The information included in this report is summary data from the pentesting performed in 2018. Additionally, we provide survey data from respondents in security, management, operations, DevOps, product, and developer roles. (more available)

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. (more available)

The State of Pentesting 2022 Report focuses on issues and stats that are relevant to both security and development teams: to separate these two inextricably linked groups would only yield a partial picture of the security landscape. (more available)

This annual report covers data from 1,602 penetration tests conducted in 2020 as well as survey information from 601 firms in the pursuit of understanding secure development, vulnerability remediation, and opportunities for process improvements. (more available)

As software proliferates and DevOps takes hold, we conducted this study to understand the impact of utilizing Pentest as a Service (PtaaS) vs. (more available)

Here at Cobalt, we’ve done over 350 penetration tests to date. The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests performed in 2017. (more available)