A: You will receive both individual finding reports with detailed descriptions of each vulnerability as well as a full summary report that describes the test and findings at an executive level - perfect for sharing with stakeholders.
A: Yes, the Cobalt Penetration Test reporting was built based on the PCI requirements for external penetration testing and we can support you in making sure that both the test coverage and reporting lives up to your auditor’s expectations. This can satisfy PCI DSS section 11.3.1, including confirmation of fixes related to section 11.3.3.
A: Yes, many of our SaaS customers use Cobalt to show their own customers that they take security seriously. Our reporting comes in different levels of detail - from an attestation-style report to a full report with all findings details. Thus you can decide how exactly much you want to share with your customers.
A: Yes, being agile and on-demand is a key part of Cobalt’s pentest offering. Schedule a demo today and we can get your testing started right away.
A: Yes, schedule a demo and we will provide you with one.
A: During each engagement, the Pentest Lead is responsible for ensuring that each individual finding and the overall report meets Cobalt’s high level of expectations. These Leads are very experienced individuals - in 2016, the average number of years of professional experience for Cobalt’s Pentest Leads was 11 years. Additionally, each team member is rated on their report submissions. This provides transparency and accountability for the Cobalt Core to deliver consistently strong results.
A: Yes, communication is key! You can write comments directly to the pentesters asking them to clarify a specific report. You can also write internal comments to your team members to enhance collaboration. We also know that pentest findings don’t always get fixed right away, so we allow direct communication with the pentesters for months following the completed pentest engagement.
A: Only invited team members and the pentesters can see the list of reported vulnerabilities. Cobalt Customer Success and SecOps members will be able to view vulnerabilities in order to support the pentest. All of this access is visible and controllable within each pentest program’s settings.
A: Only with your permission. If a pentester wants to publicly disclose a vulnerability (anonymized or de-anonymized) to benefit the community, they will request your permission and act in accordance with your response.
A: We do offer API access where customers can easily integrate data about their assets, pentests, and findings into the rest of their technology stack. Cobalt API enables teams to manage their data more easily and build a holistic view of their vulnerability and application landscape. Learn more about The Cobalt API.
A: There are five severity levels to rank vulnerabilities ranging from informational to critical. Read more about severity levels.