Digital Risk Assessment

Review details & methodology for Digital Risk Assessments.

Digital Risk Assessment

A Digital Risk Assessment (DRA) is a systematic process for identifying, analyzing, and prioritizing potential threats and vulnerabilities from an attacker’s perspective within an organization’s digital ecosystem.

Digital Risk Assessment is a type of engagement outside of our standard Pentesting as a Service. Refer to the below chart for details of a Digital Risk Assessment.

Feature Description
Fulfilled by Cybersecurity Services
Number of credits Typically between 6 - 12 credits, dependent on scope
Number of testers 1 tester
Collaboration Slack
Retesting Yes - according to your credit tier
Earliest start date Earliest start date will be based on availability. Typical start dates of 3-5 business dates once test is submitted to In Review
Test duration Typically 10 days. Finalized once test is moved to Planned
Report due date 5 business days after the test end date. Report will be delivered as a PDF within Reports section of the platform
Kick off call Not included
Debrief call Not included

Methodology Details

Cobalt will use publicly available information and commonly used OSINT methodologies and tooling (such as those documented at to assess an organization from an external, adversarial perspective. Cobalt will employ a passive approach to OSINT reconnaissance. Activities conducted within a Digital Risk Assessment are noted within the brief:

  • Advanced Search Engine Operators (“dorks”)
  • Attempts to identify sensitive or proprietary indexed files
  • Password dumps
  • Attempts to identify code used for internal applications
  • Email, name, phone, and username harvesting
  • Identification of employee badges on social media sites
  • Company research
  • Building layouts
  • Domain and host enumeration

Was this page helpful?

Yes No Create an Issue

Last modified April.04.2024