REPORT
Unlock the State of Pentesting 2023! Explore 3,100 pentests with expert insights on vulnerabilities, security challenges, & maximizing pentest value.

Faster, Smarter, Stronger Pentesting

Leverage Cobalt's industry-leading PtaaS platform for seamless manual pentesting. Empower your security with an exclusive community of testers, real-time collaboration, workflow integrations, and a centralized view of aggregate pentest data, ensuring rapid risk remediation and secure innovation.

Play Video
Cobalt-Homepage-Header Image@05x
Homepage Featured Image
Report

The State of Pentesting Report 2023

Disruption, transformation, volatility — whichever keyword fits your style, it all points to one fact: change is the constant for security teams. 

With fewer resources and more responsibilities, how do teams plan to protect assets?

Our 5th edition of The State of Pentesting explores this question, tapping into data from 3,100 pentests and over 1000 responses from security practitioners in the United States, the United Kingdom, and Germany. 

Trusted by over 1,200
Customers Worldwide

Modern Pentesting for Security and Development Teams

Every year, customers are doubling the amount of pentests they conduct with Cobalt. Discover what’s driving our 100% growth rate and the value our customers see.

Our Pentests Help Organizations

22-Cobalt_Home–computer icon@2x-1
Reduce Security Risk
Accelerated remediation with tester collaboration, dynamic reporting, and a centralized view of pentest data
22-Cobalt_Home-Header–faster icon@2x
Drive DevSecOps Agility
Integrations into development workflows and more frequent, targeted testing aligned to the SDLC
22-Cobalt_Home–security stronger icon@2x
Scale with Flexibility
Repeatable pentest process for adoption across teams and an on-demand consumption model

Why Pentest as a Service?

Talent
Cobalt-Home-Talent@2x

Global talent marketplace at your fingertips

On-demand access to a worldwide community of vetted pentesters whose skills match your application’s tech stack.
  • Discover the ideal pentester for your assets, including web, mobile, desktop apps, APIs, networks, and cloud services
  • Get fresh eyes on every pentest, avoiding procurement process for all your manual pentesting needs
  • Collaborate directly with testers and integrate your pentest data into development workflows or Cobalt's API
Explore Our Pentesters
Flexibility
Cobalt-Home-Flexibility@2x

Flexibility where you need it most

Self-service planning enables agile, scalable, and consistent pentesting by giving you full autonomy.
  • Start your pentest in days, not weeks
  • Build a repeatable pentest program to stay compliant with PCI-DSS, HIPAA, SOC-2, ISO 27001, GDPR, and more
  • Align pentesting to your SDLC through new release testing, delta testing, exploitable vulnerability testing, and more
Explore Agile Pentesting
Transparency
Cobalt-Home-Transparency@2x

Transparency throughout each pentest

Real-time visibility and direct access to pentesters throughout the test help you prioritize and remediate quickly.
  • Access your pentest in real time with direct collaboration with testers 
  • Track security program improvements by leveraging ongoing test data and analytics
  • Buy credits in bulk for an efficient, repeatable process to manage multiple tests at one time
Explore Our Platform
Integration
Cobalt-Home-Integration@2x

Integration with your tech stack and teams

An integrated pentesting platform facilitates communication between development and security teams.
  • Integrate findings into your SDLC via Jira and GitHub, or use the Cobalt API
  • Get status updates and discuss details with testers throughout the process with our Slack integration
Explore Integrations
Talent

Global talent marketplace at your fingertips

On-demand access to a worldwide community of vetted pentesters whose skills match your application’s tech stack.
  • Discover the ideal pentester for your assets, including web, mobile, desktop apps, APIs, networks, and cloud services
  • Get fresh eyes on every pentest, avoiding procurement process for all your manual pentesting needs
  • Collaborate directly with testers and integrate your pentest data into development workflows or Cobalt's API
Explore Our Pentesters
Cobalt-Home-Talent@2x
Flexibility

Flexibility where you need it most

Self-service planning enables agile, scalable, and consistent pentesting by giving you full autonomy.
  • Start your pentest in days, not weeks
  • Build a repeatable pentest program to stay compliant with PCI-DSS, HIPAA, SOC-2, ISO 27001, GDPR, and more
  • Align pentesting to your SDLC through new release testing, delta testing, exploitable vulnerability testing, and more
Explore Agile Pentesting
Cobalt-Home-Flexibility@2x
Transparency

Transparency throughout each pentest

Real-time visibility and direct access to pentesters throughout the test help you prioritize and remediate quickly.
  • Access your pentest in real time with direct collaboration with testers 
  • Track security program improvements by leveraging ongoing test data and analytics
  • Buy credits in bulk for an efficient, repeatable process to manage multiple tests at one time
Explore Our Platform
Cobalt-Home-Transparency@2x
Integration

Integration with your tech stack and teams

An integrated pentesting platform facilitates communication between development and security teams.
  • Integrate findings into your SDLC via Jira and GitHub, or use the Cobalt API
  • Get status updates and discuss details with testers throughout the process with our Slack integration
Explore Integrations
Cobalt-Home-Integration@2x
Cobalt-Homepage-Jarvis Analytics@2x
Steven Maroulis
Founder and CEO, Jarvis Analytics
“When it came to pentesting and assessing our system against threats, we really gravitated towards the Pentesting as a Service model because it was important that my team could login and see exactly what was happening, what testers were working on and finding, as well being able to flexibly buy additional credits as needed.”
Our Customers
Cobalt-Schedule a Demo-Vonage logo@2x
Chris Wallace
SECURITY LIAISON ENGINEER AT VONAGE

"One main benefit is the variety of skill sets that you're able to tap into because Cobalt has a community of pentesters that you can readily draw from. We don't have to hire more red team people, we can bring them on as needed"

Our Customers
Cobalt-Cengage-Testimonial Slider@2x
ERIC GALIS
VP OF COMPLIANCE AND SECURITY AT CENGAGE

“The main benefits that we get from Cobalt are speed, scalability, and repeatability. We’re able to quickly launch and execute pentests; and beyond that, we’re able to see individual findings in real time and relay them to the engineering team so they can start triaging immediately.”

Our Customers
Cobalt-Get Started-Pendo logo@2x
Chuck Kesler
CHIEF INFORMATION SECURITY OFFICER

"Being able to interact with findings in the platform and discuss them through Slack makes for a much more efficient process. We’ve been able to get into it and engage with the findings there, which is a big improvement on the old process."

Our Customers
Who Are Cobalt Core Pentesters?

400+ Highly Vetted, Certified Pentesters.

< 5% Of Applicants Are Selected To Join Our Core Team.

Cobalt-Homepage-Andreea Cristina Druga-Headshot@2x

"Technology is evolving, the world is more and more connected, and I truly believe it’s up to us to make it a safer place for everyone."

Andreea Cristina Druga, COBALT CORE PENTESTER

Romania

Seeing Is Believing. Discover the Power of Modern Pentesting Made Easy.

How It Works

50

%
FASTER TO EXECUTE A PENTEST FROM SCHEDULING TO REMEDIATION AND RETESTING
11
HOURS SAVED WITH COBALT’S PTAAS MODEL, ON AVERAGE

$

23

k
SAVED ON AVERAGE WITH COBALT’S PTAAS MODEL
1
Discover
Discover
Day 1

Map out your attack surface for appropriate test coverage and frequency. 

Our on-demand community of  expert pentesters means you get the skills that best align to your tech stack.

2
Plan
Plan
Day 1

Strategically plan, scope, and schedule your pentest.

With the Pentest Wizard, you can easily set up a pentest in four guided steps. We’ll review your submission and assign pentesters with skills best suited to your needs.

25

days average time savings from PtaaS for planning and scheduling

*Compared to traditional consulting engagements

3
Test
Test
Day 2 - 14

Stay in the loop with real-time updates as our pentesters carry out thorough automated and manual testing.

Have questions about a specific finding? You can communicate with the pentesters throughout the process in a dedicated Slack channel.

50%

Reduction in Time-to-Results*

*Compared to traditional consulting engagements

4
Remediate
Remediate
Ongoing

Accelerate remediation via integrated workflows and real-time collaboration.

As an active participant throughout the entire test, your team can take action as soon as findings are discovered.

5
Report
Report
Day 14 (Dynamic)

Share up-to-date results with a pentest report that can be customized for each of your stakeholders

Every pentest comes with a report. The report types vary based on the pentest being conducted. Comprehensive Pentests include a full report with finding details, a customer letter, and an attestation. Agile Pentests include an automated report with finding details.

14.2

days average time saved in final report delivery

*Compared to traditional consulting engagements

6
Analyze
Analyze
Ongoing

Analyze pentest results to identify systemic issues across the development lifecycle and track security program improvements over time.

Executive teams will be delighted by the ease of use to track and communicate pentest program results.

Awards

Global Infosec
Cyber Security
Devies Awards
Inc 5000

Recognition

"The Best Security Vendor I Worked With"

read more reviews on Gartner Peer Insights Gartner logo_white (1)

"A Complete Pentest As A Service Platform With A Great Community Of Researchers"

read more reviews on Gartner Peer Insights Gartner logo_white (1)

"Easiest Way To Do A Pentest"

read more reviews on Gartner Peer Insights Gartner logo_white (1)

World-Class Pentesting That Works for You

Learn more by requesting a personal demo with a Cobalt expert today.

The Latest

State of Pentesting Report 2023 Cover Image
White Paper
State of Pentesting
State of Pentesting 2023
Apr 12, 2023
1 min read
read more
Flying Bug Image