Cobalt, the pioneer of Pentest as a Service (PtaaS), is excited to announce the general availability of dynamic application security testing (DAST) in the Cobalt platform. Combining the power of PtaaS with the agility of DAST empowers security and development teams with a more comprehensive solution for assessing and mitigating application-based risk.
The complexity of today's applications, paired with the persistent targeting of web applications by attackers, makes it more imperative than ever to ensure proper security controls and standards for applications and APIs. Traditional security assessment methods often fall short in providing ongoing, real-time insight, leading to potential blind spots or trailing remediation.
Integrating PtaaS and DAST addresses this challenge by enabling our customers to achieve continuous-yet-scalable security testing. Our DAST scan engine is available to customers in a fully self-service capacity, so they can run scans and access results on demand. The outcome? Improved insight with real-time analysis, accurate identification of vulnerabilities, and quicker validation of vulnerabilities.
How DAST Enables Continuous Risk Reduction in Applications
Increased Visibility
DAST explores every corner of users' web applications, ensuring ultimate coverage for a thorough and reliable security assessment. DAST can identify vulnerabilities not apparent in static analysis, offering dynamic visibility into runtime behavior and potential security weaknesses. Additionally, the findings from a DAST scan indicate the prioritization of vulnerabilities for remediation, so teams know where to focus their efforts and attention.
Quality Results
Cobalt DAST has a near-zero false positive rate. Every detected vulnerability should be perceived as a genuine security gap or exposure that demands attention, and comes with actionable guidance for mitigating that risk. Over time, you’ll reduce your application-based attack surface, uplevel your application security testing program, and improve your compliance & regulatory posture.
Comprehensive Scalability
Automated scanning with Cobalt DAST can integrate into existing software development lifecycle (SDLC) and continuous integration/continuous deployment (CI/CD) pipelines, minimizing disruption to daily operations and ongoing innovation. By incorporating security into the development process, enterprises can identify and remediate vulnerabilities earlier in the lifecycle, reducing the cost and time associated with fixing issues in later stages.
How to Start Scanning Apps with Cobalt DAST in 3 Simple Steps
STEP 1: Create, manage, and initiate or schedule scans for your targets.
Easily add targets for scanning. A target is the URL of a web application or website that defines the scope of your DAST scan. Scanning can be performed on an ad-hoc basis, or scheduled for more repeatable, regular testing.
Start adding targets today — all Cobalt PtaaS customers receive 1 complimentary target for DAST scanning.
STEP 2: See your complete scan history, and take action on any discovered vulnerabilities.
Cobalt DAST is available entirely self-service, enabling on-demand access to scanning and findings. This empowers teams to take action on discovered risks quickly, before they can be exploited.
Additionally, summary and compliance reports are available for download as soon as scans are completed.
STEP 3: See and manage scheduled scans for your targets.
Cobalt DAST enables scan scheduling so you can plan ahead for assets that require periodic, iterative testing. In this view, you can quickly understand the scanning cadence currently planned for your application testing program.
Conclusion
Cobalt is empowering security and development teams with more comprehensive and scalable ways to tackle application risk. Starting today, all Cobalt customers with a PtaaS subscription will receive one complimentary target for DAST scanning.
To get started with Cobalt, learn more about our full portfolio of application security solutions.
For Cobalt PtaaS customers looking to add DAST scanning for multiple targets, reach out to your Customer Success Manager.