Pentest Process

Learn about the pentest lifecycle.

Explore the stages of the Cobalt Pentest as a Service (PtaaS) program.

Lifecycle of the Cobalt pentest program

	Stage	Description
1	Discover	Prepare for the pentest engagement. Map the attack surface of your software. Create an account on the Cobalt platform following our invitation. Our CSM team will get in touch with you.
2	Plan	Plan, scope, and schedule your pentest. See our Getting Started guide to learn how to launch a pentest. If you need help, contact us. Prepare the environment for our pentesters, such as set up test credentials for them. Note: Your organization is responsible for deleting/disabling or rotating any credentials issued during this test once the testing process is complete. Alert the stakeholders in your organization about the upcoming pentest. Once you’ve submitted the pentest, we’ll assign pentesters based on your technology stack.
3	Test	Pentesters test your asset using various pentest methodologies and techniques. Pentesters share vulnerabilities that they discover in real time, in Slack and in the Cobalt app. Learn more about collaborating on a pentest. At this stage, you can start remediating findings that pentesters discover. The standard testing period is 14 days. It may vary depending on the pentest scope and other factors.
4	Remediate	The testing process is complete. Remediate findings that pentesters discovered. You can submit a finding for retest or accept the risk. Retesting is included in the pentest program. Learn more about the free retesting duration. We recommend that you remediate findings promptly to minimize any potential security incidents that may arise from the identified vulnerabilities. At this stage, the Pentest Lead works on the pentest report. For Agile Pentests, you get an Automated Report. You can configure integrations to post findings to your preferred task management software.
5	Report	Download the pentest report to view a summary of vulnerabilities in your software. Share the report with stakeholders. The report will be available 2 to 3 business days after the pentest is complete. The content of the report differs depending on the report type.
6	Analyze	Once the pentest is complete, analyze the security posture of your asset. Deep dive into the pentest report to assess discovered vulnerabilities with your development and security teams. Take the required remediation actions. Identify what you expect from your next pentest for this asset.

Last modified November 14, 2024