Have you ever had a vendor claim to reduce attacks against your business? Unless they’re running some sort of protection racket, “reducing attacks” isn’t really possible. What they might mean is that they’ll help you avoid negative consequences from the…
Bugcrowd launched Next Gen Pen Test, the first product in our Pen Test portfolio, in November of 2018. Since then, “The Difference Between Bug Bounty and Next Gen Pen Test” has remained one of our most popular blogs. Maybe not…
The Vulnerability Rating Taxonomy (VRT) is a living project that is continually updated thanks to contributions from the broader security community to our open-sourced GitHub repository. Today, Bugcrowd is thrilled to announce the culmination of these most recent efforts, VRT…
Shelter-in-Place orders launched many organizations into fully-remote operating models, without precedence or a playbook for doing so both quickly and securely. In fact, according to a recent Bugcrowd survey, 74% of security leaders at organizations that weren’t already remote-first reported…
Note: This is part 5 of a 5-part series in which we examine a smarter approach to attack surface management. Catch up on last week’s post first. I love the term “attack surface management.” So much so that that’s what we…
Pen testing sure ain’t what it used to be. Or rather, what it was meant to be all along. Human-driven attack simulation was once considered the best way to approximate real risk for a given system. But the realities of…
Why do we perform security testing? Lots of reasons- like ensuring we take steps to protect data, avoid downtime, promote transparency, and the list goes on. But why pen test, in particular? If we assume, for the purposes of this…
Inside-out: How organizations typically defend their digital ecosystem. Outside-in: How attackers actually operate. In other words, while organizations work to secure priority assets, attackers are more focused on whatever fell off the radar. Unknown or un-prioritized assets become ticking time-bombs…
Note: This blog is a recap of our latest webinar, “5 Minutes to 50% More Attack Surface” You can access the full recording here. It’s 11pm. Do you know where your assets are? Do your attackers? In our latest webinar,…
Attack surface and motivated attackers are both increasing, and organizations are often left to decide whether more humans (when available), or more technology (when affordable) will alleviate their growing coverage crisis. This year, the theme of RSA is, “Human Element.”…
