Platform Deep Dive: UX Improvements to Pentest Lists

Earlier this year, we started exploring ways to make managing pentests a faster and easier process. Our first target: improve how customers sort their pentests in the Cobalt platform using a revamped view and new filtering options. 

Revamping the Pentest View

Navigating pentest data is easy to achieve for a new customer who has just commissioned their first test. But when our platform hosts information on multiple tests, we need to make sure the process stays just as simple. There are also scenarios where users want to collect one detail from multiple tests, to answer questions like: 

• How many of my tests have the state “Live”? How many are “In Review”? 
• How many tests still have findings that are pending fixes? 
• Which of my upcoming tests will start first?

Rather than force users to click through each test, we want to make this data easily available. Each of these considerations contributed to the redesigned “Pentest” view.

Users can now see the following at a glance: 

• Type — The type of asset Cobalt pentested.
• Pentest Title — The name you’ve assigned to your pentest.
• Pentest ID — The unique number attached to each pentest.
• Test Period — The test’s start and end date; If the field is blank, it means the test hasn’t been scheduled yet.
• State — the current state the pentest is in, with the following options:
  
  
• Draft: You’ve started the Create a Pentest process. However, you may not have added the information that we need to start work on your pentest. 
  
  
• In Review: You’ve submitted the pentest. We’re reviewing your submission and will come back with questions if necessary. 
  
  
• Planned: We’ve accepted your proposed pentest and are assigning pentesters based on your technology stacks and methodology. 
  
  
• Live: We’ve started working on your pentest. 
  
  
• Paused: We’re unable to continue the pentest. You should see a reason in the associated Slack channel.
  
  
• Remediation: We’ve completed and shared the results of our pentest, including our vulnerability findings.
  
  
• Canceled: You’ve decided to cancel the pentest. We’ll keep it in our records in case you change your mind. 
  
  
• Findings Triaging — the number of findings being assessed and finalized by the Pentest Lead, reported for visibility.
• Findings Pending Fix — the number of findings validated by the Pentest Lead, and assigned with a severity level; these are now ready for remediation, and to be marked “Ready for Re-test” or “Accepted Risk.”
• Findings Re-Test — the number of findings fixed internally and ready for pentesters to verify. 
• Findings Resolved — the number of findings verified as fixed or marked as “Accepted Risk.”
• Action — options to change the pentest’s settings or create a duplicate.

Sorting & Filtering Options

Default settings organize pentests in chronological order, starting with the most recent. If a pentest doesn’t have a scheduled start date, it will show at the top. Users can re-order their information in a descending/ascending order for the “Title” and “Test Period” fields.

Users can also filter pentests based on their status by selecting one or multiple options: 

From here, they can click on a specific pentest to get a more detailed overview and download their report in a variety of formats. 

In case the account admin decides to restrict users’ access to specific pentests, the following message will show.

With these adjustments, we aim to introduce more consistency across our platform elements, and make pentest program management a faster, smoother, and more informative process.

Curious to learn more? Schedule some time with one of our security experts and see the Cobalt platform in action!