Bishop Fox Launches Fully Managed, Full Spectrum Application Penetration Testing Service

Cosmos Application Penetration Testing (CAPT) protects business-critical custom applications throughout the lifecycle, from design flaws, to ongoing environmental exposures, to emerging threats

PHOENIX, Feb. 29, 2024 (GLOBE NEWSWIRE) -- Bishop Fox, the leading authority in offensive security, today announced a new fully-managed service for testing the strength and integrity of business-critical custom applications. Cosmos Application Penetration Testing (CAPT) is a service that combines rigorous, expert-driven testing and validation, with on demand, technology-enabled assessment and analysis. The service delivers authenticated testing through a user-friendly interface to uncover high-risk exposures, real-time insights, and continuing threat surveillance.

From increasingly accelerated development processes, to cloud deployments and 3rd party integrations, to the often-inelegant system combinations that come with mergers and acquisitions, enterprise applications represent an extremely dynamic threat surface. A one year look at Bishop Fox’s own data, drawn from more than 110 billion automations within a 12-month period, found that a typical organization has 11,000 exploitable security exposures in a given month, with some larger enterprises exceeding 250,000 open exposures. It also found that attackers can access 70% of critical assets in on-premise networks within just three steps, and 56% can complete an end-to-end attack in under 25 hours. These reasons and more underscore that a different model for application penetration testing is required.

Bishop Fox’s new CAPT service answers this call, from application discovery and prioritized testing, to vulnerability assessment and remediation, to ongoing vigilance. CAPT offers enterprise organizations:

  • A flexible model to scope assessments, from assets discovered via Bishop Fox’s Cosmos Attack Surface Management (CASM) and/or from self-selected applications.
  • Detailed application mapping and identification of risks inherent with authenticated user access
  • Prioritized exposure identification focused on high-risk threats that are confirmed to be exploitable in real-world attack scenarios.
  • Near real-time results driving faster remediation timelines, access to expert testers, and post-remediation validation testing.
  • On demand assessment and testing of emerging threats or new classes of vulnerabilities, or changes/updates in application functionality and environmental changes that expose operational weaknesses.

“Applications are not deployed or used, and thus should not be tested, in a vacuum,” said Kelly Albrink, Bishop Fox AVP of Consulting. “The range of potential ways in which an attacker can gain authenticated access continues to expand rapidly. As such, application testing not only needs to cover a much larger beachfront, it needs to be tracking weather patterns and other environmental factors. CAPT provides a level of scrutiny and vigilance over an application and the ecosystem in which it operates, to provide confidence that any window of vulnerability is minimized.”

About Cosmos

Bishop Fox Cosmos is a comprehensive threat management solution that helps security teams outpace modern adversaries and focus corrective actions where they matter most, while significantly reducing the burden on internal resources. A fully managed service, Cosmos merges asset and vulnerability discovery technology with expert-driven testing to cut through the noise of traditional attack surface and vulnerability management solutions and deliver only the exposures that are verified to be exploitable and business-impacting. Additionally, Cosmos extends testing beyond perimeter threats to address internal security gaps and vulnerabilities associated with authenticated user access, providing security teams with an unparalleled view of their organization's risk profile. With live access to testers for findings details, inquiries, and unlimited remediation testing, Cosmos's all-encompassing approach not only reduces the window of exploitability of perimeter vulnerabilities but also consistently strengthens the internal security posture over time.

The platform today:

  • Executes more than 110 billion operations per year and identifies an exploitable exposure on each customer’s perimeter on average every 2.5 days
  • Reduces by 70% the time to remediate critical vulnerabilities
  • Eliminates 93% of resource requirements and more than 5,000 hours of yearly vulnerability triage
  • Delivers a 14-to-1 average yearly ROI

About Bishop Fox

Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than 25% of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies to improve their security. Our Cosmos platform, service innovation, and culture of excellence continue to gather accolades from industry award programs including Fast Company, Inc., SC Media, and others, and our offerings are consistently ranked as “world class” in customer experience surveys. We’ve been actively contributing to and supporting the security community for almost two decades and have published more than 16 open-source tools and 50 security advisories in the last five years. Learn more at or follow us on Twitter.

Kevin Kosh
Senior Director of Communications