Digital Risk Assessment
Review details & methodology for Digital Risk Assessments.
Digital Risk Assessment
A Digital Risk Assessment (DRA) is a systematic process for identifying, analyzing, and prioritizing potential threats and vulnerabilities from an attacker’s perspective within an organization’s digital ecosystem.
Digital Risk Assessment is a type of engagement outside of our standard Pentesting as a Service. Refer to the below chart for details of a Digital Risk Assessment.
| Feature | Description |
|---|---|
| Fulfilled by | Cybersecurity Services |
| Number of credits | Typically between 6 - 12 credits, dependent on scope |
| Number of testers | 1 tester |
| Collaboration | Slack |
| Retesting | Yes - according to your credit tier |
| Earliest start date | Earliest start date will be based on availability. Typical start dates of 3-5 business dates once test is submitted to In Review |
| Test duration | Typically 10 days. Finalized once test is moved to Planned |
| Report due date | 5 business days after the test end date. Report will be delivered as a PDF within Reports section of the platform |
| Kick off call | Not included |
| Debrief call | Not included |
Methodology Details
Cobalt will use publicly available information and commonly used OSINT methodologies and tooling (such as those documented at https://osintframework.com) to assess an organization from an external, adversarial perspective. Cobalt will employ a passive approach to OSINT reconnaissance. Activities conducted within a Digital Risk Assessment are noted within the brief:
- Advanced Search Engine Operators (“dorks”)
- Attempts to identify sensitive or proprietary indexed files
- Password dumps
- Attempts to identify code used for internal applications
- Email, name, phone, and username harvesting
- Identification of employee badges on social media sites
- Company research
- Building layouts
- Domain and host enumeration
Last modified April.04.2024