Cobalt PtaaS Tiers

Learn more about our pricing packages, also known as PtaaS tiers.

We offer three PtaaS tiers to best suit your budget and testing goals.

To get started, check our pricing model, and select a plan that matches your testing expectations and business needs.

StandardPremiumEnterprise
For teams in need of a speedy, annual pentest to meet a compliance need or client requestFor teams looking to build a structured pentest program to meet compliance needs and improve overall securityFor teams looking to scale their pentest programs to meet compliance needs, increase testing frequency, and improve overall security

Offering Details

The availability of some features in the Cobalt platform depends on the PtaaS tier that your organization purchased. Refer to the table below to learn more about our offerings.

OfferingStandard TierPremium TierEnterprise TierDescription
Self-service platform with Google OAuth 2.0 and two-factor authenticationUsers can sign in with a username and password or through Google authentication. An Organization Owner can enforce two-factor authentication for their organization to add an extra layer of security to user accounts.
SAML-based SSOAn Organization Owner can configure SAML-based SSO for their organization to enhance the security of the sign-in process.
Best practice methodology and coverage checklistOur pentesters use pentest methodologies that are recognized as best practices in the security industry. They follow a coverage checklist based on OWASP standards to test your assets.
Detailed findings with recommended fixesWhen our pentesters find a vulnerability in your asset during a pentest, they submit findings and provide recommendations on how to fix them.
Real-time collaboration via Slack and the platformYou get real-time updates from pentesters as they’re testing your asset—in a dedicated Slack channel and in the Cobalt platform. You can promptly follow up on the issues they reported.
Cobalt APIUse the Cobalt RESTful API to integrate pentest data into your development and application security tools. Build your own integrations to streamline your workflows.
GroupsAn Organization Owner can create groups and manage access to assets, pentests, and findings.
Start pentest within3 business days2 business days1 business dayThe pentest start time is based on your PtaaS tier and depends on when you’ve submitted all the required information for your pentest. We move the pentest to Planned, allocate pentesters—and they start testing your asset within the following timeframes:
  • Standard tier: 3 business days
  • Premium tier: 2 business days
  • Enterprise tier: 1 business day
Free retesting duration6 months12 months12 monthsFree retesting duration for your pentest findings depends on your PtaaS tier:
  • Standard tier: 6 months
  • Premium and Enterprise tiers: 12 months
The timeline for retesting starts after your pentest end date within an active contract. Mark your findings as Ready for Retest at least 10 days before your contract ends.
Customer Success TeamPoolNamed CSMNamed CSMOur Customer Success Team includes a Customer Success Manager (CSM) and a Pentest Architect. We’ll onboard you to the Cobalt platform and support you during the pentest process.
  • Standard tier: A pool of CSMs provide support through email when you need help.
  • Premium and Enterprise tiers: You get a named CSM.
Native integrations (Jira, GitHub, Azure DevOps)
  • Jira: Synchronize Cobalt findings with Jira tickets bi-directionally (Cloud and Server).
  • GitHub: Push Cobalt findings as issues to GitHub (Cloud only).
  • Azure DevOps: Push Cobalt findings as work items to Azure DevOps Boards.
Customizable reportsCustomize the contents of pentest reports.
OnboardingSecurity + 1 dev teamAll teamsOnboarding includes CSM-led calls in which your team and Cobalt align on the primary points of contact, success plans, and an inventory of your assets. In addition, a Cobalt Sales Engineer provides a comprehensive demo of the Cobalt platform, along with technical guidance on how to set up your first pentest.
  • Premium tier: onboarding for up to 2 teams
  • Enterprise tier: onboarding for all teams
Strategic planningAnnualQuarterlyWe help you build and plan a test strategy for your assets on a regular basis:
  • Premium tier: annually
  • Enterprise tier: quarterly
Your CSM arranges a meeting to better understand your security needs and asset criticality and draft an appropriate pentest schedule.
Quarterly maturity assessmentYour CSM helps you take your pentesting program to the next level using objective scoring and concrete guidance. Our assessments are based on the Cobalt maturity framework that leverages data from more than 1,000 of our customers.
Custom pentester requests (geographical region, time zone, or testing windows)For the Enterprise tier, we’ll accommodate special requests regarding pentesters who perform the pentest, which includes:
  • Staffing a pentest with pentesters from a specific region or time zone; or
  • Ensuring that pentesters can communicate with you and/or perform testing at specified times.
We’ll facilitate other requests on a case-by-case basis. All custom requests are subject to Cobalt availability. We may not be able to accommodate more than one such request per pentest.

Please reach out to your CSM to find out if we can accommodate your request.
Credit rolloverUp to 10%At the end of your calendar year of purchase, we’ll rollover up to 10% of your remaining credits to the next calendar year. Contact your CSM for more details.

View Your Organization’s Tier

As an Organization Owner or Member, you can view your organization’s tier on the Credits page. In the UI, it appears as Subscription Plan.

  • For some organizations, we don’t show their subscription plan on the Credits page.

View your organization’s tier on the Credits page

Upgrade Your Plan

To upgrade your PtaaS tier, contact your Customer Success Manager or support@cobalt.io.

Last modified November 14, 2024