Explore How Credit Karma Leverages Pentest as a Service
As a leader in personal finance, Credit Karma found quality talent and a fresh perspective on data security with Cobalt.
As a multinational personal finance company, Credit Karma provides free credit card scores, reports, and financial tips and tools to customers across the globe. Credit Karma hopes to become the financial tool for every individual — in order to do so, the company leveraged Cobalt’s Pentest as a Service platform to be fully secure.
The Challenges
Outdated Methods
Getting a fresh perspective was difficult, and things became jaded when Credit Karma was used to a certain environment and a certain application over time.
Ineffective Talent
With previous organizations before Cobalt, finding the right talent all the time became burdensome and ineffective.
Limited Visibility
Credit Karma was looking for a complete view into not only potential vulnerabilities, but also the step-by-step pentesting process.
The Results
Seamless Communication
Cobalt seamlessly communicated to researchers throughout the pentesting process to spot any critical issues at hand.
Fresh Perspective
What Credit Karma needed was a third party to come in and give a fresh perspective, and that’s where Cobalt stepped in.
Total Visibility of Pentest Results
Cobalt’s dashboard provided a complete overview of the entire application and scope of the pentest.
The Challenges
Security is topmost in mind for most engineers, and Cobalt’s platform was very easily integratable into the Credit Karma ecosystem. Credit Karma explained the whole product to the Cobalt team, and Cobalt seamlessly communicated with researchers to find critical issues during the pentesting process.
The Solution
A key aspect of Cobalt’s methodology that worked well for Credit Karma is the retest feature, where they have the ability to click the retest button and the researcher comes in, does the retest, and it’s complete without any wasted time.
Credit Karma agrees: It’s better to know about something before you go live rather than going live and then knowing about it. When a vulnerability was found, Cobalt pointed the engineering team directly to the issue so the team could go back to the drawing board.
“The dashboard is great because we get a whole overview of the entire application and scope of the Pentest, and it gives a bird's eye view of where we stand, which we can then present to top management.”
One of the things I like a lot about the platform is once an effort gets underway, I know it’s gotten underway because my inbox starts filling up with messages of vulnerabilities found, and you can then look at those vulnerabilities to get a sense of what they’re finding.Read more customer stories
