NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Credit Karma leverages Pentest as a Service to uplevel security

As a leader in personal finance, Credit Karma found quality talent and a fresh perspective on data security with Cobalt.

As a multinational personal finance company, Credit Karma provides free credit card scores, reports, and financial tips and tools to customers across the globe. Credit Karma hopes to become the financial tool for every individual — in order to do so, the company leveraged Cobalt’s Pentest as a Service platform to be fully secure.

Security is topmost in mind for most engineers, and Cobalt’s platform was very easily integrated into the Credit Karma ecosystem. Credit Karma explained the whole product to the Cobalt team, and Cobalt seamlessly communicates with researchers to find critical issues during the pentesting process.

 

 

Challenges

Outdated Methods

Getting a fresh perspective was difficult, and things became jaded when Credit Karma was used to a certain environment and a certain application over time.

Ineffective Talent

With previous organizations before Cobalt, finding the right talent all the time became burdensome and ineffective.

Limited Visibility

Credit Karma was looking for a complete view into not only potential vulnerabilities, but also the step-by-step pentesting process.

Results

Seamless Communication

Cobalt seamlessly communicated to researchers throughout the pentesting process to spot any critical issues at hand.

Fresh Perspective

What Credit Karma needed was a third party to come in and give a fresh perspective, and that’s where Cobalt stepped in.

Total Visibility of Pentest Results

Cobalt’s dashboard provided a complete overview of the entire application and scope of the pentest.

Another key aspect of Cobalt’s methodology that worked well for Credit Karma is the retest feature, where they have the ability to click the retest button and the researcher comes in, does the retest, and it’s complete without any wasted time.

Credit Karma agrees: It’s better to know about something before you go live rather than going live and then knowing about it. When a vulnerability was found, Cobalt pointed the engineering team directly to the issue so the team could go back to the drawing board.

“The dashboard is great because we get a whole overview of the entire application and scope of the Pentest, and it gives a bird's eye view of where we stand, which we can then present to top management.”

KUNAL BHATTACHARYA,

HEAD OF APPLICATION SECURITY, CREDIT KARMA