July 2024
Following up on the launch of Cobalt’s Dynamic Application Security Testing (DAST) scanner in March, as well as the expansion of our CyberSecurity Engagements and additional Attack Surface capabilities, we have added advanced features aimed at supporting proactive security controls. This includes full visibility into the external attack surface, advanced configurations for DAST including standalone API scanning, a new integration builder that sends Cobalt findings into your remediation workflows, and an updated homepage making it easier to find the information you’re looking for.
The details:
External Attack Surface Management provides continuous asset visibility and automated security checks for all Cobalt customers.
As the attack surface continues to grow, security teams need visibility into all their external facing assets. Cobalt’s new Attack Surface monitoring provides even more visibility, and now incorporates basic security checks including:
-
Credentials Disclosure: Detects exposed credentials within files that could compromise system security.
-
Generic Tokens: Uncovers usage of generic tokens that may lead to security breaches.
-
Weak Cipher Suites: Evaluates the strength of cipher suites in use, flagging those that are outdated or vulnerable.
-
Missing Security Headers: Assesses the presence of critical security headers that help protect against common web vulnerabilities.
-
Takeover Risk: Identifies potential vectors for unauthorized control of system components.
With added visibility into externally facing web assets, teams can get a quick overview of application risk, and prioritize assets that require regular DAST scanning. Cobalt’s automated tools help pinpoint the most pressing issues, and identify critical systems and assets that could benefit from pentesting and deeper security analysis, in addition to those assets that fall under compliance requirements.
Standalone API scanning now available with Cobalt DAST
Modern companies are using APIs to power their products and provide end-users and partners with easy access to data to deliver broader business value. In addition to testing Web Apps, security testing must encompass a full evaluation of APIs regardless of if the API is a standalone or driving the front end of UI. Cobalt’s updated DAST scanner now supports both scenarios making it easy for users to understand the security posture of their externally facing web assets and APIs.
Integration Builder streamlines actioning findings across the business
Integrate findings from Pentests and Cobalt’s DAST scanner into your remediation workflows with our new Low-Code Integration Builder. Easily setup and direct how findings are sent to other systems such as Jira, GitHub, Azure DevOps, and ServiceNow. With this update, we now support over 50 integrations in addition to webhook and direct API access. Create and assign tickets for specific issues in whatever system is appropriate, ensuring security findings reach your teams and allow them to take action.
Updated homepage and pentest planning
Our new homepage provides actionable information right up front including remediation trends and any planned pentests coming up. View DAST and external attack surface findings all in one place, allowing you to get a quick snapshot of your security posture. Easily plan for pentest engagements with our planning wizard to ensure that all your assets are consistently covered in time for audit and compliance requirements.