Skip to main content

How long does the pentest take? What are the stages?

Marcy Bartlett
  • Updated

What happens at each stage of the Cobalt pentest with timelines

 

Stage 1 - Preparation

In order to get a pentest started, you will need to submit a pentest and provide crucial information about the target(s) in scope by completing the pentest wizard. Communicating your rules of engagements, goals, and objectives is the foundation to a successful experience. You will need to prepare the environment or asset for the team (e.g. stand up staging environments, provide credentials, alert key stakeholders) before testing begins as well.

 

Key sections that need to be thoroughly completed are:

  • Objectives
  • Details

For step by step instructions on how to complete the wizard, review our 5 Steps to Create a Pentest guide.

 

Stage 2 - Testing

Typically we conduct a two-week focused pentest on your web apps, mobile apps, APIs, cloud configurations, external networks, and/or internal networks. During this time, pentesters will be executing manual black/grey box testing and posting all findings in your pentest under the "Findings" tab in real-time. On the customers end, we ask that you have at least one person dedicated to answering any questions that may arise and assist with troubleshooting.

 

Stage 3 - Review Findings and Finalize Full Report (Cobalt)

After testing is complete, the pentest Lead will review all findings and write up a final report for use with your customers, prospects, or internal/external stakeholders. The report will be available on the platform two to three business days after testing concludes.

 

Stage 4 - Remediation (Customer + Cobalt)

Once you've had a chance to review the findings, it's time to deploy a fix or accept the risk. If a finding is fixed, you can go into the finding and mark it "Ready for re-test." Cobalt will then go in and re-test and change the status of the findings to "Fixed" if it's been remediated successfully. The status will automatically be updated in the full report in the Post-Test Remediation table.

 

You can also mark a finding as an "Accepted Risk" if it's not a risk and/or by design. If you'd like to add additional language to the final report on why you accepted a risk reach out to your CSM for assistance.

 

We recommend you perform remediations promptly in order to minimize any potential security incidents that may arise from the identified vulnerabilities.

 

Stage 5 - Complete

After all findings are remediated, we'll mark the pentest program as closed.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk