Bugcrowd Introduces Continuous Attack Surface Penetration Testing on its AI-Powered Crowdsourced Platform
Bugcrowd Platform brings complete and continuous attack surface visibility to accelerate compliance, risk reduction, and remediation, while providing new skills and rewards to hackers
SAN FRANCISCO, August 07, 2024 — Bugcrowd, the leader in crowdsourced security, today announced the availability of its Continuous Attack Surface Penetration Testing (CASPT) solution on the Bugcrowd Platform. This solution provides customers with a proactive security approach to continuously meet compliance goals and reduce their external risk asset exposure.
Continuous Attack Surface Penetration Testing (CASPT) is designed for customers with an evolving attack surface that only do pentesting once or twice a year, leaving “assets in motion” and at risk for new threat exposure, while being unprepared to address it immediately. With CASPT, users can run a baseline test and then share incremental changes about new and updated assets or threats with a curated team for testing as soon as changes are detected.
Fewer than 10% of organizations have full visibility into their evolving attack surface, yet nearly 70% have been compromised through an unknown or poorly managed asset – which suggests that adversaries know more about their attack surface than its defenders do. Organizations need to understand ongoing risk across all digital assets “in motion” before attackers can exploit them.
CASPT is enabled by Bugcrowd’s recent acquisition of Informer, a leading provider of external attack surface management (EASM) and continuous penetration testing. This integration combines detailed asset data acquired through EASM with the massive amount of vulnerability information Bugcrowd has processed in the past twelve years to create new and unique value for customers and hackers alike on the platform.
Bugcrowd customers with managed bug bounty engagements will gain the ability to manually or dynamically update scope to account for new and updated assets. They can also kick off a new pentest or bug bounty engagement for specific assets directly from their EASM dashboards.
“Our long-term vision for our platform is to continuously give customers proactive, data-driven insights and recommendations so that they have eyes on their attack surface better than their adversaries do,” said Dave Gerry, Chief Executive Officer of Bugcrowd. “At the same time, our goal is to help the brilliant hackers on our platform acquire more skills and earn more rewards by matching them with engagements that precisely reflect their interests and experience. Our ability to bring rich EASM data into the Bugcrowd platform is an important milestone in this journey and we’re excited for what’s to come.”
Bugcrowd offers a unified platform for EASM, EASM-enriched penetration testing, and EASM-enriched crowdsourced testing. Standalone EASM providers, crowdsourcing providers, and traditional pen-test providers provide pieces of the solution, but none provide a complete one.
“Attack surfaces are not static – they are constantly expanding and shifting due to shadow IT, cloud adoption, multinational organizations, and M&A, making the manual tracking of digital assets an ongoing challenge,” said Julian Brownlow Davies, Vice President of Advanced Services at Bugcrowd. “Continuous Attack Surface Pen Testing provides customers with a uniquely high level of assurance that both compliance and risk reduction goals are being met, continuously. Our mission is to be a trusted partner providing proactive, data-driven insights that will arm them with what they need to defend their organizations.”
To learn more about how Bugcrowd Continuous Attack Surface Penetration Testing and External Attack Surface Management solutions can accelerate compliance, risk reduction, and remediation while consolidating budget items into a single provider, click the link here.
Bugcrowd at Black Hat, August 7-8, 2024
- Visit us at Booth 1668 on the Expo floor for swag, demos, and conversation about the news.
- Request 1:1 time here with the leadership team for a deep dive into our announcement and the value of the Bugcrowd Platform.
- Attend our INTERSECCCT VIP Party, register here for an invitation.
- Access additional information on our CASPT and EASM solutions here.
- To learn more about what CISOs are prioritizing, download a free copy of our recently published Inside the Mind of a CISO report.
About Bugcrowd
We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors.
Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.
“Bugcrowd”, “CrowdMatch”, “Informer” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
*Enterprise Strategy Group (ESG)
Contact
Nathaniel Hawthorne
Lumina Communications for Bugcrowd
press@bugcrowd.com
bugcrowd@luminapr.com