The Pen Testing as a Service model combines data, technology, and talent to resolve security challenges for modern web applications, mobile applications, and APIs. This approach applies a SaaS security platform to pen testing in order to enhance workflow efficiencies.
Key roles in this process include:
- Customer: Security and engineering teams using Cobalt services
- Cobalt SecOps Team: Schedules, manages, and facilitates the pen test process
- Cobalt Core Lead: Facilitates conversation between Pen Test Team and Customer
- Cobalt Core Domain Experts: Leverage specialized skill sets which are matched to the Customer’s technology stack
- Cobalt Customer Success Team: Works closely with the customer to kick-off the test and address feedback
All 6 phases of Pen Testing as a Service, as visualized in the infographic above, happen in the cloud on the Cobalt platform and Slack channel.
Phase 1. Preparation
For more information about the Preparation phase, check out 4 Tips for Preparing for a Pen Test.
Phase 2. Kick Off
For more information about this phase, check out 4 Tips to Successfully Kick Off a Pen Test.
Phase 3. Testing
As the Pen Test Team conducts testing, the Cobalt Core Lead ensures depth of coverage and communicates with the Customer as needed via the platform and Slack channel. This is also where the true creative power of the Cobalt Core Domain Experts comes into play.
For more information about this phase, check out 4 Tips for Keeping a Pen Test Methodology Successful.
Phase 4. Reporting
The report is not static; it’s a living document that is updated as changes are made (see Re-Testing in Phase 5).
For more information about this phase, check out 4 Tips for Making the Most of a Pen Test Report.
Phase 5. Re-Testing
For more information about this phase, check out Best Practices for Verifying Vuln Fixes.
Phase 6. Feedback
Once the testing is complete, the report has been sent to the Customer, and remediation is in the works, Cobalt’s Customer Success Team reaches out to the Customer for feedback. Customers initially provide feedback through a five-question survey which allows them to rate the overall process, findings, and full report.
During a scheduled feedback call, Customers dive deeper into their survey responses as needed and align with the Cobalt Customer Success Team on action items and expectations moving forward. This feedback helps the Cobalt team to continue to improve the process for upcoming tests and shape the platform product roadmap moving forward.
For more information about this phase, check out 3 Key Factors for Improving a Pen Test.
Concluding Remarks
Without applying a lifecycle approach to a Pen Test Program, an organization is doomed to treating security as a point-in-time project rather than a continuous function. By its nature, a project has a start and end date. When the project is complete, everyone moves onto the next thing.
It’s important to treat a Pen Test Program as an on-going process. Step 6, the Feedback Phase, should always lead into the preparation for the next pen test whether it’s happening the following week, month, quarter, or year.
Sign up here for a demo of Cobalt’s Pen Testing as a Service.