Web Application Penetration Testing Methodology
Review Cobalt pentest methodologies for web applications, including microservices.
Cobalt Penetration Testing Methodologies
An overview of Cobalt pentest methodologies.
Cobalt pentesters follow specific methodologies for different types of assets.
By default, our pentesters test for industry standard vulnerabilities from:
- Open Web Application Security Project (OWASP).
- Includes different “Top 10” lists for web, API, mobile, and cloud systems.
- Open Source Security Testing Methodology Manual (OSSTMM) (PDF).
- Used for internal and external networks.
For more information on how we pentest, refer to the detailed pages associated with your asset.
In most cases, the Methodology is fixed, based on the Asset Type you defined earlier. However, if you selected a combined asset type, such as Web + API, you can limit the test to either of the individual methodologies:
Review the methodology for your asset, from the links shown earlier. Each methodology includes default requirements based on standards such as:
You’re welcome to include additional requirements.
Next, you’ll want to set up and share Test Credentials for your pentesters.
API Pentest Methodologies
Review methodologies for APIs. Includes microservices.
Mobile Application Penetration Testing Methodology
Review Cobalt pentest methodologies for mobile applications.
Internal Network Penetration Testing Methodology
Review Cobalt pentest methodologies for internal networks.
External Network Penetration Testing Methodology
Review Cobalt pentest methodologies for external networks (includes instances of Microsoft Office 365).
Cloud Configuration Pentests
Review methodologies for Cloud Configurations.
Azure Active Directory Penetration Testing Methodologies
Review Cobalt pentest methodologies for Azure Active Directory.
Desktop Penetration Testing Methodology
Review Cobalt pentest methodologies for desktop applications.
Last modified December.12.2023