NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Why Solarisbank Values Agile Pentesting

Solarisbank keeps its Banking as a Service platform secure with Cobalt’s efficient pentesting and reporting process. 

Solarisbank is an innovative technology-first company that offers Banking-as-a-Service to customers, enabling them to integrate financial services into their products. They take care of the technical and regulatory complexities of banking, and leverage Cobalt’s Pentest as a Service platform to maintain compliance and customer confidence.

Pentesting is a regulatory obligation, a requirement by different stakeholders, and it’s also a fundamental part of Solarisbank’s secure Systems Development Lifecycle (SDLC). When starting the pentesting process with Cobalt, Solarisbank found the preparation itself was very straightforward and structured. With that in mind, they could also set up the test in a short timeframe.

 

Challenges

Undiscovered Vulnerabilities

Solarisbank needed a team of pentesters to quickly spot vulnerabilities to ensure customer data security through their Banking-as-a-Service platform.

Keeping Data Secure

Security is not only a regulatory requirement for Solarisbank, but it's also fundamental for business success.

Vague Reporting

Solarisbank was seeking transparent and detailed reporting to pinpoint security vulnerabilities and know exactly where to begin remediation.

Results

Detailed Findings

The description of each finding from Cobalt is very detailed, so Solarisbank has a total view of the steps the pentesters used to discover a vulnerability.

Transparent Testing

Cobalt is fully transparent throughout the pentesting process, and Solarisbank has the ability to steer the testers in the direction they want.

Professional Reporting

Solarisbank receives very professional reporting from Cobalt, and the team can generate reports with different levels of detail.

Through efficient communication and research from the start, pentesters gain all of the adequate information needed about the product before the test — Solarisbank found this process produced better results. Throughout the pentesting process, Solarisbank gets notified about a finding from the pentesters and can then directly assign it to their developers.

The descriptions of findings are highly detailed to include the steps the pentesters used to exploit a vulnerability. Cobalt also provides screenshot documentation that Solarisbank can give directly to the developers, so they could understand exactly what the pentesters did and work on mitigation.

“With the Cobalt platform, we could enter all the necessary information for the testers. Before we actually started the test, we had a tech session with the pentesters to really show them our product, how it works, and also guide them to the necessary information.”

GUIDO REISMÜLLER,

INFORMATION SECURITY TEAM LEADER

“The trust that SolarisBank customers have is very important for us, and therefore, they wanted to ensure that their services are secure."
 

GUIDO REISMÜLLER,

INFORMATION SECURITY TEAM LEADER