Welcome to the renewed Cobalt Release Blog! This highlights improvements in our Pentest as a Service (PtaaS), as well as useful information and best practices from our product teams, engineers, and pentesters.
In October, we released a new offering called Agile Pentesting. Agile Pentests are more targeted in scope, as they focus on a specific area of an asset, or a specific vulnerability across an asset. With Agile Pentesting, you can accelerate a secure build-to-release timeline and align pentesting closer to your SDLC. Use cases include:
New release or feature testing
Exploitable vulnerability testing
Single OWASP category testing
Learn more about the pentest types.
Agile Pentests require a minimum of 3 Cobalt credits. Each Agile Pentest includes an Automated Report that is designed for internal stakeholders.
Also in October:
Improved Role Management
As an Organization Owner, you can now change roles right within the People page.
Find the drop-down menu.
Select the desired role.
Upload Assets in Bulk
You can upload assets in bulk to the Cobalt platform using asset data stored in spreadsheets. This facilitates a single source of truth for pentesting. Learn more about creating assets or see Cobalt's platform firsthand with an on-demand PtaaS demo.
With webhooks, you can get real-time data on your pentests. To create and manage webhooks in the Cobalt app, navigate to the Integrations page > Webhooks.
We’ve documented the process in Get Pentest Updates with Webhooks.
New Partner Integrations: PlexTrac and anecdotes
Add Cobalt pentest findings into PlexTrac reports to aggregate vulnerability data from other security tools.
Integrate findings into the anecdotes.ai compliance operating system.
CATEGORY: PENTESTER TOOLS
You can now scan assets for vulnerabilities with our Vulnerability Detector, powered by Nuclei. The tool runs automatic checks for findings. You can spot potential findings right in the platform faster, without having to detect them manually.
Email Notifications Improvements
When someone changes the state of a finding, you’ll receive an email notification with the username of the person who made the change.
When you search for something in the Vulnerability Type or Organizations list, search results no longer appear truncated at the beginning.
Best Practices for Developers
Cobalt supports better practices in code. Based on their experiences, our pentesters have shared best code practices in several areas: