Understand Pentest Coverage

To get a cost-effective but complete pentest, you need the “right” coverage for your assets.

Once you’ve sized an asset, you can select the desired pentest coverage.

Coverage and Credits

We have standard recommendations for our pentests. Each recommendation correlates to a number of credits.

Sizing and Credits

We specify sizing criteria by asset type and size. For more information see our guide on how to Size Your Assets.

You can set your assets to one of five sizes:

Size Default Credits
Extra Small 1
Small 2
Medium 3
Large 4
Extra Large 5

Coverage Levels and Credits

Cobalt includes the following coverage levels for each asset. The number of credits that we recommend varies by coverage level:

Coverage Description
Extra Light Covers up to two features.
Light Sufficient for most general compliance test functionality.
Standard Recommended for compliance tests.
Large Extended coverage for key assets with complex functionality.
Extra Large Comprehensive tests for assets with complex functionality.

Every situation is unique. You may select more (or less) rigorous testing levels.

The following table specifies the number of credits associated with different asset sizes and coverage levels:

Extra Light Light Standard Large Extra Large
Extra Small X X 1 2 3
Small X 1 2 3 4
Medium 1 2 3 4 5
Large 2 3 4 5 6
Extra Large 3 4 5 6 7

Pentest Reports

If you want a pentest report, you generally must set up a test of at least two (2) credits. If you have a one (1) credit pentest, you’ll still have access to the non-report items listed in Pentest Expectations.

We do not create multiple pentest reports for large assets. For example, if you want separate pentest reports for different APIs, set up different pentests for each API.

Now that you’ve defined the asset type and coverage, you can now describe your asset in detail.

Was this page helpful?

Yes No Create an Issue

Last modified March.03.2022