Image credit: Danny Leong
What does starting a pentest in 5 clicks mean?
To ensure a successful pentest, security teams put great effort into collecting essential information about their assets, along with defining the goals and objectives of the test. In a fast-paced environment where roles and responsibilities transition frequently, it becomes a daunting task to repeat the same information collection process— especially for certain critical assets that require regular and consecutive pentesting.
With our new Pentest Copy feature, we make it easier to transfer knowledge from a previous to an upcoming pentest with a click of a button. All that a team member has to do is define the dates for the new pentest and it is all set! This feature reduces security teams’ manual workload and allows for faster bootstrap in as little as 5 clicks.
Why is the Pentest Copy feature important?
Traditionally, security teams collect essential pentest data either by going through an exhaustive, organization-wide information gathering process or transferring it manually from one pentest to another. When this critical data, alongside the outputs of the pentest, is not stored in a centralized location, security team members often find themselves burdened with repetitive manual tasks to ensure that the important collateral is up to date and aligned with the latest pentest. This becomes an even bigger challenge if team members change or transition.
Now with the newest Pentest Copy feature, agile teams can duplicate a previous pentest and carry over the critical information —including the objectives, pentest team members, open findings, and even the number of Cobalt Credits — to the next test. All that remains is to define the dates for the new pentest and it’s all set! This feature reduces security teams’ manual workload and allows for faster pentest launch in as little as 5 clicks.
Every time a pentest is copied, each team member receives a notification on the platform and through email. Additionally, the Cobalt platform logs all copied pentests to maintain SOC2 compliance.
How it works
The Copy Pentest feature is visible for all users (org owner or org member) on the Cobalt Platform in the pentest listview under the pentest settings control. It’s possible to copy pentests that are in “In Review”, “Planned”, “Live”, “Remediation”, “Cancelled” or “Closed” states:
Copy button displayed on the Pentests tab
Once the user clicks on the “Copy” control, the platform confirms the request:
After confirmation, the platform makes a copy of the selected pentest and takes the user to the Pentest Wizard to confirm copied Objectives, Details, and the Timeline to set the start date. When everything is set, the user can save the changes for additional verification or move the pentest to the “In Review” state to schedule the next steps:
Pentest Wizard steps
Once the copied information is confirmed by the user, the new pentest appears in the listview either in “New” state or in “In Review” state depending on the choice made in the Pentest Wizard:
Copied pentest displayed on the Pentests tab
Every time a pentest is copied, the platform notification capability (email and in-platform) notifies all users (org owners and org members) of the action taken. From a SOC2 compliance point of view, all events performed on the platform are tracked, and Pentest Copy is no exception.
As we continue to lead Pentest as a Service (PtaaS), we are always looking for ways to ensure Cobalt is the most innovative solution for DevOps teams that want to implement security across the SDLC and optimize application security processes.