Cobalt PtaaS Tiers

Learn more about our pricing packages, also known as PtaaS tiers.

We offer three PtaaS tiers to best suit your budget and testing goals.

To get started, check our pricing model, and select a plan that matches your testing expectations and business needs.

Standard Premium Enterprise
For teams in need of a speedy, annual pentest to meet a compliance need or client request For teams looking to build a structured pentest program to meet compliance needs and improve overall security For teams looking to scale their pentest programs to meet compliance needs, increase testing frequency, and improve overall security

Offering Details

The availability of some features in the Cobalt platform depends on the PtaaS tier that your organization purchased. Refer to the table below to learn more about our offerings.

Offering Tier Description
Self-service platform with Google OAuth 2.0 and two-factor authentication All Users can sign in with a username and password or through Google authentication. An Organization Owner can enforce two-factor authentication for their organization to add an extra layer of security to user accounts.
SAML-based SSO All An Organization Owner can configure SAML-based SSO for their organization to enhance the security of the sign-in process.
Best practice methodology and coverage checklist All Our pentesters use pentest methodologies that are recognized as best practices in the security industry. They follow a coverage checklist based on OWASP standards to test your assets.
Detailed findings with recommended fixes All When our pentesters find a vulnerability in your asset during a pentest, they submit findings and provide recommendations on how to fix them.
Real-time collaboration via Slack and the platform All You get real-time updates from pentesters as they’re testing your asset—in a dedicated Slack channel and in the Cobalt platform. You can promptly follow up on the issues they reported.
Cobalt API All Use the Cobalt RESTful API to integrate pentest data into your development and application security tools. Build your own integrations to streamline your workflows.
Start pentest within Depends on the tier The pentest start time is based on your PtaaS tier and depends on when you’ve submitted all the required information for your pentest. We move the pentest to Planned, allocate pentesters—and they start testing your asset within the following timeframes:
  • Standard tier: 3 business days
  • Premium tier: 2 business days
  • Enterprise tier: 1 business day
Free retesting duration Depends on the tier Free retesting duration for your pentest findings depends on your PtaaS tier:
  • Standard tier: 6 months
  • Premium and Enterprise tiers: 12 months
The timeline for retesting starts after your pentest end date within an active contract. Mark your findings as Ready for Retest at least 10 days before your contract ends.
Customer Success Team Depends on the tier Our Customer Success Team includes a Customer Success Manager (CSM) and a Pentest Architect. We’ll onboard you to the Cobalt platform and support you during the pentest process.
  • Standard tier: A pool of CSMs provide support through email when you need help.
  • Premium and Enterprise tiers: You get a named CSM.
Native integrations (Jira, GitHub) Premium, Enterprise Synchronize Cobalt findings with Jira tickets bi-directionally (Cloud and Server). Push Cobalt findings as issues to GitHub (Cloud only).
Customizable reports Premium, Enterprise Customize the contents of pentest reports.
Onboarding Premium, Enterprise Onboarding includes CSM-led calls in which your team and Cobalt align on the primary points of contact, success plans, and an inventory of your assets. In addition, a Cobalt Sales Engineer provides a comprehensive demo of the Cobalt platform, along with technical guidance on how to set up your first pentest.
  • Premium tier: onboarding for up to 2 teams
  • Enterprise tier: onboarding for all teams
Strategic planning Premium, Enterprise We help you build and plan a test strategy for your assets on a regular basis:
  • Premium tier: annually
  • Enterprise tier: quarterly
Your CSM arranges a meeting to better understand your security needs and asset criticality and draft an appropriate pentest schedule.
Quarterly maturity assessment Enterprise Your CSM helps you take your pentesting program to the next level using objective scoring and concrete guidance. Our assessments are based on the Cobalt maturity framework that leverages data from more than 1,000 of our customers.
Dedicated pentester region or time zone Enterprise We work with you to understand the region and time zone you need for your pentesters and identify pentesters from our community in those regions or time zones. Dedicated pentester regions or time zones may have an impact on the time it takes to start a pentest. This does not mean that we support data localization, as required by some countries.
Credit rollover Enterprise At the end of your calendar year of purchase, we’ll rollover up to 10% of your remaining credits to the next calendar year. Contact your CSM for more details.

View Your Organization’s Tier

As an Organization Owner or Member, you can view your organization’s tier on the Credits page. In the UI, it appears as Subscription Plan.

  • For some organizations, we don’t show their subscription plan on the Credits page.

View your organization’s tier on the Credits page

Upgrade Your Plan

To upgrade your PtaaS tier, contact your Customer Success Manager or

Was this page helpful?

Yes No Create an Issue

Last modified November.11.2022