Menu Icon
< back to main
 • 2 min read

The State of Pentesting 2020

The State of Pentesting 2020 Finds Strong Relationship Between Security and Engineering

The State of Pentesting 2020
Caroline Wong
Caroline Wong

Caroline Wong is the Chief Strategy Officer at Cobalt. As CSO, Caroline leads the Security, Community, and People teams at Cobalt. She brings a proven background in communications, cybersecurity, and experience delivering global programs to the role.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

state of pentesting 2020

Today, we released the results of the fourth annual “The State of Pentesting” report, which features insights from more than 1,200 pentests conducted in 2019 through our Pentest as a Service (PtaaS) platform and analysis from more than 100 security practitioners who participated in our application security survey.

This year, we also investigated what web application vulnerabilities can be found reliably through dynamic and out-of-band scannings (“machines”) and which require human expertise to manually identify through black-box penetration testing (“humans”). The report is intended to help security practitioners strategize resource allocation and ascertain value in a results-driven market.

Among the key report takeaways, we observed application security methodologies and tactics are adapting quickly to accommodate DevOps:

  • More than one-third (37%) of security practitioners stated their companies release code weekly or daily. It’s unsurprising that they are now pentesting more often, with more than half (57%) pentesting at least quarterly.

  • Misconfiguration leads our top vulnerabilities list for the fourth year in a row, while issues in session management and access control remain consistent issues

  • Dynamic and out-of-band scanning technologies are improving in scope and quality, requiring pentesters to apply system knowledge to find design-level vulnerabilities that machines will miss

We hope this report helps you think strategically about how you invest your application security budget.

You can download the full report here.

Modernizing Pentesting

Related Stories

Strengthen Your Security Posture with Cobalt’s Professional Services
Strengthen Your Security Posture with Cobalt’s Professional Services
Access professional cybersecurity services with the expert team at Cobalt.
Read moreArrow Right
IoT & Device Testing
IoT & Device Testing
Learn how Cobalt’s IoT device security services help companies secure their physical equipment before a costly breach occurs.
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
451 Research Takes a Close Look at Cobalt in Latest Report
451 Research Takes a Close Look at Cobalt in Latest Report
Recently, 451 did a deep dive on Cobalt — our business model, differentiators, and value prop — along with a SWOT analysis.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens