Join cybersecurity experts from Slack, Riot Games, EY and more at our upcoming roadshow. 

12 Days of PtaaS: 2021 Cobalt Product Recap

Dive into the exciting changes to Cobalt’s Pentest as a Service (PtaaS) platform throughout the past year.

As another year passes, today we highlight many of the exciting product changes implemented for Cobalt’s Pentest as a Service (PtaaS) platform. These changes aim to bring more value to customers and empower them to leverage their pentests to best serve their needs.

With a range of updates including customizable reports to scoping wizard tools, more precise vulnerability risk ratings and a platform Getting Started guide, there’s been a lot to keep up with this year at Cobalt!

Let’s dive in and take a closer look at some of these exciting changes.

Customize Your Pentest Reports

This year Cobalt introduced additional options to configure pentest reports and provide a more granular level of editability.

While the Cobalt PtaaS platform empowers live communication with pentesters, a portion of the value derived from pentesting arrives with the report. The report serves a variety of purposes such as compliance certification, reporting to executive stakeholders, or showing engineers insights into vulnerabilities to properly implement remediation.

On the Cobalt PtaaS platform, there are four types of pentest reports:

  1. Customer Letter
  2. Attestation Letter
  3. Full Report
  4. Full Report + Finding Details

In addition, users can customize any of these reports and save a copy.

By default, “Full Report” is visible to users when they go to the report section of the platform. On the left side in the “Report Sections,” users can see various components of enclosed content. Some options are grayed out depending on whether they are available. If users decide to customize the selected report, they can simply click on the “Customize” button.

Read more about how to customize your pentest report for your needs.

Pentest API


Customers were thrilled to see the announcement about this new product feature. With the Cobalt API, customers easily integrate data on their assets, pentests, and findings into the rest of their technology stack.

The API currently connects to vulnerability management tools such as Jira and GitHub, Governance and risk management tools such as Tugboat Logic, or Internal Dashboards using Power BI or Google Data Studio.

Read more about our Pentest API Overview.

API Use Case: Importing Findings into DefectDojo

Looking more closely at the API deployment and one of the use cases, customers on Cobalt’s PtaaS platform can benefit from a DefectDojo integration.

DefectDojo is a security program and vulnerability management tool created and maintained by the OWASP Foundation. This integration via the Cobalt API allows customers to aggregate their DAST, SAST, and now — Cobalt pentesting findings into one central place.

Follow this guide about importing findings into DefectDojo to take advantage of this integration!

Improved Pentest Scoping

Asset scoping is a critical step in the pentest process. Asset scoping sets the parameters for an upcoming pentest by defining asset size and testing coverage.

A new asset scoping tool released this year allows customers to automatically calculate the testing credits needed based upon the size of the assets to be tested and necessary coverage. Key benefits of the asset scoping tool include a more consistent, yet flexible experience with Cobalt’s PtaaS platform. Plus, the experience is more intuitive with automated recommendations for the necessary credits to start testing.

While inputting information for the asset scoping, the tool will prompt users with extra information via the scoping guide. Here, customers learn more about the different asset and coverage sizes to determine the right size for your needs. All of which aims to make the pentesting experience more delightful for customers.

Clarifying the Murky World of Vulnerability

On Cobalt’s PtaaS platform, pentesters collaborate to find vulnerabilities. Through this process, discovered findings become vulnerabilities as they are passed back to the customer. This includes a ranking system for each of the vulnerabilities which are calculated using business impact and likelihood to create 5 different vulnerability bands.

These bands range from Informational to Low and then increase to higher levels with the top categories being High and Critical. These issues help customers understand why they conduct pentesting and better illuminate the severity of different risks.

Learn more about the specifics of vulnerability risk ratings.

In closing, the Cobalt PtaaS platform continues to evolve to better serve our customers. Also, don’t forget to join the 12 Days of PtaaS for a chance to win some fun giveaways!

Back to Blog
About Jacob Fox
Jacob Fox is a search engine optimization manager at Cobalt. With a passion for technology, Jacob believes in the mission at Cobalt to transform traditional pentesting with the innovative Pentesting as a Service (PtaaS) platform. He focuses on empowering companies to build out their pentesting programs with informational content creation while emphasizing a positive user experience on the Cobalt website. More By Jacob Fox