WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

Cobalt Launches Public API to Further Modernize Pentesting

Learn how our latest feature can give you more flexibility with your pentest data.

We are thrilled to announce the launch of the Cobalt API. As of today, customers can easily integrate data on their assets, pentests, and findings into the rest of their technology stack.

This addition is a critical step in our mission to modernize pentesting. We enable teams to manage their data more easily and build a holistic view of their vulnerability and application landscape. Going even further, we enable customers to more easily manage other parts of their security programs by integrating their pentest data into their existing security and development tools. Learn more about this feature’s impact on Cobalt's Pentest as a Service (PtaaS) model in our latest press release.

“By integrating key pentest findings directly into security and development tools, customers can automate the process of collecting evidence of their pentest to their auditors, while also ensuring that all findings are remediated. Cobalt's PtaaS model is helping the industry move in the direction of more frequent pentests, which provides greater assurance than traditional annual, manual pentests.”- Patrick Murray, Chief Product Officer at Tugboat Logic

Customers can use the Cobalt API to achieve three things: integrate, automate, and analyze.

Cobalt-API__1_

Integrate

  • Consume and interact with their pentest data in the tool of their choice.
  • Streamline the communication between security and development.
  • Get unlimited access to their pentests and associated data.

Automate

  • Feed their internal security dashboard with custom pentest data.
  • Automatically push pentest findings to their internal system(s).
  • Accelerate their remediation cycle by automating the pentesting process.

Analyze

  • Use data to calculate internal performance metrics and track historical progress.
  • Get comprehensive information about their assets, associated findings, and events.
  • Define filters to include criteria, and make the query more specific.

To get started, customers can access their API Token from their profile dropdown.

API_GIF_1

We also recommend checking out our API documentation on authorization, data categories, and troubleshooting.

FAQ

What kind of activities does the Cobalt API support?

With the current version of our API, customers can:

  • Get a list of all organizations their user profile belongs to.
  • Create/revoke a single personal API Token from their profile dropdown.
  • Use their personal API Token in querying for assets, findings, and pentests that belong to a selected organization.
  • Get a list of assets that belong to the selected organization.
  • Get a list of all pentest findings that belong to the selected organization, filter them by pentest ID or asset ID.
  • Get a list of all pentests that belong to the selected organization.
  • Get a list of events happening across the organization.
  • Get a list of tokens that belong to them, or request a new one.

Do I have to pay extra to use the Cobalt API?

The features we’ve described in this post are available for free for Cobalt customers.

Will you be adding more capabilities to your API?

Short answer: yes.

This initial release is a read-only API, meaning customers can pull data out of our platform, but not push any data into it. Our engineers have already begun developing functions that address this, along with event triggers and webhooks that enable the platform to listen to changes in other authorized tools. Make sure to check out our Integrations page for more info! 

New call-to-action

Back to Blog
About Cobalt
Cobalt combines talent and technology to provide end-to-end offensive security solutions that enable organizations to remediate risk across a dynamically changing attack surface. As the innovators of Pentest as a Service (PtaaS), Cobalt empowers businesses to optimize their existing resources, access an on-demand community of trusted security experts, expedite remediation cycles, and share real-time updates and progress with internal teams to mitigate future risk. More By Cobalt
ESG Report: Cobalt Customers Fix Vulnerabilities 66% Faster for Half the Cost
Enterprise Strategy Group (ESG) put us to the test, analyzing Cobalt-provided material, public and industry knowledge of pentesting and security practices, and the results of customer interviews and subject-matter experts. 
Blog
Aug 3, 2022
New Cobalt Offering: Agile Pentesting for Faster, More Targeted Testing
Today, Cobalt announced Agile Pentesting, a new pentest offering that gives businesses greater flexibility and marks the next evolution in PtaaS.
Blog
Sep 7, 2022