NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

The State of Pentesting 2022

Benchmark your application security against stats from over 2,300 pentests.

Development Teams
Understand security
  • Detailed breakdowns of the most common flaws in 2021, with notes on how to fix and prevent them in future code.
Lacking manpower
  • The numbers behind feature launch delays, why code quality is at risk, and why devs are pushed to de-prioritize security.
Security Teams
Address vulnerabilities
  • Stats on the most prevalent vulnerabilities, how teams manage risk, and what gets fixed.
Focus on talent
  • The numbers on how talent shortages weaken security and how teams can respond.
Development Teams
Understand security
  • Detailed breakdowns of the most common flaws in 2021, with notes on how to fix and prevent them in future code.
Lacking manpower
  • The numbers behind feature launch delays, why code quality is at risk, and why devs are pushed to de-prioritize security.
Security Teams
Address vulnerabilities
  • Stats on the most prevalent vulnerabilities, how teams manage risk, and what gets fixed.
Focus on talent
  • The numbers on how talent shortages weaken security and how teams can respond.

Top findings for 2021

Risk distribution

Cobalt-State of Pentesting-Risk-Remediation-Informational
Risk Level: Informational

Notes vulnerabilities of minimal risk to your business.

Cobalt-State of Pentesting-Risk-Remediation-Low
Risk Level: Low

Specifies common vulnerabilities with minimal impact on their own, but dangerous if successfully chained.

Cobalt-State of Pentesting-Risk-Remediation-Medium
Risk Level: Medium

Vulnerabilities that are
“Medium risk <> Medium impact,” “Low risk <> High impact,” or “High risk <> Low impact.”

Cobalt-State of Pentesting-Risk-Remediation-High
Risk Level: High

Impacts the security of your application platform/hardware, including supporting systems. Includes high probability vulnerabilities with a high business impact.

Cobalt-State of Pentesting-Risk-Remediation-Critical
Risk Level: Critical

Includes vulnerabilities such as administrative access, remote code execution, financial theft, and more.

Cobalt-State of Pentesting-Risk-Remediation-Informational-Mobile
Risk Level: Informational

Notes vulnerabilities of minimal risk to your business.

Cobalt-State of Pentesting-Risk-Remediation-Low-Mobile
Risk Level: Low

Specifies common vulnerabilities with minimal impact on their own, but dangerous if successfully chained.

Cobalt-State of Pentesting-Risk-Remediation-Medium-Mobile
Risk Level: Medium

Vulnerabilities that are “Medium ri sk <> Medium impact,” “Low risk <> High impact,” or “High risk <> Low impact.”

Cobalt-State of Pentesting-Risk-Remediation-High-Mobile
Risk Level: High

Impacts the security of your application platform/hardware, including supporting systems. Includes high probability vulnerabilities with a high business impact.

Cobalt-State of Pentesting-Risk-Remediation-Critical-Mobile
Risk Level: Critical

Includes vulnerabilities such as administrative access, remote code execution, financial theft, and more.

Security teams

Cobalt-State of Pentesting-Security Teams-Q1
QUESTION:

Is your security team dealing with talent shortages?

Cobalt-State of Pentesting-Security Teams-Q2
QUESTION:

Is it harder to monitor for vulnerabilities?

Cobalt-State of Pentesting-Security Teams-Q3
QUESTION:

Is it harder to monitor for and respond to detected incidents?

Cobalt-State of Pentesting-Security Teams-Q4
QUESTION:

Do critical vulnerabilities get patched more slowly?

Cobalt-State of Pentesting-Security Teams-Q5
QUESTION:

Do these challenges make you want to leave your job?

Cobalt-State of Pentesting-Security Teams-Q1-Mobile
QUESTION:

Is your security team dealing with talent shortages?

Cobalt-State of Pentesting-Security Teams-Q2-Mobile
QUESTION:

Is it harder to monitor for vulnerabilities?

Cobalt-State of Pentesting-Security Teams-Q3-Mobile
QUESTION:

Is it harder to monitor for and respond to detected incidents?

Cobalt-State of Pentesting-Security Teams-Q4-Mobile
QUESTION:

Do critical vulnerabilities get patched more slowly?

Cobalt-State of Pentesting-Security Teams-Q5-Mobile
QUESTION:

Do these challenges make you want to leave your job?


Development teams

Cobalt-State of Pentesting-Development Teams-Q1
QUESTION:

Is your development team dealing with talent shortages?

Cobalt-State of Pentesting-Development Teams-Q2
QUESTION:

Are talent shortages keeping you from adhering to code quality standards?

Cobalt-State of Pentesting-Development Teams-Q3
QUESTION:

Are you struggling to meet critical feature launch deadlines?

Cobalt-State of Pentesting-Development Teams-Q4
QUESTION:

Do talent shortages compromise the security of your code?

Cobalt-State of Pentesting-Development Teams-Q5
QUESTION:

Do these challenges make you want to leave your job?

Cobalt-State of Pentesting-Development Teams-Q1-Mobile
QUESTION:

Is your development team dealing with talent shortages?

Cobalt-State of Pentesting-Development Teams-Q2-Mobile
QUESTION:

Are talent shortages keeping you from adhering to code quality standards?

Cobalt-State of Pentesting-Development Teams-Q3-Mobile
QUESTION:

Are you struggling to meet critical feature launch deadlines?

Cobalt-State of Pentesting-Development Teams-Q4-Mobile
QUESTION:

Do talent shortages compromise the security of your code?

Cobalt-State of Pentesting-Development Teams-Q5-Mobile
QUESTION:

Do these challenges make you want to leave your job?

Download the report for the full picture

What you’ll learn

  • Technical breakdowns on how to find, fix, and prevent common security flaws
  • How teams handle vulnerabilities with different risk levels
  • The biggest talent gaps in security and development and their impact
  • What teams can do to nurture and retain their talent
Cobalt-State of Pentesting-State of Pentesting Book 2022-1
Cobalt-State of Pentesting-State of Pentesting Book 2022-2
Cobalt-State of Pentesting-State of Pentesting Book 2022-3
Cobalt-State of Pentesting-State of Pentesting Book 2022-4
Cobalt-State of Pentesting-State of Pentesting Book 2022-5