cobalt-color-mark-logotype
The-State-of-Pentesting-2020-Picture

The State of Pentesting: 2020

“The State of Pentesting: 2020” assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. The scope of this exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing (“machines”) for web applications.

In its fourth annual year, “The State of Pentesting: 2020” explores the state of application security. Written by Caroline Wong, Chief Security Strategist, and Vanessa Sauter, Security Strategy Analyst, the report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. It also includes insights from a survey of more than 100 practitioners in security, development, operations, and product roles as well as 1,200+ pentests conducted through our Pentest as a Service (PtaaS) platform.

What are the learnings?

  • How application security methodologies are evolving as software development hastens
  • Which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify
  • The most common types of vulnerabilities based on 1,200+ pentests conducted through the Cobalt Pentest as a Service (PtaaS) platform

The State of Pentesting: 2020