Pentest Types

Select the pentest type based on your scope and goals.

You can launch the following pentests on the Cobalt platform:

  • PtaaS pentests with Cobalt pentesters. This includes Agile and Comprehensive pentests.
  • In-House pentests with your team, without involving Cobalt pentesters. Learn more about the Pentest Management Platform.

To run a special pentest engagement, contact our Cybersecurity Services team. Learn more about Specialized Pentests.

Cobalt pentesters perform Agile and Comprehensive Pentests. Refer to the table below to learn the difference between them.

Agile Pentest Comprehensive Pentest
Definition An Agile Pentest performed by Cobalt pentesters focuses on code changes or a specific area of an asset and comes with an Automated Report intended for internal use A Comprehensive Pentest is performed by Cobalt pentesters for security audit, compliance audit, or customer attestation and includes comprehensive reports intended for external stakeholders
Pentest Scope Specific part of an asset Broad area of an asset
Use Cases
  • New release or feature testing
  • Delta testing
  • Exploitable vulnerability testing
  • Single OWASP category testing
  • Microservice testing
  • Internal security testing
  • Comprehensive security audit
  • Compliance audit testing based on the frameworks such as SOC 2, ISO 27001, PCI-DSS, CREST, or HIPAA
  • M&A due diligence
  • Internal or third-party attestation request
  • Standard pentest timelines
  • 3 or 4 credits: 7 days
  • From 5 credits: 14 days
  • 14 days
    Available Pentest Reports
  • Automated Report
  • Customer Letter
  • Attestation Letter
  • Attestation Report
  • Full Report
  • Full Report + Finding Details
  • Report Target Audience Internal stakeholders External stakeholders
    Leading Cobalt Pentester Coordinator Lead

    You can change the type of your pentest before we move it to the Planned state. Select Edit on the pentest brief, and then select the Pentest Type.

    Pentests requiring more than 20 credits don’t get immediate credit confirmation. We’ll specify the number of required credits after reviewing the pentest.

    Next Steps

    Refer to the Getting Started guide to set up a pentest in several stages.

    To launch an In-House Pentest with your team, see Run an In-House Pentest (For Managers).

    Once the pentest is complete, you can download a pentest report to explore security issues that our pentesters found.

    Last modified November.11.2023