Menu Icon
Sergey Stelmakh Headshot, Platform Security Architect
MuleSoft Logo white

How MuleSoft Fixes Vulnerabilities Faster with Deeper Engineering Engagement

Sergey Stelmakh
Platform Security Architect
download pdf

MuleSoft protects terabytes of information flowing through their API management platform

Acquired by Salesforce in 2018 for $6.5 billion, MuleSoft offers a leading API management and integrations platform that enables businesses to flexibly build application networks. With customers like Coca Cola, Airbnb and AT&T, MuleSoft processes terabytes of customer data that must stay protected. Pentests are a part of the team’s vulnerability management program, where the core objective is to identify potential weaknesses and address them as quickly as possible.

To be agile and responsive, MuleSoft’s engineering team prefers to work directly with the testers. Cobalt’s Pentest as a Service platform brings both parties together to collaborate, prioritize, and remediate.

We have the flexibility to change plans, and choose the type of engagement that we want to execute. To me, Cobalt is a pentest company that connects me to the best pentest talent.

The Challenges

Long Pentesting Lifecycle

Slow Scheduling

Traditional pentest vendors did not offer the flexibility MuleSoft’s engineers needed to validate the security of their new releases.

Working in silos white icon

Working in Silos

Engineers would get findings dropped on them with no option to reach out with questions on severity, priorities, or fixes.

Stress potential warning white icon

Poor Past Pentest Experience

Workflows with traditional vendors did not align with the engineering team’s need for agility and simplicity.

The Results

Increased Efficiency

Flexibility and Speed

Cobalt’s on-demand pentests empower MuleSoft to both plan ahead and be flexible whenever they need to course correct.

Collaborative Workflows

Collaborative Workflows

MuleSoft’s engineers and Cobalt’s pentesters act as one team, defining priorities and addressing flaws as soon as they are found.

Simple Onboarding white logo

Simple Onboarding

Intuitive navigation and easy setup make it easy for the engineering team to get onboarded and go through findings.

The Challenges

The challenge with traditional penetration testing is that oftentimes it takes months to set up an engagement. With Cobalt, you can have a pentest up and running within 24 hours, providing easier and more flexible planning.

In order to maintain security the MuleSoft team leverage pentesting to identify and address potential weaknesses in a product. For Mulesoft, a successful pentest means having a higher level of engagement and collaboration between his engineering team and the pentesters. With Cobalt’s Pentest as a Service platform, the two teams can work directly together, and as a result, start fixing findings as soon as they are discovered.

The Solution

Speed, people, and guidance: this is what MuleSoft needed to further its engineering team’s involvement with product security. The Cobalt platform brings all three, providing skilled pentest talent that works directly with the engineers.

Whether to ask questions around best practices or define remediation priorities, MuleSoft’s team can rely on the testers to support them. This transformed the remediation process, encouraging engineers to become more engaged and thorough.

In addition to augmenting MuleSoft’s team, Cobalt empowers it to both think ahead and be flexible. For example, on-demand testing and simple setup enable them to plan tests for new product releases, but also have the option to adjust their program short-notice with no added stress or red tape.

What my engineering team liked about this engagement is they had an opportunity to discuss issues with pentesters and review priorities together. It was a collaborative process.

Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna
Cobalt gave us the ability to get engineers and pentesters together to collaborate and start fixing findings as soon as they get discovered.Read more customer storiesArrow Right
Sergey Stelmakh Headshot, Security Architect
Sergey Stelmakh
Security Architect
Mulesoft white logo

Want to see the Cobalt platform in action?

sign up for a live demo