DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • DevOps Onramp
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Latest News Releases » Pentest as a Service Impact Report: 2020” finds organizations are expanding pentesting scope and frequency

Pentest as a Service Impact Report: 2020” finds organizations are expanding pentesting scope and frequency

By: Deborah Schalm on May 6, 2020 Leave a Comment

Study finds that top driver for pentesting has shifted from compliance and customer requirements to a desire to make applications and services more secure;Organizations report pentesting for their entire application portfolio, with more frequent testing on critical apps

Recent Posts By Deborah Schalm
  • Exabeam Reinvents Security Analytics with Fusion XDR and Fusion SIEM Cloud Products to Address Security Needs at Scale
  • New Study Reveals Importance of Optimized Strategy for the Selection, Support, and Maintenance of Open Source Software
  • Applitools Integrates With Rally for Fast and Automated Bug Management
More from Deborah Schalm
Related Posts
  • Pentest as a Service Impact Report: 2020” finds organizations are expanding pentesting scope and frequency
  • DevOps Connect: DevSecOps — Building a Modern Cybersecurity Practice
  • 15 DevSecOps Best Practices
    Related Categories
  • Latest News Releases
    Related Topics
  • Cobalt.io
  • PtaaS
Show more
Show less

SAN FRANCISCO, May 06, 2020 (GLOBE NEWSWIRE) — Cobalt.io, the first Pentest as a Service (PtaaS) platform, today released findings from “Pentest as a Service Impact Report: 2020,” a new study that aims to unravel and understand the specific benefits and challenges of deploying a PtaaS solution in a modern software development environment, as well as compare the SaaS model with traditional, legacy pentest services. Conducted by Dr. Chenxi Wang, founder of Rain Capital, the study reveals that since 20171, there has been a noticeable shift in application security as a top priority. Companies also report expanding the scope and frequency of pentesting, conducting testing for their entire application portfolio instead of only crown jewel or business-critical applications.

Key findings from the study include:

CloudNativeDay 2022
  • Application security is a top business priority. When asked about their company’s motivation for pentesting, organizations cited the desire to make their applications and services more secure as the top driver — a noticeable shift from 2017, when compliance and customer requirements were cited as the top drivers for pentesting.
  • Companies are expanding pentesting scopes and frequency. In 2020, companies report conducting pentesting for their entire application portfolio, with higher frequency testing on business-critical apps; whereas in 2017, companies were more inclined to conduct annual testing only for crown jewel applications.
  • PtaaS enables more agile testing and closer collaboration between security and development teams. In 2017, application security responsibility was viewed to be exclusively managed by infosec. In 2020, organizations said they viewed it as a shared responsibility between infosec and development teams, a model that seeks to harmonize the goals of the two teams by rewarding development teams with completing appsec tasks while rewarding appsec teams for helping engineering release features securely.
  • PtaaS has a lower overhead than traditional, services-based pentesting. Testing that is both location-agnostic and horizontally-scalable removes the geographic location bias involved in traditional pentesting services, which results in overhead in delivery. PtaaS also leads to better communication between security and development, which reduces overhead due to constant back and forth through the platform.

“To be successful in today’s digital economy, modern software companies must evolve quickly without compromising security,” said Caroline Wong, Chief Strategy Officer at Cobalt.io. “Pentest as a Service provides agile and scalable pentesting to identify and resolve security vulnerabilities across application portfolios in accordance with frequent software releases.”

“I am glad to see that many companies are prioritizing application security, which is one of the smartest ways to spend your security investments,” said Dr. Chenxi Wang, founder of Rain Capital. “This study shows how organizations, large and small, implement application security within the backdrop of DevOps and cloud native development. It’s not surprising to see pentesting as a critical element in modern application security initiatives.”

About Pentest as a Service Impact Report: 2020

The study is conducted by Dr. Chenxi Wang, founder of Rain Capital. In-depth interviews were conducted with Cobalt.io customers, which consist primarily of SaaS and Enterprise software providers and represent both publicly-held, global companies with thousands of employees and privately-held, mid-sized companies with hundreds of employees. To see full findings, view the report here.

About Cobalt.io

Cobalt.io’s Pentest as a Service (PtaaS) platform transforms yesterday’s broken pentest model into a data-driven application security engine. Fueled by a global talent pool of certified pentesters, Cobalt.io’s platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Hundreds of organizations, including the new generation of software companies, now benefit from high-quality pentest findings, faster remediation times, and higher ROI for their pentest budget.

Visit cobalt.io to learn how Cobalt.io is securing apps for companies such as HubSpot, Palo Alto Networks, GoDaddy, Vonage, and Axel Springer, and join us on Twitter and LinkedIn.

2017 refers to a similar study conducted by Cobalt.io and Dr. Chenxi Wang. The objectives of that study were different, but we explored some of the same topics and compare the 2017 and 2020 responses throughout the 2020 report.

Filed Under: Latest News Releases Tagged With: Cobalt.io, PtaaS

Sponsored Content
Featured eBook
The State of the CI/CD/ARA Market: Convergence

The State of the CI/CD/ARA Market: Convergence

The entire CI/CD/ARA market has been in flux almost since its inception. No sooner did we find a solution to a given problem than a better idea came along. The level of change has been intensified by increasing use, which has driven changes to underlying tools. Changes in infrastructure, such ... Read More
« Applause Launches Industry’s First Integrated Functional Testing Solution to Give Enterprises a Holistic View of Quality
LogMeIn Announces New Edition of GoToMeeting For Healthcare to Help Support Shift to Telehealth During Coronavirus Pandemic »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

The State of SRE
Monday, August 8, 2022 - 1:00 pm EDT
DevOps Institute's 2022 Global SRE Pulse Survey
Tuesday, August 9, 2022 - 11:00 am EDT
VSM, an Ideal Framework for Continuous Security Dashboards
Wednesday, August 10, 2022 - 11:00 am EDT

Latest from DevOps.com

Putting the Security Into DevSecOps
August 5, 2022 | Ross Moore
Recession! DevOps Hiring Freeze | Data Centers Suck (Power) | Intel to ‘be’ Wi-Fi 7
August 4, 2022 | Richi Jennings
Orgs Struggle to Get App Modernization Right
August 4, 2022 | Mike Vizard
GitHub Adds Tools to Simplify Management of Software Development
August 4, 2022 | Mike Vizard
The Everything-As-Code Revolution and the OWASP Top 10
August 4, 2022 | Aakash Shah

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

DevOps: Mastering the Human Element
DevOps: Mastering the Human Element

Most Read on DevOps.com

API Gateway Vs. Service Mesh: What’s the Difference?
August 1, 2022 | Grace Lau
A Guide to Cloud Migration Trends and Strategies
August 1, 2022 | Ganesh Datta
Recession! DevOps Hiring Freeze | Data Centers Suck (Power) ...
August 4, 2022 | Richi Jennings
Developer-led Landscape & 2022 Outlook
August 3, 2022 | Alan Shimel
Three Key Steps To Going Multi-Cloud
August 2, 2022 | Aran Khanna

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.