NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

How MuleSoft fixes vulnerabilities faster with deeper engineering engagement

MuleSoft protects terabytes of information flowing through their API management platform.

Acquired by Salesforce in 2018 for $6.5 billion, MuleSoft offers a leading API management and integrations platform that enables businesses to flexibly build application networks. With customers like Coca-Cola, Airbnb, and AT&T, MuleSoft processes terabytes of customer data that must stay protected. Pentests are a part of the team’s vulnerability management program, where the core objective is to identify potential weaknesses and address them as quickly as possible.

To be agile and responsive, MuleSoft’s engineering team prefers to work directly with the testers. Cobalt’s Pentest as a Service platform brings both parties together to collaborate, prioritize, and remediate.

 

 

Challenges

Slow Scheduling

Traditional pentest vendors did not offer the flexibility MuleSoft’s engineers needed to validate the security of their new releases.

Working in Silos

Engineers would get findings dropped on them with no option to reach out with questions on severity, priorities, or fixes.

Poor Past Pentest Experience

Workflows with traditional vendors did not align with the engineering team’s need for agility and simplicity.

Results

Flexibility and Speed

Cobalt’s on-demand pentests empower MuleSoft to both plan ahead and be flexible whenever they need to course correct.

Collaborative Workflows

MuleSoft’s engineers and Cobalt’s pentesters act as one team, defining priorities and addressing flaws as soon as they are found.

Simple Onboarding

Intuitive navigation and easy setup make it easy for the engineering team to get onboarded and go through findings.

The challenge with traditional penetration testing is that oftentimes it takes months to set up an engagement. With Cobalt, you can have a pentest up and running within 24 hours, providing easier and more flexible planning.

In order to maintain security, the MuleSoft team leverages pentesting to identify and address potential weaknesses in a product. For Mulesoft, a successful pentest means having a higher level of engagement and collaboration between his engineering team and the pentesters. With Cobalt’s Pentest as a Service platform, the two teams can work directly together, and as a result, start fixing findings as soon as they are discovered.

Speed, people, and guidance: this is what MuleSoft needed to further its engineering team’s involvement with product security. The Cobalt platform brings all three, providing skilled pentest talent that works directly with the engineers.

Whether to ask questions about best practices or define remediation priorities, MuleSoft’s team can rely on the testers to support them. This transformed the remediation process, encouraging engineers to become more engaged and thorough.

In addition to augmenting MuleSoft’s team, Cobalt empowers it to both think ahead and be flexible. For example, on-demand testing and simple setup enable them to plan tests for new product releases, but also have the option to adjust their program short notice with no added stress or red tape.

“We have the flexibility to change plans, and choose the type of engagement that we want to execute. To me, Cobalt is a pentest company that connects me to the best pentest talent.”

SERGEY STELMAKH,

PLATFORM SECURITY ARCHITECT

“What my engineering team liked about this engagement is they had an opportunity to discuss issues with pentesters and review priorities together. It was a collaborative process. ”

SERGEY STELMAKH,

PLATFORM SECURITY ARCHITECT