DAST
Continuously monitor web applications for vulnerabilities at scale with Cobalt Dynamic Application Security Testing (DAST).
DAST
Continuously monitor web applications for vulnerabilities at scale with Cobalt Dynamic Application Security Testing (DAST).

Cobalt Platform Deep Dive: Attestation Letters

Customers can now easily access and share a 1-page document that proves they've done a pentest with Cobalt.

The Cobalt team has been hard at work to improve our platform’s user experience. In this Deep Dive, we’ll go over a recent update to the final and arguably most critical deliverable of any pentest: the report. 

What’s an attestation letter?

Attestation letters are written statements that confirm something is true or authentic. In the context of pentesting, they’re documents acting as proof that a company has commissioned a third party to perform one or several pentests. The most common use for these documents is to share them with external stakeholders — auditors, prospects, or customers. 

Cobalt provides proof of pentests in a variety of formats:

  • Full Report 
  • Full Report + Findings
  • Customer Letter
  • Attestation Report 

These documents include a range of details, from the test’s methodology, to the discovered findings, and remediation recommendations. Each is customizable, but none can be cut down to a single page that simply confirms Cobalt has pentested a customer’s assets. 

A more succinct format would make communication with external stakeholders much simpler and faster. To support this, we launched the 1-page Attestation Letter.

How it works

All Cobalt customers can now generate an Attestation Letter under the “Reports” section. Here’s an example:

Letter Template Markup_061322

The letter shows information about:

  1. The pentest — sharing technical details, such as: 
     
    • Your company name;
    • The type of pentest service;
    • When it took place;
    • A summary of our pentesters’ methodology;

  2. The vendor — to confirm the document’s legitimacy, with details like:
    • Our principal places of business;
    • Our logo; 
    • Our contact information;
    • Confidentiality and trust components in the letter’s header and footer;

How to get the Attestation Letter

To view and download the Attestation Letter, you must first log into the Cobalt platform and navigate to “Pentests” on the left sidebar. Once your pentest information loads, you’ll see six options at the top of the page. Select “Report.” 

Attestation Letter Gif1

Expand the report dropdown menu and select “Attestation Letter.” You can now view the document in the Cobalt platform. 

Attestation Letter Gif2

To download the Attestation Letter, scroll back up to the top of the page and select “Download.” You can now share this document with external stakeholders. 

Attestation Letter Gif3

As we continue to lead Pentest as a Service (PtaaS), we look for ways to make pentest management a smoother, more efficient process for everyone. Explore UX improvements to Cobalt's PtaaS platform.

Curious to learn more? Schedule some time with one of our security experts and see the Cobalt platform in action!

New call-to-action

 

Back to Blog
About Yogi Petkar
Yogi Petkar has more than 15 years of experience working in the technology sector with companies ranging from fortune 500 to startups. He currently works at Cobalt, a fully remote cybersecurity company with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. He leads the Customer Experience Product Management team and shares regular PtaaS platform updates via his content deep dives highlighting new penetration testing features. More By Yogi Petkar
Platform Deep Dive: Co-branded Pentest Reports
As of July, partners can include their logo on pentest reports for our shared customers.
Blog
Jul 29, 2022
Platform Deep Dive: UX Improvements to Pentest Lists
An overview of the revamped Pentest tab, with new sorting and filtering options.
Blog
Jun 22, 2022
Platform Deep Dive: Lost Device Support for 2FA
Life happens and sometimes users lose their registered devices. We’ve now made it simpler to request a 2FA reset.
Blog
Jul 18, 2022