Skip to main content

FAQ: Agile Pentesting

Shelby Matthews
  • Updated

 

When are we launching Agile Pentesting?

On October 3rd, customers can kick off an Agile Pentest with a minimum of 3-credits.

 

What does the “launch” actually entail? 

With the launch of Agile Pentesting, customers can purchase pentests as small as 3 credits. This unlocks more flexibility and more use cases. Note: Customers will not be able to start an agile pentest until October 3.

 

The report is one of the key differentiators at launch between a Comprehensive and an Agile Pentest.

  • Comprehensive has 5 credit minimum and always comes with a comprehensive report
  • Agile has a 3 credit minimum and always comes with an automated report

 

Who gets assigned an Agile Pentest? 

You do not need to be a lead to be assigned an agile test, but you must be in good standing with Cobalt. 

 

What’s changing from a product perspective?

  • Capacity settings: Max monthly capacity will be set in expected effort rather than pentests
  • Payments: The payment amount will be determined by the total number of credits worked

 

What is NOT changing from a product perspective?

  • Reporting - For comprehensive tests, the reporting process will be the same. For agile pentesting, the report will be automatically generated and will not require additional work from you.
  • Staffing process: Tests will still be staffed based on the number of credits of each pentest
  • Bidding process: You can still auto-bid and manually bid on tests just as you do now

 

What does this mean for retests?

You are still required to complete retest requests as necessary.



Questions from Office Hours 08/25:

 

If an Agile Pentest is completed faster than expected (before the 14 days of a typical test) will I be able to sign up for a new test?  

You don’t have to use the full 14 days to take the test, if you can deliver it sooner than 14 days, that test will go to remediation and you will be able to be staffed on other engagements. As a team, you’ll need to agree on the testing timeframe to complete the test during the 14-day window.

 

With the shorter expected effort/testing scope, do we still need to provide 4 team updates?

The team updates are one of the things our customers value the most. It is not just about the number of times you update but the quality of the communication.  Please continue to communicate with agile pentests.

Will payments remain the same for the tester and leads? 

Yes, the leads and the tester payout remain the same at this point in time. 

Will scoping change for agile pentesting?

At this time, we are not changing how we scope. However, it is critical that you notify us every time you notice an error in the scope so we can continue to improve our process and make adjustments to a test as needed. 

 

If I sign up for two smaller pentests at a given time. Will I still get more pentests? Previously, we were limited to 2-3 standard pentests at a time (64 hrs/2 weeks). Can I expect to get assigned to multiple smaller pentests (3-4) to match with the time I am available for i.e. 64 hours per 2 weeks or so?

Our goal is to keep you working in the previous/current capacity. Please keep in mind, that the set Capacity is information the Cobalt teams use as a consideration when staffing to be sure pentesters aren't being overloaded/underloaded - but it's not a programmatic assignment, so no hard limits are set within the band you choose.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk