Pentest Expectations

What happens after you’ve set up your pentest.

Our pentesters share what they’ve found before they submit your report.

Now that you’ve done all the work needed to set up a pentest, you might be anxious for results. Here’s what you can expect:

  1. Once you’ve finished setting up a pentest, select Pentests in the left-hand pane. You should see your pentest listed, with an In Review label.
  2. We’ll select the best available pentesters before the start of the pentest. The time we need depends on your PtaaS tier and any additional requests you have.
  3. Once our pentesters start the pentest, they’ll update you on their progress. You can collaborate on the pentest using the following communication channels:
    • Beta Messaging in the Cobalt app. Select Messages on the pentest page. In the sidebar that opens, you can read updates from pentesters and communicate in the chat.
  4. You may get questions from your pentesters. You can also elaborate on your requirements for the pentest.
  5. As our pentesters analyze your asset, they’ll add updates frequently. If they discover vulnerabilities ("findings"), you can start remediating them before the pentest is complete.
  6. Once the pentest is complete, we move it from Live to Remediation. Remember to delete/disable or rotate credentials to prevent unauthorized access or misuse once the testing period is over.
  7. Review and analyze each finding. You can:
  8. When your pentest is in Remediation or Closed, you can download pentest reports.
  9. We move your pentest to Closed once you’ve resolved all findings, which includes the following states:
    • Accepted Risk
    • Fixed
Last modified December 18, 2024