SecPortal vs Cobalt
your own testers, your own platform
Cobalt is a pentest as a service (PTaaS) marketplace that supplies the testers, the platform, and the report. SecPortal is the platform you run with your own testers (or your own consultancy) so the engagement, the findings, and the client relationship stay yours.
No credit card required. Free plan available forever.
| Feature | SecPortal | Cobalt |
|---|---|---|
| You bring your own testers | ||
| White-labelled client portal on your subdomain | ||
| Branded reports under your firm name | Limited | |
| Built-in vulnerability scanning (33+ modules) | ||
| External domain scanning (16 modules) | ||
| Authenticated web scanning (17 modules) | ||
| Code scanning (SAST/SCA) | ||
| AI-powered report generation | ||
| Engagement management (scope, ROE, deliverables) | ||
| Findings tracking with CVSS 3.1 vectors | ||
| Retest workflow paired to original finding | ||
| Compliance framework templates (17 frameworks) | Limited | |
| Integrated invoicing and Stripe payments | ||
| Free plan available | ||
| Transparent pricing without sales call | ||
| Setup time | 2 minutes | Sales-led onboarding |
| Engagement model | You run the test | Marketplace of testers |
| Best fit for | Pentest firms, MSSPs, in-house teams | Buyers outsourcing the entire test |
SecPortal vs Cobalt: pentest as a service vs your own pentest platform
Cobalt is one of the most recognised names in pentest as a service (PTaaS). The marketplace model bundles three things: the testers, the platform that hosts the engagement, and the report at the end. For a buyer that wants to outsource the entire penetration test from procurement through deliverable, that bundle is convenient.
SecPortal is a different category. SecPortal is the pentest delivery platform you run with your own testers, whether that is your consultancy bench, your MSSP team, or your in-house security function. The engagement, the findings, the report, the client portal, and the invoice all sit inside a workspace branded to your firm. The relationship and the renewal stay with you, not with the platform vendor. If you are comparing PTaaS to running your own delivery, this page is the side-by-side.
Where the PTaaS model stops
PTaaS is a service-plus-platform bundle. That packaging makes some things easier (one contract, marketplace bench, managed deliverables) and makes other things structurally harder. The items below are not Cobalt-specific criticisms; they are properties of the marketplace PTaaS model when you compare it to running your own delivery on a platform you control.
Marketplace testers, not your testers
Cobalt sources testers from its global community. The skill, availability, and continuity from one engagement to the next are scoped by the marketplace, not by your firm. SecPortal is the platform you run with your own testers, so the bench, the methodology, and the relationship stay under your control.
Client relationship is mediated by the platform
In a PTaaS marketplace model, the buyer experience is anchored to the marketplace brand. SecPortal is white-labelled to your firm: the client portal, the report, and the subdomain carry your name, so the relationship and the renewal sit with you.
No built-in vulnerability scanning
PTaaS engagements rely on the testers you book to bring their own tooling. SecPortal includes 33+ scan modules in the platform: 16 external domain scanning modules, 17 authenticated web application testing modules, and SAST and SCA code scanning. You can use that scan output to inform manual testing or hand it to clients as continuous coverage between manual cycles.
No AI-powered report generation
Cobalt deliverables are produced by the testers and the platform team. SecPortal uses Claude to generate executive summaries, technical writeups, and remediation roadmaps from the live findings. The report is a snapshot of an active engagement record, not a frozen PDF you wait on.
No integrated invoicing for your clients
PTaaS billing flows through the marketplace. SecPortal includes Stripe Connect invoicing tied to engagements: you create the invoice against the engagement, the client pays through the same branded portal, and the funds settle to you.
Compliance framework coverage is narrower
SecPortal ships templates for 17 frameworks including OWASP, ISO 27001, SOC 2, PCI DSS, NIST CSF, NIST 800-53, FedRAMP, MITRE ATT&CK, DORA, NIS2, CIS Controls, Essential Eight, PTES, HIPAA, GDPR, Cyber Essentials, and Cyber Essentials Plus. Map findings to controls, generate framework-specific summaries, and retain assessor evidence in the same workspace.
Who each platform is the right fit for
Cobalt and SecPortal solve different problems for different buyers. The honest answer is that the right tool depends on whether you are buying a test or running one.
Cobalt fits buyers who want the test outsourced
If you are an internal security or engineering team that wants to book a pentest, get a report, and not run any of the platform yourself, Cobalt or any other PTaaS marketplace is a reasonable fit. You trade control of the bench and the deliverable for speed of procurement.
SecPortal fits firms and teams who deliver the test
If you are a penetration testing firm, an MSSP, a vCISO, or an in-house security team running tests against your own assets or your subsidiaries, SecPortal is the platform layer underneath that work. You bring the testers, SecPortal runs the engagement, the findings, the report, the portal, and the invoice.
SecPortal also fits buyers who want a real client portal back
If your firm books external testers but wants every finding, retest, and remediation conversation to live in a portal you own (rather than scattered across vendor PDFs and email), SecPortal is the workspace that holds that record across vendors and across years.
Clear pricing, no sales call
SecPortal pricing is published on the website and self-service from sign-up. There is no minimum contract, no per-tester floor, and no procurement cycle to clear before you can run a real engagement.
SecPortal Free
Free forever
1 user, 3 clients, 2 engagements per client, 3 AI credits, 6 core scan modules.
SecPortal Pro
From $149/month
All 33 scan modules, 100 clients, 25 AI credits/month, branded client portal, invoicing, compliance tracking.
SecPortal Team
From $299/month
Up to 5 users, 75 AI credits/month, team management, activity audit trail, MFA enforcement.
Why teams pick SecPortal over PTaaS
- Bring your own testers and your own methodology rather than depending on a marketplace bench
- Keep the client relationship under your firm name with a white-labelled portal on your subdomain
- Combine manual testing findings with built-in 33-module scanning for continuous coverage between cycles
- Generate AI-powered executive summaries, technical reports, and remediation roadmaps from live findings
- Pair every retest to the original finding so the closure record holds up under audit
- Map findings to OWASP, ISO 27001, SOC 2, PCI DSS, NIST 800-53, MITRE ATT&CK, DORA, NIS2, and 9 more frameworks
- Invoice clients directly from the engagement record through Stripe Connect, with self-service payment
- Start on the free plan and upgrade to Pro or Team without contract negotiation or sales calls
Related reading
If you are evaluating how to run a pentest delivery operation rather than buy a test, the pages below cover the workflows SecPortal supports day to day.
- Pentest project management for scoping, assignment, delivery, and invoicing.
- Continuous penetration testing for always-on programmes with scheduled scans and live findings.
- Remediation tracking from open finding to verified close inside the client portal.
- SecPortal for pentest firms for the audience-level overview.
- Branded client portal for the white-label delivery surface clients use.
- AI reports for executive summaries, technical writeups, and remediation roadmaps.
- SecPortal vs Pentera for the automated security validation comparison.
Run your own pentests on your own platform
Bring your testers. Keep your client relationships. Deliver through your own branded portal. Start free.
No credit card required. Free plan available forever.