FAST TRACK
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.
FAST TRACK
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.

Cobalt Release Blog: October

Read about the improvements we launched to our PtaaS Platform last month: Agile Pentesting, improved role management, webhooks and more.

Welcome to the renewed Cobalt Release Blog! This highlights improvements in our Pentest as a Service (PtaaS), as well as useful information and best practices from our product teams, engineers, and pentesters.

The Headline

In October, we released a new offering called Agile Pentesting. Agile Pentests are more targeted in scope, as they focus on a specific area of an asset, or a specific vulnerability across an asset. With Agile Pentesting, you can accelerate a secure build-to-release timeline and align pentesting closer to your SDLC. Use cases include:

  • New release or feature testing

  • Delta testing

  • Exploitable vulnerability testing

  • Single OWASP category testing

  • Microservice testing

Learn more about the pentest types.

Agile Pentests require a minimum of 3 Cobalt credits. Each Agile Pentest includes an Automated Report that is designed for internal stakeholders.

Agile vs. Comprehensive Pentesting

Also in October:

 

For Customers

Improved Role Management

As an Organization Owner, you can now change roles right within the People page.

  1. Find the drop-down menu.

  2. Select the desired role.

  3. That’s it!

Changing roles in the platform

Upload Assets in Bulk

You can upload assets in bulk to the Cobalt platform using asset data stored in spreadsheets. This facilitates a single source of truth for pentesting. Learn more about creating assets or see Cobalt's platform firsthand with an on-demand PtaaS demo.

Upload Assets in Bulk

Webhooks UI

With webhooks, you can get real-time data on your pentests. To create and manage webhooks in the Cobalt app, navigate to the Integrations page > Webhooks.

We’ve documented the process in Get Pentest Updates with Webhooks.


New Partner Integrations: PlexTrac and anecdotes

CATEGORY: INTEGRATIONS

You can find help for integrating PlexTrac and anecdotes on the Integrations page.

  • Add Cobalt pentest findings into PlexTrac reports to aggregate vulnerability data from other security tools.

  • Integrate findings into the anecdotes.ai compliance operating system.

 

For Pentesters

Vulnerability Detector

CATEGORY: PENTESTER TOOLS

You can now scan assets for vulnerabilities with our Vulnerability Detector, powered by Nuclei. The tool runs automatic checks for findings. You can spot potential findings right in the platform faster, without having to detect them manually.

Email Notifications Improvements

CATEGORY: NOTIFICATIONS

When someone changes the state of a finding, you’ll receive an email notification with the username of the person who made the change.

Search Results

CATEGORY: EXPERIENCE

When you search for something in the Vulnerability Type or Organizations list, search results no longer appear truncated at the beginning.

Best Practices for Developers

Cobalt supports better practices in code. Based on their experiences, our pentesters have shared best code practices in several areas:

Back to Blog
About Graham Reed
Graham Reed is the Head of Product Operations at Cobalt, guiding the evolution of Cobalt's Pentest as a Service (PtaaS) platform. With more than a decade of experience in the product management space, he's passionate about supporting the company's mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of highly skilled testers. Graham is twice a start-up founder, a co-founder of the Product Mind Community, and has authored the book "The EdTechBook," exploring the use of holistic data analytics within education. More By Graham Reed
Cobalt Release Blog: February 2023
Read about the improvements we launched to our PtaaS Platform last month: new integrations, asset vulnerability updates, and more.
Blog
Mar 10, 2023