Menu Icon
< back to main
 • 4 min read

Cobalt Platform Deep Dive: Scoping Pentests Based on Asset Size and Coverage

Asset Scoping is a huge step towards enabling our customers to automatically calculate credits based on the size of the asset to be tested and the level of coverage needed for the test.

Cobalt Platform Deep Dive:  Scoping Pentests Based on Asset Size and Coverage
Auromita Bhadra
Auromita Bhadra

Auromita has more than 11 years of product management experience and has been working in the software industry for over 15 years. She heads our Employee Experience and Platform Product Management team and shares regular deep dives of new major features in our PtaaS platform.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

This blog post is part of an ongoing series in which members of the Cobalt product team provide deep dives into specific platform features.

We are excited to announce Asset Scoping, a recently released feature on our PtaaS platform that automatically calculates credits needed for a pentest based on the asset size and coverage required.

What does Asset Scoping mean?

Since we rolled out the credit model for our Pentest as a Service (PtaaS) platform, we've been successfully delivering speed and simplicity to our customers. But we know there’s always room for improvement to provide more clarity around how they should determine the right amount of credits to purchase for a given pentest.

Asset Scoping Feature - Overview

Asset Scoping is a huge step towards enabling our customers to automatically calculate credits based on the size of the asset to be tested and the level of coverage needed for the test. By eliminating the burden for our customers to determine their own credit requirements, Asset Scoping allows security teams to get started even faster with launching their pentests.

Key Benefits

- Intuitive: You will no longer be asked to select the number of credits needed for a pentest. Instead, Cobalt will automatically recommend the number of credits to you based on the information you provide on size of the asset to be tested and default coverage.

- Consistent: Pentest are scoped based on asset size and coverage by default, so you do not need to worry about calculating how many credits are needed for repeat tests on an asset.

- Flexible: We offer the flexibility to adjust coverage for a pentest when you need to investigate deeper in certain areas, or reduce testing hours due to budget constraints.

-Transparent: A scoping guide is available on the platform for customers to understand how credits are calculated.

How it works

Automatic Pentest Credits Recommendation

Pentest Credits are recommended automatically by Cobalt based on the asset size and coverage. This is the default recommendation that comes from the asset level; you can keep the default coverage from the assets or edit the coverage for a specific pentest based on your requirement.

Credit Scoping

For example, if you need a focused test on only one feature it could be Extra Light coverage. If they need an extended test covering every feature, customers can select Large or Extra Large. Customers can modify the coverage field based on their requirement from a pentest.

Scoping Guide

When inputting information about your asset size and coverage, we provide you with a scoping guide. This guide walks you through how to determine the right size and coverage for your specific asset type. Below is an example of how the scoping guide would look for a Web asset type:

Scoping Guide for a Web Asset

The Impact on Existing Assets

All legacy assets now have size and coverage values associated with them, as we have backfilled this data. You can edit and update this information at any time without restriction.

Pentests completed before the release of this feature will not have size and coverage association. Credits will remain as they were originally filled for these completed tests.

Copying A Completed Pentest

Copying pentests that have credits calculated based on size and coverage will reflect the same values submitted for these fields. You can adjust the coverage for the pentest or edit the asset in the wizard as needed.

If you copy an older pentest without size and coverage association, the copied pentest does not copy the credits. Instead, it will inherit the size and coverage from the asset level and automatically recommend the credits.

Updating Asset Size and Coverage During an Active Test

The new values for size and coverage will be reflected in the pentests already created until they are moved to the planned state.


As we continue to be a leader in PtaaS, we are always looking for ways to ensure Cobalt is the most innovative solution for DevOps-driven software companies that want to implement security across the development lifecycle and optimize application security processes.

Curious to learn more? Schedule some time with one of our security experts to see Cobalt in action!

Pentest as a Service Demo

Product Updates

Related Stories

Meet Engineering Halfway: How Pentest as a Service Speeds Up Remediation
Meet Engineering Halfway: How Pentest as a Service Speeds Up Remediation
How does Pentest as a Service (PtaaS) help teams respond to findings quickly and effectively?
Read moreArrow Right
Scheduling Pentests in Minutes: How The Cobalt Platform Saves Teams Valuable Time
Scheduling Pentests in Minutes: How The Cobalt Platform Saves Teams Valuable Time
SANS: Within a matter of minutes, we could add an asset and schedule a test against it, allowing us to address business risks in a matter of moments.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens