Bugcrowd connects companies' security and dev teams to vetted and talented security researchers worldwide to run crowd-powered private and public bug bounty programs.
N/A
Cobalt Offensive Security Testing
Score 10.0 out of 10
N/A
Cobalt’s Offensive Security Platform aims to modernize traditional pentesting. By combining a SaaS platform with an exclusive community of testers, the service aims to deliver real-time insights needed to remediate risk and innovate securely.
N/A
Pricing
Bugcrowd
Cobalt Offensive Security Testing
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Bugcrowd
Cobalt Offensive Security Testing
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
Cobalt Credits™ is a flexible consumption model where pentests are sold in groups and redeemed easily throughout the year for a continuous and carefree pentesting experience.
Budget was ultimately the reason we went with Bugcrowd initially. Bugcrowd allowed for us to come up with our own bounty scale to fit out budget. Most other companies had a fixed scale, or the scale was not as flexible as we wanted it. Traditional penetration testing …
Bugcrowd is great for bug bounty programs and as a cheaper alternative to a full-blown penetration test. Small to medium-sized companies who are serious about security, but don't have the budget for a $40,000 penetration test, this is a great solution. Bugcrowd isn't going to be able to do much of the white-box penetration testing (code reviews), as they are more suited for grey-box and black-box. A program like this will need at least one dedicated person to work with the moderator, verify findings, and decide on the severity of the finding.
The success of your program highly depends on the moderator that is assigned to your project. A good moderator will continue to find researchers until the quota is full. Less than stellar moderators will send out one invite and sees what sticks.
Not all researchers are as professional as one might hope. This can ruin the experience.
Budget was ultimately the reason we went with Bugcrowd initially. Bugcrowd allowed for us to come up with our own bounty scale to fit out budget. Most other companies had a fixed scale, or the scale was not as flexible as we wanted it. Traditional penetration testing companies were very expensive.
We have received some great results for a great price. We've also received some poor results at the same price.
Bugcrowd is not always recognized as a "real" penetration test, but for the most part, we have not had any problems with customer accepting our reports.
Overall, Bugcrowd has been an overall good experience, but we have had a poor moderator from time-to-time that has resulted in less than ideal results.