See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.

Introducing Dynamic Application Security Testing (DAST) in the Cobalt Platform

Cobalt, the pioneer of Pentest as a Service (PtaaS), is excited to announce the general availability of dynamic application security testing (DAST) in the Cobalt platform. Combining the power of PtaaS with the agility of DAST empowers security and development teams with a more comprehensive solution for assessing and mitigating application-based risk. 

The complexity of today's applications, paired with the persistent targeting of web applications by attackers, makes it more imperative than ever to ensure proper security controls and standards for applications and APIs. Traditional security assessment methods often fall short in providing ongoing, real-time insight, leading to potential blind spots or trailing remediation.

Integrating PtaaS and DAST addresses this challenge by enabling our customers to achieve continuous-yet-scalable security testing. Our DAST scan engine is available to customers in a fully self-service capacity, so they can run scans and access results on demand. The outcome? Improved insight with real-time analysis, accurate identification of vulnerabilities, and quicker validation of vulnerabilities.

How DAST Enables Continuous Risk Reduction in Applications

Increased Visibility

DAST explores every corner of users' web applications, ensuring ultimate coverage for a thorough and reliable security assessment. DAST can identify vulnerabilities not apparent in static analysis, offering dynamic visibility into runtime behavior and potential security weaknesses. Additionally, the findings from a DAST scan indicate the prioritization of vulnerabilities for remediation, so teams know where to focus their efforts and attention.

Quality Results

Cobalt DAST has a near-zero false positive rate. Every detected vulnerability should be perceived as a genuine security gap or exposure that demands attention, and comes with actionable guidance for mitigating that risk. Over time, you’ll reduce your application-based attack surface, uplevel your application security testing program, and improve your compliance & regulatory posture.

Comprehensive Scalability

Automated scanning with Cobalt DAST can integrate into existing software development lifecycle (SDLC) and continuous integration/continuous deployment (CI/CD) pipelines, minimizing disruption to daily operations and ongoing innovation. By incorporating security into the development process, enterprises can identify and remediate vulnerabilities earlier in the lifecycle, reducing the cost and time associated with fixing issues in later stages.

How to Start Scanning Apps with Cobalt DAST in 3 Simple Steps


STEP 1: Create, manage, and initiate or schedule scans for your targets.

Easily add targets for scanning. A target is the URL of a web application or website that defines the scope of your DAST scan. Scanning can be performed on an ad-hoc basis, or scheduled for more repeatable, regular testing.

Start adding targets today — all Cobalt PtaaS customers receive 1 complimentary target for DAST scanning.

DAST-Scans_step-2-3STEP 2: See your complete scan history, and take action on any discovered vulnerabilities.

Cobalt DAST is available entirely self-service, enabling on-demand access to scanning and findings. This empowers teams to take action on discovered risks quickly, before they can be exploited. 

Additionally, summary and compliance reports are available for download as soon as scans are completed.


STEP 3: See and manage scheduled scans for your targets.

Cobalt DAST enables scan scheduling so you can plan ahead for assets that require periodic, iterative testing. In this view, you can quickly understand the scanning cadence currently planned for your application testing program.


Cobalt is empowering security and development teams with more comprehensive and scalable ways to tackle application risk. Starting today, all Cobalt customers with a PtaaS subscription will receive one complimentary target for DAST scanning.

To get started with Cobalt, learn more about our full portfolio of application security solutions.

For Cobalt PtaaS customers looking to add DAST scanning for multiple targets, reach out to your Customer Success Manager. Explore more features of DAST with the reoccurring scheduler and sequence recorder.

DAST scanning blog cta

Back to Blog
About Vivian Ma
Vivian Ma is a member of the marketing team Cobalt. When she isn’t evangelizing Pentesting as a Service and Cyber Threat Exposure Management for the masses, Vivian focuses on her role as Senior Product Marketing Manager at Cobalt, a fully remote cybersecurity company with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. More By Vivian Ma