Demo
Learn how Cobalt’s Pentest as a Service (PtaaS) model makes you faster, better, and more efficient.
Demo
Learn how Cobalt’s Pentest as a Service (PtaaS) model makes you faster, better, and more efficient.

The State of Pentesting 2020

The State of Pentesting 2020 Finds Strong Relationship Between Security and Engineering
Jun 8, 2020
Est Read Time: 1 min
Caroline Wong

Today, we released the results of the fourth annual “The State of Pentesting” report, which features insights from more than 1,200 pentests conducted in 2019 through our Pentest as a Service (PtaaS) platform and analysis from more than 100 security practitioners who participated in our application security survey.

This year, we also investigated what web application vulnerabilities can be found reliably through dynamic and out-of-band scannings (“machines”) and which require human expertise to manually identify through black-box penetration testing (“humans”). The report is intended to help security practitioners strategize resource allocation and ascertain value in a results-driven market.

Among the key report takeaways, we observed application security methodologies and tactics are adapting quickly to accommodate DevOps:

  • More than one-third (37%) of security practitioners stated their companies release code weekly or daily. It’s unsurprising that they are now pentesting more often, with more than half (57%) pentesting at least quarterly.

  • Misconfiguration leads our top vulnerabilities list for the fourth year in a row, while issues in session management and access control remain consistent issues

  • Dynamic and out-of-band scanning technologies are improving in scope and quality, requiring pentesters to apply system knowledge to find design-level vulnerabilities that machines will miss

We hope this report helps you think strategically about how you invest your application security budget.

Click the following link to download The State of Pentesting 2020 report or access the newest report here: The State of Pentesting 2022.
Back to Blog
About Caroline Wong
Caroline Wong is an infosec community advocate who has authored two cybersecurity books including Security Metrics: A Beginner’s Guide and The PtaaS Book. When she isn’t hosting the Humans of Infosec podcast, speaking at dozens of infosec conferences each year, working on her LinkedIn Learning coursework, and of course evangelizing Pentesting as a Service for the masses or pushing for more women in tech, Caroline focuses on her role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity company with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. More By Caroline Wong

Related resources

Gartner Names Cobalt in Report on DevSecOps Tools for Secure Software Delivery
Gartner's recent report “How to Select DevSecOps Tools for Secure Software Delivery” gives a birds-eye view of the technology landscape, emphasizing the benefits to integrating developer-friendly tools into DevOps pipelines. In a section of the report titled “Preproduction and Release Phases” Gartner name-drops Cobalt as a representative penetration testing vendor.
Modernizing Pentesting
Blog
Mar 15, 2023
Read more
How to Evaluate Vulnerability Reports
Modernizing Pentesting
Blog
Mar 18, 2014
Read more
Faster and Cost-effective: How Pentest as a Service (PtaaS) Stacks Up Against Consultancies
Modernizing Pentesting
Blog
Nov 2, 2021
Read more
see more

Never miss a story

Stay updated about Cobalt news as it happens

Flying Bug Image