Pentest Expectations
Our pentesters share what they’ve found before they submit your report.
Now that you’ve done all the work needed to set up a pentest, you might be anxious for results. Here’s what you can expect:
-
Once you’ve finished setting up a pentest, select Pentests in the left-hand pane. You should see your pentest listed, with an In Review label.
-
We’ll select the best available testers before the start of the pentest. The time we need depends on your PtaaS tier and any special requirements you have.
-
Once we start the pentest, you’ll start getting updates from pentesters:
- In the Cobalt app. Navigate to the pentest page, and select Pentester Updates under the pentest title. You can view updates in a sidebar that appears.
- In a Slack channel dedicated for your pentest where you can communicate with pentesters. You should see a link to the Slack channel on the pentest page next to the pentest status.
- Add the colleagues of your choice to the Slack channel. Choose colleagues who can benefit from direct communication with our pentesters.
- As soon as we’ve moved your pentest from In Review to Planned, you’ll see your pentesters in the Slack channel.
- In the Cobalt app. Navigate to the pentest page, and select Pentester Updates under the pentest title. You can view updates in a sidebar that appears.
-
You may get questions from your pentesters. You can also elaborate on your requirements for the pentest.
- You’ll get in-app and email notifications for each update from pentesters.
-
As our pentesters analyze your asset, they’ll add updates frequently. If they discover vulnerabilities ("findings"), you can start remediating before the pentest is complete.
Here’s an example finding as discussed in a Slack pentest channel.
Note
As our pentesters share the vulnerabilities they find in “real-time,” you can start remediating your code before you see a pentest report. -
Once the pentest is complete, we move your pentest from Planned to Remediation.
-
You can start assessing all discovered findings. In the Cobalt app, navigate to Pentests. Select your pentest, and navigate to the Findings tab. Review and analyze each finding. You can:
- Fix the finding and submit it for retest
- Mark the finding as Accepted Risk
-
We keep the Slack channel open until you resolve all findings, which includes the following states:
- Accepted Risk
- Fixed
Contact your Customer Success Manager (CSM) or support@cobalt.io if you need access to the archived Slack channel.
-
If you’ve purchased a qualifying PtaaS tier, you can customize your pentest report. However, we report all findings. For more information, see Customize Your Pentest Report.
-
Based on your Service Level Agreement, our pentesters then share a formal report. You’re welcome to download this sample test report (PDF) for a web app.
Our Pentest States page includes more information about each pentest state, including Draft, In Review, Planned, Remediation, and Closed.