Pentest Types – Cobalt

Before creating a pentest, determine why you want to perform it and what results you expect.

We offer Agile and Comprehensive Pentests. Refer to the table below to learn the difference between them.

	Agile Pentest	Comprehensive Pentest
Definition	An Agile Pentest focuses on code changes or a specific area of an asset and comes with an Automated Report intended for internal use	A Comprehensive Pentest is performed for security audit, compliance audit, or customer attestation and includes comprehensive reports intended for external stakeholders
Credit Requirements¹	3 credits minimum, thereafter in increments of 1 credit	5 credits minimum, thereafter in increments of 1 credit
Pentest Scope	Specific part of an asset	Broad area of an asset
Use Cases	New release testing Delta testing Single OWASP category testing Exploitable vulnerability testing Microservice testing Internal security testing	Comprehensive security audit Compliance audit testing based on the frameworks such as SOC 2, ISO 27001, PCI-DSS, CREST, or HIPAA M&A due diligence Internal or third-party attestation request
Pentest Lead Assigned	No	Yes
Available Pentest Reports	Automated Report	Customer Letter Attestation Letter Attestation Report Full Report Full Report + Finding Details
Report Target Audience	Internal stakeholders	External stakeholders

¹ Pentests requiring more than 20 credits don’t get immediate credit confirmation. We’ll specify the number of required credits after reviewing the pentest.

You can change the type of your pentest before we move it to the Planned state. Select Edit on the pentest brief, and then select the type under Pentest Type.

Next Steps

Refer to the Getting Started guide to set up a pentest in four stages:

Define your assets.
Set pentest requirements.
Add pentest details.
Plan and scope the pentest.

Once the pentest is complete, you can download a pentest report to explore security issues that our pentesters found.

Next Steps

Related articles