the delivery of a PDF listing the issues that the tester found. When he and his co-founders launched the company in 2013, they wanted to bring a digital element to that whole process.
“What we have built is two things. The first is a marketplace of vetted, verified pen testers. So, basically freelance security testers in the marketplace that we have vetted and verified and taken ownership of. And secondly, we built a software platform where you can schedule and manage tests,” Hansen told TechCrunch.
He says that one of the bottlenecks with this process is simply getting started, and understanding the basic parameters of the test. This is often done via a number of emails or phone calls. Cobalt built a kind of getting started wizard to streamline the process.
“It’s a little bit like a Turbo Tax for pentest planning. It’s similar in that it speeds up and streamlines the requirements gathering and set up of the test, which brings a lot of convenience to both sides of the transaction between the pen tester and our clients,” he explained.
Once the testing starts, instead of gathering all of the data, and delivering a list of issues at the end, Cobalt can take advantage of the platform to deliver the issues to developers in a way that integrates more smoothly with their development environments. That means that as the tester finds an issue, it automatically gets flagged and sent to Jira, where it becomes part of the developer’s normal workflow where they can address it almost in real time.
“This is where we differ from the traditional pen testing industry. We’re building a modern pentest as a Service platform. And that means that it’s real time, integratable, and it’s just a different and better workflow,” he said.
Finally, the company is offering a new flexible pricing model. Instead of paying by the test, customers can buy credits ahead of time, which gives them virtual vouchers to consume the service whenever they need to. It gives the customer, who are regular consumers, a sense of cost certainty and availability up front, and it helps Cobalt because it’s getting paid ahead of the actual service usage.
Cobalt.io was founded in 2013. Its headquarters are in San Francisco with offices in Boston and Berlin. It has 500 customers today and reports it did 1,000 tests last year. It hopes to triple that number this year. The company has raised $8 million, according to Crunchbase data.