Menu Icon
< back to main
 • 5 min read

History of Pentest as a Service (PtaaS)

PtaaS delivers speed, scope, collaborative testing, and retesting to ensure development teams remediate risk quickly and innovate securely. Read more into the history of PtaaS.

History of Pentest as a Service (PtaaS)
Mary Elliott
Mary Elliott

Passionate about marketing and communications within the cybersecurity industry, Mary Elliott is a published writer who enjoys all things content marketing, copywriting/editing, and digital communications.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

The beginning of computers and technology transformed the world as we know it, creating new opportunities as early as the 1940s. When the door opened up to ample possibilities in the digital realm, cybersecurity concerns later began to follow. As a result, security methodology and efforts have been around since the early 1960s and continue to evolve with the times.

The Evolution of Penetration Testing

1900s

James P. Anderson was one of the early pioneers of penetration testing, dating back to the 1970s when fully securing computer systems remained a relatively new idea. During this time, “Tiger Teams” were one of the earliest types of hackers. Anderson’s journey with computers and his distinguished contributions to information security began in 1959 when he earned a patent for one of the first multiprocessor systems, the D-825. He is acknowledged for the invention of the reference monitor later on in 1972, the audit trail-based intrusion detection in 1980, and he was recognized with the National Computer Systems Security Award in 1990.

Anderson created an outline for a series of steps to test the security of systems, including how to identify vulnerabilities and plan successful, authorized attacks to exploit those weaknesses. This model continues to be applied in penetration testing engagements.

As developers proceeded to introduce new technology, concerns over safety and information security accelerated. “At the 1967 annual Joint Computer Conference that brought together more than 15,000 computer security experts, government and business analysts discussed concerns that computer communication lines could be penetrated, coining the term and identifying what has become perhaps the major challenge in computer communications today.” (The History of Penetration Testing) By the 1980s, Congress passed the Computer Fraud and Abuse Act.

In the 1990s, a noteworthy tool — the security administrator tool for analyzing networks — was developed and later coined “SANTA”. This tool ran a series of tests on a network to discover vulnerabilities, along with a report of future potential threats that may arise.

2000s

Many early developers helped pave the way for penetration testing engagements, eventually leading to the development of a modern pentest program today. With speedy development, rapid feedback, and continuous improvement staying top of mind, Agile began to take off in the early 2000s with the adoption of the Agile Manifesto.

The Agile Manifesto

Image from The History of Agile

Sprints help with the agile principle of delivering a working product and are at the heart of agile methodologies. With sprints becoming more prevalent, traditional pentesting started to lag behind. Traditional models rarely focus on speed, automation, and agility, making prioritizing simultaneous development and remediation efforts a more difficult task for engineering teams.

As the number of companies following a DevOps model increased, so did the demand for agile and rapid pentesting. The business landscape today is ever-changing, and that’s where traditional pentesting falls short — businesses considering app development, cloud services, and other modern, advanced technologies that help accelerate business need a service that embraces the agile methodology.

More recently, the expanded remote workforce in 2020 and the shift to digital sparked the need to reform digital disruption tactics. Amid the larger move to “Anything as a Service” (XaaS), Pentest as a Service (PtaaS) comes in today as a modernized approach to penetration testing.

The Transformation from Pentesting to PtaaS

The term XaaS caught attention right before the start of the 2000s with Salesforce introducing their software-as-a-service (SaaS) model. XaaS generally refers to an array of services companies can purchase from a provider related to cloud computing and remote access. Examples include:

  • Pentest as a Service (PtaaS)
  • Software as a Service (SaaS)
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Data as a Service (DaaS)

What is PtaaS?

PtaaS delivers speed, scope, collaborative testing, and retesting to ensure development teams remediate risk quickly and innovate securely.

It brings value to teams to pave the way for how DevOps manages security, notably in comparison to traditional pentesting. PtaaS differs from traditional pentesting by providing a modernized cloud-based platform with software integrations and more automatic reporting, where pentesters are able to focus more on testing for heightened security, speed, and affordability.

PtaaS platforms operate faster than traditional testing methods and tools in addition to providing detailed reporting on critical security vulnerabilities. PtaaS also enables:

  • Effective workflows
  • Shorter scheduling times
  • Real-time insights

A PtaaS platform ties together automation tools with a human element of expertise from a community of highly-vetted experts who conduct the testing.

PtaaS vs Traditional Pentesting

Cybersecurity analysts and industry experts today in 2021 are viewing PtaaS as a key market driver, as it continues to gain recognition as a practice for long-term business success. Learn more about PtaaS and see how Cobalt’s Pentest as a Service (PtaaS) platform empowers teams with an innovative, modern approach to pentesting.

Security Team BlogModernizing Pentesting

Related Stories

Cybersecurity Statistics for 2021
Cybersecurity Statistics for 2021
What's new in ransomware, social engineering, and many other security threats
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens