Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Platform Deep Dive: New Risk Advisories Enrich Findings With CVE and NVD Data

Uncover the potential risks in your tech stack all in one platform and make an informed security plan.

More and more information comes online to help security teams understand their threat landscape. For example, MITRE’s Common Vulnerability Enumerators (CVEs) list and NIST’s National Vulnerability Database (NVD) share valuable information on known vulnerabilities and how to remediate them. 

But while these databases are extensive, they rarely offer information tailored to teams’ specific assets, forcing users to search for different asset categories or vulnerabilities manually one at a time. 

We saw an opportunity to solve this problem: As customers add the assets they want pentested, Cobalt can now pull relevant vulnerability information via the databases’ APIs and organize it into a singular view. 

As a result, customers can find relevant information more quickly, understand their wider threat environment, and make more informed decisions. 

Tailored Risk Advisories Directly in the Cobalt Platform

With this new feature, customers can now access updated list views and tabs with CVE data tailored to their asset types directly in the Cobalt platform.  

CVE Data in Platform

With easier access to this information, customers no longer need to manually research databases. Not only does this save time, it can also help teams achieve the following:

Security Professionals can…

  • Use the advisories as part of an overall environmental threat assessment process;
  • Integrate the information into a pre-existing update and patching workflow;
  • Take this data to budget-holders as justification for internal engineering work and further pentesting; 

Non-Technical Org Owners/Collaborators can…

  • Get a better understanding of their operational environment and threat landscape;
  • Liaise with security professionals (either internal or Cobalt) to get a better understanding of technical details within the advisories;
  • Use aggregated risk advisory data to justify pentest spend;

Getting Set Up

To take advantage of this feature, users first need to fill in information about their assets using a new “Technology Stack” field.  

Technology Stack Field

Users should then go to the “Assets” tab. The Risk Advisory column will show how many potential vulnerabilities each asset could be susceptible to, based on the 'Tech Stack' entries matched against the CVE database. 

If a user hovers over the number, they will receive a breakdown on the criticality levels of these potential vulnerabilities. If a user clicks on it, they will go directly to the Risk Advisories detail page.

Alternatively, users can click into an asset and manually select the Risk Advisories tab on the bottom of the page.  

Users can then click on the individual CVE links, which will take them directly to the corresponding NVD CVE detail page. There they can get more information and links to vendor sites for remediation options.

NVD reference link

Uncover the potential risks in your tech stack all in one place to make more informed security decisions. Explore more with Cobalt's Risk Advisory integration feature.

Back to Blog
About Graham Reed
Graham Reed is the Head of Product Operations at Cobalt, guiding the evolution of Cobalt's Pentest as a Service (PtaaS) platform. With more than a decade of experience in the product management space, he's passionate about supporting the company's mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of highly skilled testers. Graham is twice a start-up founder, a co-founder of the Product Mind Community, and has authored the book "The EdTechBook," exploring the use of holistic data analytics within education. More By Graham Reed