The Cobalt team has been hard at work to improve our platform’s user experience. In this Deep Dive, we’ll go over a recent update to the final and arguably most critical deliverable of any pentest: the report.
What’s an attestation letter?
Attestation letters are written statements that confirm something is true or authentic. In the context of pentesting, they’re documents acting as proof that a company has commissioned a third party to perform one or several pentests. The most common use for these documents is to share them with external stakeholders — auditors, prospects, or customers.
Cobalt provides proof of pentests in a variety of formats:
- Full Report
- Full Report + Findings
- Customer Letter
- Attestation Report
These documents include a range of details, from the test’s methodology, to the discovered findings, and remediation recommendations. Each is customizable, but none can be cut down to a single page that simply confirms Cobalt has pentested a customer’s assets.
A more succinct format would make communication with external stakeholders much simpler and faster. To support this, we launched the 1-page Attestation Letter.
How it works
All Cobalt customers can now generate an Attestation Letter under the “Reports” section. Here’s an example:
The letter shows information about:
- The pentest — sharing technical details, such as:
- Your company name;
- The type of pentest service;
- When it took place;
- A summary of our pentesters’ methodology;
- The vendor — to confirm the document’s legitimacy, with details like:
- Our principal places of business;
- Our logo;
- Our contact information;
- Confidentiality and trust components in the letter’s header and footer;
How to get the Attestation Letter
To view and download the Attestation Letter, you must first log into the Cobalt platform and navigate to “Pentests” on the left sidebar. Once your pentest information loads, you’ll see six options at the top of the page. Select “Report.”
Expand the report dropdown menu and select “Attestation Letter.” You can now view the document in the Cobalt platform.
To download the Attestation Letter, scroll back up to the top of the page and select “Download.” You can now share this document with external stakeholders.
As we continue to lead Pentest as a Service (PtaaS), we look for ways to make pentest management a smoother, more efficient process for everyone. Explore UX improvements to Cobalt's PtaaS platform.
Curious to learn more? Schedule some time with one of our security experts and see the Cobalt platform in action!