Findings

Review and remediate findings that our pentesters discover.

A finding is a vulnerability that a pentester reports during a pentest. Pentesters describe the vulnerabilities that they found during the pentest and provide recommendations on how to fix them.

Once your pentest goes Live, our pentesters start testing your asset. You get updates from pentesters in a dedicated Slack channel and in the Pentester Updates sidebar.

Note

You can manage findings using the Cobalt API. Learn more in our API documentation.

View Findings

To view findings for your pentest, on the pentest page, navigate to the Findings tab.

View findings for your pentest

On the Findings tab, you can view a summary of findings for your pentest, including:

Finding state
Finding summary
Severity level
- Hover over the label to view the likelihood and business impact.
Labels or custom reference, if applied
Link to external issue on GitHub and/or in Jira, if applied
- The availability of this feature is based on your PtaaS tier.
Number of comments from pentesters and pentest collaborators

Filter, Sort, and Download Findings

On the Findings tab, you can:

Filter findings by the following parameters:
- Finding state
- Severity level
- Type of vulnerability, from criteria such as the OWASP Top 10 list
- Assignee, if pentesters or someone from your organization assigned the finding
- Label, if pentesters or someone from your organization applied a label
Sort findings by the:
- Time reported
- Criticality level
- Activity related to the finding
Download findings in a CSV file based on applied filters

Remediate Findings

Learn how to submit a finding for retest or accept it.

Finding States

Learn what finding states mean.

Severity Levels

Finding severity levels.

Was this page helpful?

Yes No Create an Issue

Last modified April.04.2023