Cobalt PtaaS Tiers
We offer three PtaaS tiers to best suit your budget and testing goals.
To get started, check our pricing model, and select a plan that matches your testing expectations and business needs.
|For teams in need of a speedy, annual pentest to meet a compliance need or client request||For teams looking to build a structured pentest program to meet compliance needs and improve overall security||For teams looking to scale their pentest programs to meet compliance needs, increase testing frequency, and improve overall security|
The availability of some features in the Cobalt platform depends on the PtaaS tier that your organization purchased. Refer to the table below to learn more about our offerings.
|Offering||Standard Tier||Premium Tier||Enterprise Tier||Description|
|Self-service platform with Google OAuth 2.0 and two-factor authentication||✓||✓||✓||Users can sign in with a username and password or through Google authentication. An Organization Owner can enforce two-factor authentication for their organization to add an extra layer of security to user accounts.|
|SAML-based SSO||✓||✓||✓||An Organization Owner can configure SAML-based SSO for their organization to enhance the security of the sign-in process.|
|Best practice methodology and coverage checklist||✓||✓||✓||Our pentesters use pentest methodologies that are recognized as best practices in the security industry. They follow a coverage checklist based on OWASP standards to test your assets.|
|Detailed findings with recommended fixes||✓||✓||✓||When our pentesters find a vulnerability in your asset during a pentest, they submit findings and provide recommendations on how to fix them.|
|Real-time collaboration via Slack and the platform||✓||✓||✓||You get real-time updates from pentesters as they’re testing your asset—in a dedicated Slack channel and in the Cobalt platform. You can promptly follow up on the issues they reported.|
|Cobalt API||✓||✓||✓||Use the Cobalt RESTful API to integrate pentest data into your development and application security tools. Build your own integrations to streamline your workflows.|
|Start pentest within||3 business days||2 business days||1 business day||The pentest start time is based on your PtaaS tier and depends on when you’ve submitted all the required information for your pentest. We move the pentest to Planned, allocate pentesters—and they start testing your asset within the following timeframes:
|Free retesting duration||6 months||12 months||12 months||Free retesting duration for your pentest findings depends on your PtaaS tier:
|Customer Success Team||Pool||Named CSM||Named CSM||Our Customer Success Team includes a Customer Success Manager (CSM) and a Pentest Architect. We’ll onboard you to the Cobalt platform and support you during the pentest process.
|Native integrations (Jira, GitHub)||—||✓||✓|
|Customizable reports||—||✓||✓||Customize the contents of pentest reports.|
|Onboarding||—||Security + 1 dev team||All teams||Onboarding includes CSM-led calls in which your team and Cobalt align on the primary points of contact, success plans, and an inventory of your assets. In addition, a Cobalt Sales Engineer provides a comprehensive demo of the Cobalt platform, along with technical guidance on how to set up your first pentest.
|Strategic planning||—||Annual||Quarterly||We help you build and plan a test strategy for your assets on a regular basis:
|Quarterly maturity assessment||—||—||✓||Your CSM helps you take your pentesting program to the next level using objective scoring and concrete guidance. Our assessments are based on the Cobalt maturity framework that leverages data from more than 1,000 of our customers.|
|Custom pentester requests (geographical region, time zone, or testing windows)||—||—||✓||For the Enterprise tier, we’ll accommodate special requests regarding pentesters who perform the pentest, which includes:
Please reach out to your CSM to find out if we can accommodate your request.
|Credit rollover||—||—||Up to 10%||At the end of your calendar year of purchase, we’ll rollover up to 10% of your remaining credits to the next calendar year. Contact your CSM for more details.|
NoteCobalt offers security services beyond pentesting. Our goal is to be an ongoing resource for our customers and a true extension of their security team by helping them protect their broader IT ecosystems. For this reason, we offer a variety of professional services designed to boost the maturity of your current security program and improve your overall security posture.
View Your Organization’s Tier
- For some organizations, we don’t show their subscription plan on the Credits page.
Upgrade Your Plan
To upgrade your PtaaS tier, contact your Customer Success Manager or firstname.lastname@example.org.