Collaborate on Pentests

Work with pentesters and your team.

Collaborate with pentesters, your teammates, and Cobalt Staff throughout the pentest.

You can use the following communication channels:

As our pentesters test your asset, they update you on their progress in real time. Here’s what to expect:

  • Pentesters report vulnerabilities that they discover in your software.
  • You may get questions from our pentesters.
  • You can submit comments to pentesters and your teammates.
  • Cobalt Staff members may get in touch to ask you for help.

Collaborate in the Cobalt App

Beta

To enable this feature, contact your Customer Success Manager (CSM) or support@cobalt.io.

Communicate with pentesters and pentest collaborators in the Cobalt platform, without using third-party tools.

Navigate to Pentests, select a pentest, and then select the chat icon Chat icon.

Collaborate on a pentest in the Messages sidebar

In the sidebar that opens, you can see two tabs:

  • Pentester Updates: Read updates from our pentesters as they test your asset. On this tab, you can only view what pentesters posted. To start a conversation, go to the Chat tab.
    Read updates from pentesters on the Pentester Updates tab
  • Chat: Communicate with pentesters, pentest collaborators, and Cobalt Staff in real time.
    • To send a message, enter it in the input field, and then select Comment.
    • To mention a user in your message, type @, and select a user. Users get email notifications for each mention.
    • You can add emoji to your messages.
    • You can edit or delete your comments once posted.
      Use the chat to communicate on a pentest

As our pentesters share vulnerabilities that they find in real time, you can start remediating findings before the pentest is complete. Review and analyze each finding. You can:

Use Slack for Communication

You can communicate with pentesters and your teammates in a Slack channel dedicated for your pentest. To learn more about Slack channels, read the Slack documentation.

The image below illustrates how to use Slack throughout a pentest.

Communicate in Slack throughout a pentest

  1. Once we move your pentest to In Review, we create a dedicated Slack channel. On the pentest page, select the Slack icon Slack icon, and then select Open Slack Channel #.
  2. Add the colleagues of your choice to the Slack channel. Choose colleagues who can benefit from direct communication with our pentesters. To learn more about adding users to Slack, read the Slack documentation.
  3. Once we’ve moved your pentest to Planned, you’ll see your pentesters in the Slack channel.
  4. When the pentest goes Live, our pentesters share vulnerabilities that they find in real time. Start remediating findings before the pentest is complete.
    Here’s an example message from a pentester in Slack.

    Collaborate on a pentest in Slack
  5. Review and analyze each finding. You can:
  6. We keep the Slack channel open until you resolve all findings, which includes the following states:
    • Accepted Risk
    • Fixed
  7. We archive the Slack channel once we move the pentest to Closed.
    • If you need access to the archived channel, contact your Customer Success Manager (CSM) or support@cobalt.io.

Read Updates from Pentesters

Read updates from our pentesters as they test your asset.

Navigate to Pentests, select a pentest, and then select the chat icon Chat icon. You can view messages from pentesters in the sidebar that opens.

Read updates from pentesters in the Cobalt app

Last modified November 14, 2024