What happens at each stage of the Cobalt pentest with timelines
Stage 1 - Preparation
In order to get a pentest started, you will need to submit a pentest and provide crucial information about the target(s) in scope by completing the pentest wizard. Communicating your rules of engagements, goals, and objectives is the foundation to a successful experience. You will need to prepare the environment or asset for the team (e.g. stand up staging environments, provide credentials, alert key stakeholders) before testing begins as well.
Key sections that need to be thoroughly completed are:
For step-by-step instructions on how to complete the wizard, review our 5 Steps to Create a Pentest guide.
Stage 2 - Testing
The standard testing period is 14 days. It may vary depending on the pentest scope and other factors. During this time, pentesters will be executing manual black/grey box testing and posting all findings in your pentest under the "Findings" tab in real-time. On the customers end, we ask that you have at least one person dedicated to answering any questions that may arise and assist with troubleshooting.
Stage 3 - Review Findings and Finalize Full Report (Cobalt)
After testing is complete, the pentest Lead will review all findings and write up a final report for use with your customers, prospects, or internal/external stakeholders. The report will be available on the platform two to three business days after testing concludes.
Automated Reports for Agile Pentests are system-generated.
Stage 4 - Remediation (Customer + Cobalt)
Once you've had a chance to review the findings, it's time to deploy a fix or accept the risk. If a finding is fixed, you can go into the finding and mark it "Ready for Retest." Cobalt will then go in and retest and change the status of the findings to "Fixed" if it's been remediated successfully. The status will automatically be updated in the full report in the Post-Test Remediation table.
You can also mark a finding as an "Accepted Risk" if it's not a risk and/or by design. If you'd like to add additional language to the final report on why you accepted a risk reach out to your CSM for assistance.
We recommend you perform remediations promptly in order to minimize any potential security incidents that may arise from the identified vulnerabilities.
Stage 5 - Complete
After all findings are remediated, we'll mark the pentest program as closed.