Cobalt Reviews & Product Details

Cobalt provides practical, real‑world pentesting with actionable findings that are easy for engineers to understand and fix. The ability to interact with testers and quickly validate remediations makes security feel collaborative rather than audit‑driven. It fits well into modern development workflows without adding unnecessary friction. Review collected by and hosted on G2.com.

Pricing and scoping can feel less flexible for smaller or narrowly focused tests, and tester availability can vary depending on timing and skill set. Some findings can still lean toward generic issues, requiring follow‑up to confirm real business impact. Deeper guidance on prioritization across multiple assessments would be valuable. Review collected by and hosted on G2.com.

I really appreciated the flexibility in scheduling our pen test, as well as the clear, consistent communication between our team and the pen testers throughout the process. Review collected by and hosted on G2.com.

We ran into an issue with a pen tester who performed a scan on our printer network, which caused the printers to spit out hundreds of pages of garbled text. We informed the tester about what happened and specifically asked that no further scans be run. Despite that, another scan was performed the next day, and the printers once again printed hundreds of pages. Review collected by and hosted on G2.com.

We've been a Cobalt user for several years now (probably 5+ years). We first use them when they had limited reporting and reporting formats. They've improved that over the years which makes it super easy for us to share those reports externally or internally.

The pentesters that we've been assigned generally have been pretty solid for the discovery of findings and responsive when we need to clarify certain items.

The pricing is generally reasonable -- we've haven't done a competitive comparison of pricing in a few years. Review collected by and hosted on G2.com.

For customers of our size (smaller), we're not really engaged by the team to learn more about about what we can get out of the platform within our current pay scope. Obviously if we can get more for what we pay, we'd want to know what those features or other things are. Review collected by and hosted on G2.com.

I use Cobalt for penetration testing in my SaaS healthcare company, and I was really satisfied with it. Cobalt impressed me with their team's responsibility and the smooth onboarding process. Having a really helpful assistant for every aspect I had questions about was a bonus. The tool was really quick, and I found the fix and mitigation phase worked really well, which made us really happy. The initial setup was smooth, and the team was very responsible and responsive. If collaboration or pointing out findings related to my system was needed, Cobalt was really amazing. Review collected by and hosted on G2.com.

I would say that the reporting and the interface of the reports could be better, which is difficult internally. Since we add some findings, I needed to explain really deep to the management about the findings and their impact. Review collected by and hosted on G2.com.

I like that once I establish with Cobalt, I can just get back to them very well. I enjoy that I can treat each finding separately and have unlimited retests. I appreciate the good communication that uses the platform. Review collected by and hosted on G2.com.

I don't like that there is a minimum of five credits because I want to do segmentation penetration tests that are usually even below one credit of workload. So getting them for the cost of five credits doesn't make any sense. I would like there to be a possibility of a minimum number of credit being one for certain penetration tests, like PCI segmentation. Review collected by and hosted on G2.com.

I like Cobalt’s on-demand pen testing and the real-time, detailed reporting. They provide a faster path to getting tests started and receiving results, along with continuous findings and integrated reporting that delivers immediate insights. I also appreciate the integrations with ticketing systems, which help streamline workflows and improve efficiency. On top of that, the initial setup was very easy, so getting started felt smooth and straightforward. Review collected by and hosted on G2.com.

Can not think of anything! Works like a charm. Review collected by and hosted on G2.com.

I really appreciate the quality of researchers on the Cobalt platform, which helps us find hidden vulnerabilities missed by our internal security team. The penetration testers provide weekly updates on tests and deliver clean, clear reports on each detected vulnerability. These reports are easily understandable for developers and assist in fixing vulnerabilities. The collaborative environment with the Tester and Project Manager makes support feel much more effective, allowing real-time discussions on the flow of testing. The pricing is also lesser than other providers without compromising quality, which is amazing. The initial setup was incredibly easy, like a cakewalk. Review collected by and hosted on G2.com.

I don't have any thing to dislike about cobalt. Till now , everything is amazing for us. Review collected by and hosted on G2.com.

What I like most about Cobalt is how simple and fast it makes security testing. It connects you with skilled testers on demand, which helps you identify issues quickly and fix them sooner. Overall, it feels more flexible and easier to work with than traditional methods. Review collected by and hosted on G2.com.

Some more UI-friendly tools are needed to provide a more user-friendly experience. Review collected by and hosted on G2.com.

I like that Cobalt follows the timelines and keeps the communication going in every aspect. I also appreciate that we don't have to worry much about the tests. We just provide the setup and they take care of everything else. The initial setup is easy, and the portal has relevant questions to be responded. Review collected by and hosted on G2.com.

One point I feel like the old/previous issues should be tested with the new tests and update their status as well. Review collected by and hosted on G2.com.

I like Cobalt's bug bounty and pentesting services, as it's a mature platform that helps resolve potential vulnerabilities and hardens our architecture. I'm impressed with how fast Cobalt Strike and the pentest services launch with the core team of specialists. I also appreciate the agile pentesting, which helps resolve issues during the CI/CD process. Additionally, the initial setup of Cobalt was pretty fast to deploy and launch. Review collected by and hosted on G2.com.

I don't like how Cobalt often either overscopes or underscopes the audits, which ends up causing a loss of credits. If there could be a better way of scoping just right, it would help improve efficiency. Review collected by and hosted on G2.com.