WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

Vulnerability Detector Improves Cobalt’s PtaaS Platform Efficiency

The Cobalt platform is designed for faster planning and remediation. We value that same level of quality and speed for our pentesters. Time spent on anything that isn’t the most critical vulnerability is potentially time that could be better spent elsewhere. 

That’s why we launched a Vulnerability Detector, powered by Nuclei for our pentesters. This scanner integration enables reliable automatic checks for our testers to focus more time on manual testing.

Cobalt’s Vulnerability Detector

Our Vulnerability Detector uses files describing desired requests and then runs them to find if vulnerabilities exist in certain URLs.

This enables automatic checks for specific findings, presenting “potential” findings to our testers, whose review adds a level of human validation. As a result, it is much quicker for our testers to accept/decline findings in the platform than to discover them manually. 

Pentester Tools: Three Ways Our Vulnerability Detector Increases Efficiency for the Cobalt Core

We take feedback straight from our Core to improve our product for pentesters. Some of the feedback is around bug fixes or issues, and sometimes it’s around how we can improve the product to increase efficiency. 

One of the ways we’ve incorporated pentester input is with our new Vulnerability Detector. Here are some of the ways this tool helps our Core:

1. Reduces the manual effort of running basic checks that can be reliably automated

In reality, every pentester runs automated scans or at least uses some automation to help establish the size of an asset. This is absolutely necessary when you want a full review of the security posture of an application. 

With a security scan, you scan systems and networks for a variety of weaknesses. Scanners identify many different vulnerable versions of applications and help identify risk levels.

However, all scanner findings need to be monitored closely with human intervention to guide the scanner and perform additional manual tests. That’s why we’ve invested in the Nuclei integration — to combine the power of a scanner and our human testers.

The energy and commitment from the community that contributes to Nuclei are what makes it a trustworthy source. There are hundreds of commits a week, including new checks (templates) and constant refinement of existing checks. Having a large user base creates a positive feedback loop, and we've heard from several customers that they use this tool as part of their security programs.

2. Reduces copy and paste from outside scanners 

The feedback from our Core is that they are using scanners to help identify vulnerabilities that are reliably automated. One of the ways we simplified their workflow and reduced time spent on manual copy-and-paste tasks is by integrating straight into a trusted scanner for easy finding creation.

3. Increases the time spent on issues that take more effort to uncover

While scanners are quick and easy to initially set up, they also have shortcomings in identifying complex business logic flaws and vulnerabilities that have multi-step operations.

A key component of manual testing comes from the human aspect which uses logic and ingenuity to discover system flaws or vulnerabilities related to business processes. With in-depth inspection, the testers often detect issues that appear during development but were missed by scanners.

Advantages of Manual Pentesting include:

  1. Human creativity allows for intelligent testing
  2. More in-depth than automatic solutions
  3. Dedicated testing team
  4. Eliminates false positives

The more time pentesters have to focus creatively to break down defenses, the more likely they are able to uncover vulnerabilities.

Meet our Pentesters

Our Core Community is comprised of 400+ highly vetted, certified pentesters to find the right skills to match your security requirements and business needs. This empowers the Cobalt platform to offer faster, smarter, and stronger pentests such as with faster pentesting start times, real-time collaboration, and scalable data-driven insights.

Learn more about Cobalt Core pentesters.

 

Back to Blog
About Morgan Pearson
Morgan Pearson is a Product Marketing Manager at Cobalt. She has a passion for data-driven growth and started her marketing career in 2015. Morgan works closely with our Product and Community teams to support the Cobalt Core. When she’s not focused on pentesting you can find her hiking or camping somewhere in Colorado with her family. More By Morgan Pearson
Cobalt Core Academy: Thick Client Pentesting with Harsh Bothra
Learn about thick client pentests in this Cobalt Core Academy with expert insights from Cobalt Lead, Harsh Bothra.
Blog
May 5, 2023
The Cobalt Core: Uncover the Power of a 400+ Community of Global Pentesters
Explore why customers trust the Cobalt Core and how this diverse and skilled community sets Cobalt apart from other PtaaS vendors.
Blog
Jun 22, 2023
Cobalt Release Blog: March 2023
Read about the improvements we launched to our PtaaS Platform last month: aggregated risk, improved notifications, pentester peer feedback, and achievement stats.
Blog
Apr 11, 2023