Welcome to the renewed Cobalt Release Blog! This highlights improvements in our Pentest as a Service (PtaaS), as well as useful information and best practices from our product teams, engineers, and pentesters.

The Headline

In October, we released a new offering called Agile Pentesting. Agile Pentests are more targeted in scope, as they focus on a specific area of an asset, or a specific vulnerability across an asset. With Agile Pentesting, you can accelerate a secure build-to-release timeline and align pentesting closer to your SDLC. Use cases include:

• New release or feature testing

• Delta testing

• Exploitable vulnerability testing

• Single OWASP category testing

• Microservice testing

Learn more about the pentest types.

Agile Pentests require a minimum of 3 Cobalt credits. Each Agile Pentest includes an Automated Report that is designed for internal stakeholders.

Also in October:

For Customers

Improved Role Management

As an Organization Owner, you can now change roles right within the People page.

1. Find the drop-down menu.

2. Select the desired role.

3. That’s it!

Upload Assets in Bulk

You can upload assets in bulk to the Cobalt platform using asset data stored in spreadsheets. This facilitates a single source of truth for pentesting. Learn more about creating assets or see Cobalt's platform firsthand with an on-demand PtaaS demo.

Webhooks UI

With webhooks, you can get real-time data on your pentests. To create and manage webhooks in the Cobalt app, navigate to the Integrations page > Webhooks.

We’ve documented the process in Get Pentest Updates with Webhooks.

New Partner Integrations: PlexTrac and anecdotes

CATEGORY: INTEGRATIONS

You can find help for integrating PlexTrac and anecdotes on the Integrations page.

• Add Cobalt pentest findings into PlexTrac reports to aggregate vulnerability data from other security tools.

• Integrate findings into the anecdotes.ai compliance operating system.

 

For Pentesters

Vulnerability Detector

CATEGORY: PENTESTER TOOLS

You can now scan assets for vulnerabilities with our Vulnerability Detector, powered by Nuclei. The tool runs automatic checks for findings. You can spot potential findings right in the platform faster, without having to detect them manually.

Email Notifications Improvements

CATEGORY: NOTIFICATIONS

When someone changes the state of a finding, you’ll receive an email notification with the username of the person who made the change.

Search Results

CATEGORY: EXPERIENCE

When you search for something in the Vulnerability Type or Organizations list, search results no longer appear truncated at the beginning.

Best Practices for Developers

Cobalt supports better practices in code. Based on their experiences, our pentesters have shared best code practices in several areas:

• Prevent Insecure Design in SQL

• Protect Your APIs With Rate Limiting

• Prevent Server-Side Template Injections

• Validate User Input

• Prevent Security Misconfiguration

• Protect against Server-Side Request Forgery

Thank you - see you again next month!