Create Test Finding

Prerequisites

• Cobalt staff must have created and set up a test organization for you. If not, please contact your customer success manager.

• You must be invited to the test organization, accept the invitation, and have an Owner role.

  

Create In-House Pentest

ⓘ Users must have the Team Member role to create a pentest.

ⓘ Refer to the Pentest Team Member section of the product documentation for more details.

1. Open the Pentests page from the sidebar and click Create Pentest.

   

   ⓘ If the Create Pentest button is disabled, the user role must be changed to Team Member. Learn how to switch the user role for an In-House Pentest.

2. Click Get Started if the In-House Pentest Beta feature is not yet enabled for your organization.

   

   ⓘ Skip this step if the In-House Pentest Beta feature is already enabled.

3. Click Enter the Beta to enable the In-House Pentest Beta feature.

   

   ⓘ Skip this step if the In-House Pentest Beta feature is already enabled.

4. Select the In-House Pentest type and asset you want to test, then click Continue.

   

   

   ⓘ You can create a dedicated asset for testing or use an existing one.

5. No changes are required on the Asset page. Click Next to proceed.

   

   ⓘ Renaming the pentest is optional but helps distinguish test pentests. Click the pencil icon next to the pentest name and confirm with Done.

6. On the Requirements page, set the following fields:

   • Targets
   • Objectives
   • Technology stack

   

   

   

   ⓘ The input content is irrelevant.

7. No changes are required on the Details page. Click Next to proceed.

   

8. On the Scope & Plan page, select the required Start and End dates, then click Save & Exit to create the pentest.

   

   ⓘ You can check the I’m a point of contact for this pentest checkbox.

9. The In-House pentest is now in the draft state. Click Move to Planned.

   

10. Confirm by clicking Move to Planned in the modal dialog.

    

Switch the User’s Role of an In-House Pentest

ⓘ Refer to the public documentation for more about user roles and associated permissions.

1. Go to the sidebar and select Pentests.

2. Choose an In-House Pentest from the list.

3. Open the Collaborators tab.

4. Click the dropdown for Role next to your username and select the desired role for the In-House Pentest.

   

   

   ⓘ The application will automatically reload after changing your pentest collaborator role.

Launch In-House Pentest

ⓘ The user must have the In-House Pentester role.

ⓘ Refer to the In-House Pentester section of the product documentation for more details.

1. Select Pentests from the sidebar.

2. Choose the In-House Pentest you want to launch.

   ⓘ The pentest should be in the planned state.

3. Click the Launch Pentest button.

   

   ⓘ The pentest state changes to live.

   ⓘ If the Launch Pentest button is disabled, the user role must be changed to In-House Pentester. Learn how to switch the user role for an In-House Pentest.

Create Test Finding

ⓘ The pentest must be live to submit findings.

ⓘ The user must have the In-House Pentester role.

ⓘ Refer to the In-House Pentester section of the product documentation for more details.

1. Select Pentests from the sidebar.

2. Choose an In-House Pentest from the list to populate with test findings.

3. Click Submit Finding.

   

   ⓘ If the Submit Finding button is disabled, the user role must be changed to In-House Pentester. Learn how to switch the user role for an In-House Pentest.

   Provide the following information to create a test finding:

   • Vulnerability type
   • Description
   • Proof of Concept
   • Severity
   • Suggested fix

   

   

   

   

   ⓘ The input content is irrelevant but must meet validation constraints. For example, the severity must contain at least 3 characters.

4. Click Submit for Triaging at the bottom of the page when all required information is set.

   

5. The pentest finding is now in the Triaging state.

   

6. Change the finding state to Pending Fix from the State dropdown and submit the evaluation.

   

7. Set the Likelihood and the Business Impact values by clicking the circles (●) and then the Submit evaluation button.

   

8. The pentest finding is now in the Pending Fix state.

   

9. View all pentest findings.

   

   ⓘ Once you have added test findings to the In-House Pentest, remember to switch the user role back to Team Member. If you remain in the In-House Pentester role, certain integration-related UI elements, such as external tickets or the Integrations tab, will be hidden.