Digital Risk Assessment

Review details & methodology for Digital Risk Assessments.

Digital Risk Assessment

A Digital Risk Assessment (DRA) is a systematic process for identifying, analyzing, and prioritizing potential threats and vulnerabilities from an attacker’s perspective within an organization’s digital ecosystem.

Digital Risk Assessment is a type of engagement outside of our standard Pentesting as a Service. Refer to the below chart for details of a Digital Risk Assessment.

FeatureDescription
Fulfilled byCybersecurity Services
Number of creditsTypically between 6 - 12 credits, dependent on scope
Number of testers1 tester
CollaborationSlack
RetestingYes - according to your credit tier
Earliest start dateEarliest start date will be based on availability. Typical start dates of 3-5 business dates once test is submitted to In Review
Test durationTypically 10 days. Finalized once test is moved to Planned
Report due date5 business days after the test end date.
Kick off callAvailable upon request
Debrief callAvailable upon request

Methodology Details

Cobalt will use publicly available information and commonly used OSINT methodologies and tooling (such as those documented at https://osintframework.com) to assess an organization from an external, adversarial perspective. Cobalt will employ a passive approach to OSINT reconnaissance.

Activities conducted within a Digital Risk Assessment are noted within the brief:

  • Company research
  • Domain and host enumeration
  • Email, name, phone, and username harvesting
  • Advanced Search Engine Operators (“dorks”)
  • Attempts to identify code used for internal applications
  • Password dumps
  • Attempts to identify sensitive or proprietary indexed files
  • Identification of employee badges on social media sites
  • Building layouts
  • Online brand protection
Last modified December 18, 2024