Customers asked, we answered: today, Cobalt announced Agile Pentesting, a new pentest offering that gives businesses greater flexibility and marks the next evolution in PtaaS. Agile Pentesting allows security and development teams to identify and address security gaps faster, accelerate their build-to-release timeline, and align pentesting more closely to DevSecOps workflows.
This blog post covers everything you need to know about the announcement: what it is, how it drives value, and how to win a free Agile Pentest on September 22nd.
Agile Pentesting: The Next Frontier in PtaaS
“Agile Pentesting marks the next stage in the evolution of PtaaS. Our customers were very clear in what they needed: pentesting that supports their own velocity of innovation. They don’t just pay lip service to DevSecOps, they’ve made it a reality. With this new offering, Cobalt is deepening its ability to meet the needs of modern security programs.”
- Russ Cobb, Chief Marketing Officer of Cobalt
Today’s businesses are contending with seismic shifts in the world of technology as well as what is broadly known as “the Great Resignation.” To support customers in these market dynamics, Cobalt pushes the pentesting boundaries further with Agile Pentesting: a more targeted engagement which can focus on a specific area of an asset, or a specific vulnerability across an asset.
The offering addresses multiple use cases for maximal value, based on what customers said they most needed:
- New release testing: Pentest a new release before or shortly after it reaches production.
- Delta feature testing: Pentest for incremental improvements based on code differences since date or version.
- Exploitable vulnerability testing: Pentest a single vulnerability or a small subset across an asset to validate fixes.
- Single OWASP category testing: Pentest a single OWASP category for a web/mobile/API asset.
- Microservice testing: Pentest Kubernetes within AWS, Azure, or GCP, as well as hosted network services.
Agile Pentesting allows organizations to proactively identify and address vulnerabilities at a faster, more frequent rate to minimize risk. In contrast to what Cobalt calls Comprehensive Pentesting, which is often done in support of business drivers like compliance or M&A activity, the new offering helps accelerate customers’ DevOps journeys while aligning with their CI/CD pipelines, allowing them to reap the following benefits:
- Maximize the output of security teams with smaller pentest engagements that often act as a “second set of eyes”
- Proactively identify and address security gaps at a faster rate to save time and minimize risk
- Accelerate secure build-to-release timelines by bringing pentesting closer to their SDLC
Strengthening Security With Both Comprehensive and Agile Pentests
Cobalt will continue to support Comprehensive Pentesting alongside Agile Pentesting to provide holistic security testing with PtaaS.
While the two offerings are different, they are also complementary. To understand why, you can think of your application as if it were a house. Each room represents its different components. Applying this metaphor to Comprehensive Pentesting would mean you’re looking for all vulnerability categories across an entire asset.
But what if the kitchen needs special attention? Maybe you want to spend time cleaning the fridge, the sink, and the oven — not the entire house. In a similar way, an Agile Pentest can be limited in scope, focused on just a piece of an asset, such as a new feature.
Alternatively, you may be hyper focused on cleaning up dirty laundry scattered around your house. In this case, the dirty laundry represents a specific vulnerability or subset of vulnerabilities. An Agile Pentest can focus on a specific vulnerability category (e.g. Log4j) across an entire asset.
Doing just one type of cleaning is never enough. It’s important to do both spot-checks and comprehensive clean-ups on a regular basis to have a healthy home. Conducting both Comprehensive and Agile Pentests can help ensure the security of your various assets across your environment, and the components within each.
In a recent report by Enterprise Strategy Group (ESG) on the economic benefits of PtaaS, analyst researchers found that "customers using Cobalt’s services reduce the time that vulnerabilities stay exposed by 66%, while lowering the total cost of the pentest by 53%, resulting in an expected return on investment (ROI) of 176% per engagement. With Cobalt, collaboration and highly skilled testers lead to excellent results and a massive reduction in risk exposure for companies of all sizes."
"With Agile Pentesting, Cobalt has plugged into our development cycle allowing us to skip lengthy scoping processes and test new features as needed. Our company releases software updates constantly, and this provides assurance that our products are well tested. Cobalt has achieved the Holy Grail of pentesting and made customers’ lives easier, mine included."
- Jeremy Galindo, Offensive Security Manager
Customers can start running Agile Pentests in the Cobalt platform on October 3, 2022. To celebrate this milestone, we’re raffling off three Agile Pentests (4 credits each) to three lucky winners. No prior purchase of Cobalt services are required. Sign up through our giveaway page until September 21st.