Event
Join cybersecurity experts from Slack, Riot Games, EY and more at our upcoming roadshow. 

The State of Pentesting 2022

Benchmark your application security against stats from over 2,300 pentests.

Development Teams
Understand security
  • Detailed breakdowns of the most common flaws in 2021, with notes on how to fix and prevent them in future code.
Lacking manpower
  • The numbers behind feature launch delays, why code quality is at risk, and why devs are pushed to de-prioritize security.
Security Teams
Address vulnerabilities
  • Stats on the most prevalent vulnerabilities, how teams manage risk, and what gets fixed.
Focus on talent
  • The numbers on how talent shortages weaken security and how teams can respond.
Development Teams
Understand security
  • Detailed breakdowns of the most common flaws in 2021, with notes on how to fix and prevent them in future code.
Lacking manpower
  • The numbers behind feature launch delays, why code quality is at risk, and why devs are pushed to de-prioritize security.
Security Teams
Address vulnerabilities
  • Stats on the most prevalent vulnerabilities, how teams manage risk, and what gets fixed.
Focus on talent
  • The numbers on how talent shortages weaken security and how teams can respond.

Top findings for 2021

Risk distribution

Cobalt-State of Pentesting-Risk-Remediation-Informational
Risk Level: Informational

Notes vulnerabilities of minimal risk to your business.

Cobalt-State of Pentesting-Risk-Remediation-Low
Risk Level: Low

Specifies common vulnerabilities with minimal impact on their own, but dangerous if successfully chained.

Cobalt-State of Pentesting-Risk-Remediation-Medium
Risk Level: Medium

Vulnerabilities that are
“Medium risk <> Medium impact,” “Low risk <> High impact,” or “High risk <> Low impact.”

Cobalt-State of Pentesting-Risk-Remediation-High
Risk Level: High

Impacts the security of your application platform/hardware, including supporting systems. Includes high probability vulnerabilities with a high business impact.

Cobalt-State of Pentesting-Risk-Remediation-Critical
Risk Level: Critical

Includes vulnerabilities such as administrative access, remote code execution, financial theft, and more.

Cobalt-State of Pentesting-Risk-Remediation-Informational-Mobile
Risk Level: Informational

Notes vulnerabilities of minimal risk to your business.

Cobalt-State of Pentesting-Risk-Remediation-Low-Mobile
Risk Level: Low

Specifies common vulnerabilities with minimal impact on their own, but dangerous if successfully chained.

Cobalt-State of Pentesting-Risk-Remediation-Medium-Mobile
Risk Level: Medium

Vulnerabilities that are “Medium ri sk <> Medium impact,” “Low risk <> High impact,” or “High risk <> Low impact.”

Cobalt-State of Pentesting-Risk-Remediation-High-Mobile
Risk Level: High

Impacts the security of your application platform/hardware, including supporting systems. Includes high probability vulnerabilities with a high business impact.

Cobalt-State of Pentesting-Risk-Remediation-Critical-Mobile
Risk Level: Critical

Includes vulnerabilities such as administrative access, remote code execution, financial theft, and more.

Security teams

Cobalt-State of Pentesting-Security Teams-Q1
QUESTION:

Is your security team dealing with talent shortages?

Cobalt-State of Pentesting-Security Teams-Q2
QUESTION:

Is it harder to monitor for vulnerabilities?

Cobalt-State of Pentesting-Security Teams-Q3
QUESTION:

Is it harder to monitor for and respond to detected incidents?

Cobalt-State of Pentesting-Security Teams-Q4
QUESTION:

Do critical vulnerabilities get patched more slowly?

Cobalt-State of Pentesting-Security Teams-Q5
QUESTION:

Do these challenges make you want to leave your job?

Cobalt-State of Pentesting-Security Teams-Q1-Mobile
QUESTION:

Is your security team dealing with talent shortages?

Cobalt-State of Pentesting-Security Teams-Q2-Mobile
QUESTION:

Is it harder to monitor for vulnerabilities?

Cobalt-State of Pentesting-Security Teams-Q3-Mobile
QUESTION:

Is it harder to monitor for and respond to detected incidents?

Cobalt-State of Pentesting-Security Teams-Q4-Mobile
QUESTION:

Do critical vulnerabilities get patched more slowly?

Cobalt-State of Pentesting-Security Teams-Q5-Mobile
QUESTION:

Do these challenges make you want to leave your job?


Development teams

Cobalt-State of Pentesting-Development Teams-Q1
QUESTION:

Is your development team dealing with talent shortages?

Cobalt-State of Pentesting-Development Teams-Q2
QUESTION:

Are talent shortages keeping you from adhering to code quality standards?

Cobalt-State of Pentesting-Development Teams-Q3
QUESTION:

Are you struggling to meet critical feature launch deadlines?

Cobalt-State of Pentesting-Development Teams-Q4
QUESTION:

Do talent shortages compromise the security of your code?

Cobalt-State of Pentesting-Development Teams-Q5
QUESTION:

Do these challenges make you want to leave your job?

Cobalt-State of Pentesting-Development Teams-Q1-Mobile
QUESTION:

Is your development team dealing with talent shortages?

Cobalt-State of Pentesting-Development Teams-Q2-Mobile
QUESTION:

Are talent shortages keeping you from adhering to code quality standards?

Cobalt-State of Pentesting-Development Teams-Q3-Mobile
QUESTION:

Are you struggling to meet critical feature launch deadlines?

Cobalt-State of Pentesting-Development Teams-Q4-Mobile
QUESTION:

Do talent shortages compromise the security of your code?

Cobalt-State of Pentesting-Development Teams-Q5-Mobile
QUESTION:

Do these challenges make you want to leave your job?

Download the report for the full picture

What you’ll learn

  • Technical breakdowns on how to find, fix, and prevent common security flaws
  • How teams handle vulnerabilities with different risk levels
  • The biggest talent gaps in security and development and their impact
  • What teams can do to nurture and retain their talent
Cobalt-State of Pentesting-State of Pentesting Book 2022-1
Cobalt-State of Pentesting-State of Pentesting Book 2022-2
Cobalt-State of Pentesting-State of Pentesting Book 2022-3
Cobalt-State of Pentesting-State of Pentesting Book 2022-4
Cobalt-State of Pentesting-State of Pentesting Book 2022-5