Pentest Expectations

What happens after you’ve set up your pentest.

Our pentesters share what they’ve found before they submit your report.

Now that you’ve done all the work needed to set up a pentest, you might be anxious for results. Here’s what you can expect:

  1. Once you’ve finished setting up a pentest, select Pentests in the left-hand pane. You should see your pentest listed, with an In Review label.

  2. We’ll select the best available testers before the start of the pentest. The time we need depends on your PtaaS tier and any special requirements you have.

  3. Once we start the pentest, you’ll start getting updates from pentesters:

    • In the Cobalt app. Navigate to the pentest page, and select Pentester Updates under the pentest title. You can view updates in a sidebar that appears.
      Pentest title on the pentest brief
    • In a Slack channel dedicated for your pentest where you can communicate with pentesters. You should see a link to the Slack channel on the pentest page next to the pentest status.
      • Add the colleagues of your choice to the Slack channel. Choose colleagues who can benefit from direct communication with our pentesters.
      • As soon as we’ve moved your pentest from In Review to Planned, you’ll see your pentesters in the Slack channel.
  4. You may get questions from your pentesters. You can also elaborate on your requirements for the pentest.

    • You’ll get in-app and email notifications for each update from pentesters.
  5. As our pentesters analyze your asset, they’ll add updates frequently. If they discover vulnerabilities ("findings"), you can start remediating before the pentest is complete.

    Here’s an example finding as discussed in a Slack pentest channel.

    Pentest Sample Discussion

  6. Once the pentest is complete, we move your pentest from Planned to Remediation.

  7. You can start assessing all discovered findings. In the Cobalt app, navigate to Pentests. Select your pentest, and navigate to the Findings tab. Review and analyze each finding. You can:

  8. We keep the Slack channel open until you resolve all findings, which includes the following states:

    • Accepted Risk
    • Fixed
      Contact your Customer Success Manager (CSM) or if you need access to the archived Slack channel.
  9. If you’ve purchased a qualifying PtaaS tier, you can customize your pentest report. However, we report all findings. For more information, see Customize Your Pentest Report.

  10. Based on your Service Level Agreement, our pentesters then share a formal report. You’re welcome to download this sample test report (PDF) for a web app.

Our Pentest States page includes more information about each pentest state, including Draft, In Review, Planned, Remediation, and Closed.

Was this page helpful?

Yes No Create an Issue

Last modified December.12.2022