Collaborate on Pentests
Collaborate with pentesters, your teammates, and Cobalt Staff throughout the pentest.
You can use the following communication channels:
- Beta Messaging in the Cobalt app
- A Slack channel dedicated for your pentest
- Pentester Updates sidebar in the Cobalt app
As our pentesters test your asset, they update you on their progress in real time. Here’s what to expect:
- Pentesters report vulnerabilities that they discover in your software.
- You may get questions from our pentesters.
- You can submit comments to pentesters and your teammates.
- Cobalt Staff members may get in touch to ask you for help.
Collaborate in the Cobalt App
Communicate with pentesters and pentest collaborators in the Cobalt platform, without using third-party tools.
Navigate to Pentests, select a pentest, and then select the chat icon .
In the sidebar that opens, you can see two tabs:
- Pentester Updates: Read updates from our pentesters as they test your asset. On this tab, you can only view what pentesters posted. To start a conversation, go to the Chat tab.
- Chat: Communicate with pentesters, pentest collaborators, and Cobalt Staff in real time.
- To send a message, enter it in the input field, and then select Comment.
- To mention a user in your message, type @, and select a user. Users get email notifications for each mention.
- You can add emoji to your messages.
- You can edit or delete your comments once posted.
As our pentesters share vulnerabilities that they find in real time, you can start remediating findings before the pentest is complete. Review and analyze each finding. You can:
- Fix the finding and submit it for retest
- Mark the finding as Accepted Risk
Use Slack for Communication
You can communicate with pentesters and your teammates in a Slack channel dedicated for your pentest. To learn more about Slack channels, read the Slack documentation.
Note
The Slack channel is available until your pentest is Closed.The image below illustrates how to use Slack throughout a pentest.
- Once we move your pentest to In Review, we create a dedicated Slack channel. On the pentest page, select the Slack icon , and then select Open Slack Channel #.
- If you don’t have access to the Slack channel, contact your Customer Success Manager (CSM) or support@cobalt.io.
- If you’re new to Slack, read the Slack documentation for help.
- Add the colleagues of your choice to the Slack channel. Choose colleagues who can benefit from direct communication with our pentesters. To learn more about adding users to Slack, read the Slack documentation.
- Once we’ve moved your pentest to Planned, you’ll see your pentesters in the Slack channel.
- When the pentest goes Live, our pentesters share vulnerabilities that they find in real time. Start remediating findings before the pentest is complete.
Here’s an example message from a pentester in Slack. - Review and analyze each finding. You can:
- Fix the finding and submit it for retest
- Mark the finding as Accepted Risk
- We keep the Slack channel open until you resolve all findings, which includes the following states:
- Accepted Risk
- Fixed
- We archive the Slack channel once we move the pentest to Closed.
- If you need access to the archived channel, contact your Customer Success Manager (CSM) or support@cobalt.io.
Read Updates from Pentesters
Read updates from our pentesters as they test your asset.
Navigate to Pentests, select a pentest, and then select the chat icon . You can view messages from pentesters in the sidebar that opens.