NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Getting Started With Cobalt

Documentation for users new to pentesting their software with Cobalt’s Pentest as a Service (PtaaS) platform.

Hey everyone, Mike Jang from Cobalt here. I’m a Staff Technical Writer, and I’m announcing the release of our first product documentation, a Getting Started Guide.


When developers and security engineers look for solutions, they look for technical documentation. Our Getting Started Guide helps our readers visualize how to use Cobalt’s Pentest as a Service (PtaaS) platform to test their systems, in language that’s easy for developers.

You can use our Getting Started Guide to visualize every step of the process with Cobalt. It can help you create a wide variety of penetration tests (what we call pentests), and it includes a link to a complete sample pentest report (PDF).

It’ll help you collect the information that our pentesters need to identify any and (hopefully) all issues with your software and hardware.

We designed the Cobalt Getting Started Guide to help you visualize the “happy path” process for creating a pentest with Cobalt. It’ll help you see the variety of pentests that we support, no matter the size of your asset.

Written for Developers

I wrote the Getting Started Guide with the following people in mind:

  • The busy developer who is not trained in security
  • The engineering manager who wants to visualize the process, so they can estimate the time required to create, support, and digest the pentest results
  • Anyone who is new to Cobalt’s PtaaS Platform and wants a guide to creating a pentest

I hope our Getting Started Guide helps you visualize how you can create a pentest in minutes.

As with standard product technical documentation, I’ve kept the focus on technical details. The Getting Started Guide includes a glossary to help you understand the unique language of software security.

Our documentation is built on a GitHub repository. If you find a problem with our documentation, you’re welcome to submit an Issue or a Pull Request.

We hope to create more documentation soon. We’re considering:

  • Pentest Methodologies Guide
  • API Use Cases
  • Asset Scoping Guide
  • The Language of Security

As this is a preliminary list, we welcome your input. What additional information do you need to set up a pentest, and analyze the results? We’d like to hear from you. You’re welcome to set up an issue in our public GitHub documentation repository or contact us directly at docs@cobalt.io.

Bonus: Pentest Severity Levels

Along with the Getting Started Guide, we’ve now defined penetration test (pentest) severity levels that you can use to prioritize the vulnerabilities that we find in your software.

We’ve enhanced the OWASP Risk Rating Methodology with two additional levels to help you prioritize these vulnerabilities.

Back to Blog
About Mike Jang
Mike’s a Staff Technical Writer at Cobalt who has written a number of books on (mostly) Linux. He’s a Red Hat Certified Engineer who worked as a Technical Writer focused on DevOps and Identity Management. More By Mike Jang