Information needed to set up your pentest.
Visualize your journey with Cobalt, and launch your first pentest to make your security stronger.
Take your first steps to get started:
- Prepare for a pentest
- Launch a pentest
- Read answers to frequently asked questions
- Learn how to get in touch with Cobalt
Prepare for a Pentest
- Make your teams aware of the upcoming pentest.
- Notify everyone who should be aware of the pentest. Ensure that the pentest doesn’t disrupt anyone’s workflows.
- Prepare credentials and account details for pentesters.
- Be responsive to pentest results.
- Be available to help find solutions to problems.
- Most of the time pentesters are cautious and don’t perform any actions that have detrimental effects on your software. However, as a precautionary measure, you should prepare for the worst. Prepare a backup copy of your software (especially when testing a production environment), and have a team ready to respond to any unexpected events.
- Establish communication with pentesters in Slack, and let them know you are there—available and responsive.
- Communicate significant changes to your environment made during a test to pentesters.
- If you make significant changes to your environment during a test (including remediating vulnerabilities), make sure to communicate this to our pentesters. Any major updates to your asset that you make when the pentest is Live may impact pentesters’ workflows and the testing process.
Launch a Pentest
- Define your assets. Our pentesters analyze all kinds of assets, from web apps to internal networks.
- Select the pentest type. We offer Agile and Comprehensive Pentests.
- Review your asset.
- Set requirements for your pentest.
- By default, our pentesters use standards defined by the Open Web Application Security Project (OWASP) and in the Open Source Security Testing Methodology Manual.
- Add and modify the objectives of your choice.
- To help our penetration testers, include more information about your asset, such as architecture and coding language. You’ll see more details about what to include when you define your assets.
- Define details of your environment. Is your asset in production or in development? Is part of your system on a Cloud platform?
- Plan and scope the test. Define your desired pentest start date, and specify the pentest scope. We need time to find the best available pentesters for your assets.
- Review your pentest request to make sure you’ve included all information that our pentesters need.
Once you’ve set up a pentest, we start analyzing your asset. When possible, we share results even before we create your report. Here’s what you can expect.
Frequently Asked Questions
Click to view answers.
When you receive an email invitation from Cobalt, you join a specific organization with a role assigned to you. Within an organization, you and your team get access to the Cobalt platform and the pentest experience. Learn more about organizations.
Organization Owners can manage users for their organization. For instructions, see Invite Users.
To learn more, please see User Roles and Permissions.
For pentests, an asset is a software component of value, such as a web application or API. Learn more about the asset types we support. Once you've created an asset, you can launch pentests for it.
Get in Touch
If you need help, don’t hesitate to contact us.
- If you have a named Customer Success Manager, get in touch with them.
- Otherwise, submit a ticket or send an email to firstname.lastname@example.org.
We process support requests within one business day.
Start the pentest process. Sign in to the Cobalt app.
Security professionals perform pentests on your assets. Collect the info they need.
Start setting up your pentest.
Verify asset details.
Set requirements for the pentest.
Describe key details of your pentest.
Set up a schedule. Scope the pentest.
Review your pentest request.
What happens after you’ve set up your pentest.
Learn more about the language of software security.
Last modified June.06.2023