Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

<
Back to Main

Cobalt Platform Deep Dive: Managing Your Pentests Just Got Easier

Yogi
Aug 26, 2020

This blog post is part of an ongoing series in which members of the Cobalt product team provide deep dives into specific platform features.

What is an “unwanted pentest”?

If you are among the many companies with frequent release cycles, then keeping a healthy track of past, ongoing, and planned pentests is critical — not only to ensure proper asset coverage but also to incrementally improve security outcomes. Typically, it’s the pentest coordinators who are tasked with creating and managing pentests simultaneously and making sure each is up to date in terms of status and results.

To constantly improve the security posture of their organization, coordinators should plan pentests meticulously. The Cobalt platform allows you to keep an eye on the pentests that are in various stages including New, In Review, Planned, *or *In Remediation. If running multiple pentests, it becomes even more essential to keep the pentests list view up to date to ensure various collaborators can focus on the valid and important pentests. However, accidentally created pentests, or duplicates can clutter the Pentest List. That lack of visibility and added complexity makes everyone’s work more difficult.

In the past, the only option Cobalt made available to pentest coordinators was to mark the pentest as canceled, which put it at the bottom of the list. With the newest enhancement to our platform, customers can now delete unwanted pentests, keeping a clean view of the Pentest List and thereby helping all collaborators focus on valid and important pentests.

Note that whenever a pentest is deleted, email and in-platform notifications are sent to team members, and everything is logged on the platform to comply with SOC2 compliance.

Why the Pentest Delete feature is important for agile teams

Depending on your organizational structure, there may be multiple teams and team members involved in pentest planning. The collaborative nature of this process can sometimes result in the creation of duplicate or trial/test pentests, either by new users on the Cobalt platform who aren’t familiar with the process or by existing users experimenting. Having all these unwanted pentests displayed in the *Pentest List *view is problematic, because it creates clutter, takes the focus away from the valid and important tests, and distracts team members.

The newest Pentest Delete feature addresses these challenges by allowing team members to delete pentests that are in the New or In Review stage without involving their customer success manager. It gives them full control over the Pentest List dashboard, to ensure it’s clean and up to date.

How it works

Pentest team members can easily delete pentests that are in different stages.

  • The delete option is visible in the Wizard when the pentest is in *New *stage:

Delete pentest option enabled in the Wizard

  • It’s also possible to delete a pentest that is in In Review *stage displayed in the *Pentest Brief tab:

Delete pentest option enabled in the Pentest Brief page

  • Upon clicking on the delete option, a confirmation modal popup to confirm the action since all data associated with the pentest will be lost and cannot be recovered after this step:

Confirmation modal popup to confirm delete pentest option

  • Once the action to delete is confirmed, the user is redirected to the Pentest List View with an additional message on top about the deleted pentest:

Confirmation message about the deleted pentest

  • All other team members are simultaneously notified about the deleted pentest through the platform and email notification:

Notification on the platform about the deleted pentest

Email notification about the deleted pentest

  • To further comply with SOC2 practices and to provide our customers with full visibility, we track all activities associated with their pentests on the Cobalt platform, including deleted pentests:

Logged activities on the Cobalt Platform

As we continue to be a leader in PtaaS, we are always looking for ways to ensure Cobalt is the most innovative solution for DevOps-driven software companies that want to implement security across the development lifecycle and optimize application security processes.

Curious to learn more? Schedule some time with one of our security experts to see Cobalt in action!