Menu Icon
Kunal Bhattacharya Headshot, Head of Application Security, Credit Karma
credit karma logo white

Explore How Credit Karma Leverages Pentest as a Service

Kunal Bhattacharya
Head of Application Security, Credit Karma
download pdf

As a leader in personal finance, Credit Karma found quality talent and a fresh perspective on data security with Cobalt.

As a multinational personal finance company, Credit Karma provides free credit card scores, reports, and financial tips and tools to customers across the globe. Credit Karma hopes to become the financial tool for every individual — in order to do so, the company leveraged Cobalt’s Pentest as a Service platform to be fully secure.

The Challenges

Long Pentesting Lifecycle

Outdated Methods

Getting a fresh perspective was difficult, and things became jaded when Credit Karma was used to a certain environment and a certain application over time.

Ineffective Talent

Ineffective Talent

With previous organizations before Cobalt, finding the right talent all the time became burdensome and ineffective.

Limited visibility white

Limited Visibility

Credit Karma was looking for a complete view into not only potential vulnerabilities, but also the step-by-step pentesting process.

The Results

Feedback and transparency white icon

Seamless Communication

Cobalt seamlessly communicated to researchers throughout the pentesting process to spot any critical issues at hand.

Global talent white icon

Fresh Perspective

What Credit Karma needed was a third party to come in and give a fresh perspective, and that’s where Cobalt stepped in.

Reporting visibility

Total Visibility of Pentest Results

Cobalt’s dashboard provided a complete overview of the entire application and scope of the pentest.

The Challenges

Security is topmost in mind for most engineers, and Cobalt’s platform was very easily integratable into the Credit Karma ecosystem. Credit Karma explained the whole product to the Cobalt team, and Cobalt seamlessly communicated with researchers to find critical issues during the pentesting process.

The Solution

A key aspect of Cobalt’s methodology that worked well for Credit Karma is the retest feature, where they have the ability to click the retest button and the researcher comes in, does the retest, and it’s complete without any wasted time.

Credit Karma agrees: It’s better to know about something before you go live rather than going live and then knowing about it. When a vulnerability was found, Cobalt pointed the engineering team directly to the issue so the team could go back to the drawing board.

The dashboard is great because we get a whole overview of the entire application and scope of the Pentest, and it gives a bird's eye view of where we stand, which we can then present to top management.

Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna
One of the things I like a lot about the platform is once an effort gets underway, I know it’s gotten underway because my inbox starts filling up with messages of vulnerabilities found, and you can then look at those vulnerabilities to get a sense of what they’re finding.Read more customer storiesArrow Right
Kunal Bhattacharya Headshot, Head of Application Security, Credit Karma
Kunal Bhattacharya
Head of Application Security, Credit Karma
credit karma logo white

Want to see the Cobalt platform in action?

sign up for a live demo