Menu Icon
< back to main
 • 4 min read

12 Days of PtaaS: 2021 Cobalt Product Recap

Dive into the exciting changes to Cobalt’s Pentest as a Service (PtaaS) platform throughout the past year.

12 Days of PtaaS: 2021 Cobalt Product Recap
Jacob Fox
Jacob Fox

Jacob Fox is a search engine specialist at Cobalt. With a passion for technology, Jacob believes in the mission at Cobalt to transform traditional pentesting with the innovative Penetration Testing as a Service (PtaaS) platform focused on empowering companies to build out their pentesting programs.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

As another year passes, today we highlight many of the exciting product changes implemented for Cobalt’s Pentest as a Service (PtaaS) platform. These changes aim to bring more value to customers and empower them to leverage their pentests to best serve their needs.

With a range of updates including customizable reports to scoping wizard tools, more precise vulnerability risk ratings and a platform Getting Started guide, there’s been a lot to keep up with this year at Cobalt!

Let’s dive in and take a closer look at some of these exciting changes.

Customize Your Pentest Reports

This year Cobalt introduced additional options to configure pentest reports and provide a more granular level of editability.

While the Cobalt PtaaS platform empowers live communication with pentesters, a portion of the value derived from pentesting arrives with the report. The report serves a variety of purposes such as compliance certification, reporting to executive stakeholders, or showing engineers insights into vulnerabilities to properly implement remediation.

On the Cobalt PtaaS platform, there are four types of pentest reports:

  1. Customer Letter
  2. Attestation Letter
  3. Full Report
  4. Full Report + Finding Details

In addition, users can customize any of these reports and save a copy.

By default, “Full Report” is visible to users when they go to the report section of the platform. On the left side in the “Report Sections,” users can see various components of enclosed content. Some options are grayed out depending on whether they are available. If users decide to customize the selected report, they can simply click on the “Customize” button.

Read more about how to customize your pentest report for your needs.

Pentest API

Cobalt API

Customers were thrilled to see the announcement about this new product feature. With the Cobalt API, customers easily integrate data on their assets, pentests, and findings into the rest of their technology stack.

The API currently connects to vulnerability management tools such as Jira and GitHub, Governance and risk management tools such as Tugboat Logic, or Internal Dashboards using Power BI or Google Data Studio.

Read more about our Pentest API Overview.

API Use Case: Importing Findings into DefectDojo

Looking more closely at the API deployment and one of the use cases, customers on Cobalt’s PtaaS platform can benefit from a DefectDojo integration.

DefectDojo is a security program and vulnerability management tool created and maintained by the OWASP Foundation. This integration via the Cobalt API allows customers to aggregate their DAST, SAST, and now — Cobalt pentesting findings into one central place.

Follow this guide about importing findings into DefectDojo to take advantage of this integration!

Improved Pentest Scoping

Asset scoping is a critical step in the pentest process. Asset scoping sets the parameters for an upcoming pentest by defining asset size and testing coverage.

A new asset scoping tool released this year allows customers to automatically calculate the testing credits needed based upon the size of the assets to be tested and necessary coverage. Key benefits of the asset scoping tool include a more consistent, yet flexible experience with Cobalt’s PtaaS platform. Plus, the experience is more intuitive with automated recommendations for the necessary credits to start testing.

While inputting information for the asset scoping, the tool will prompt users with extra information via the scoping guide. Here, customers learn more about the different asset and coverage sizes to determine the right size for your needs. All of which aims to make the pentesting experience more delightful for customers.

Clarifying the Murky World of Vulnerability

On Cobalt’s PtaaS platform, pentesters collaborate to find vulnerabilities. Through this process, discovered findings become vulnerabilities as they are passed back to the customer. This includes a ranking system for each of the vulnerabilities which are calculated using business impact and likelihood to create 5 different vulnerability bands.

These bands range from Informational to Low and then increase to higher levels with the top categories being High and Critical. These issues help customers understand why they conduct pentesting and better illuminate the severity of different risks.

Learn more about the specifics of vulnerability risk ratings.

In closing, the Cobalt PtaaS platform continues to evolve to better serve our customers. Also, don’t forget to join the 12 Days of PtaaS for a chance to win some fun giveaways!

Modernizing PentestingSecurity Team Blog

Related Stories

Getting Started With Cobalt
Getting Started With Cobalt
Documentation for users new to pentesting their software with Cobalt’s Pentest as a Service (PtaaS) platform.
Read moreArrow Right
Cobalt Platform Deep Dive:  Scoping Pentests Based on Asset Size and Coverage
Cobalt Platform Deep Dive: Scoping Pentests Based on Asset Size and Coverage
Asset Scoping is a huge step towards enabling our customers to automatically calculate credits based on the size of the asset to be tested and the level of coverage needed for the test.
Read moreArrow Right
Cobalt Platform Deep Dive: Customize Your Pentest Reports per Your Needs
Cobalt Platform Deep Dive: Customize Your Pentest Reports per Your Needs
Cobalt introduces more options to configure pentest reports and adjust their layout on a granular level.
Read moreArrow Right
Cobalt Launches Public API to Further Modernize Pentesting
Cobalt Launches Public API to Further Modernize Pentesting
Learn how our latest feature can give you more flexibility with your pentest data.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens