Previously, we’ve written about how the Bugcrowd Security Knowledge Platform has transformed pen tests by bringing specialized human skills sets to them on demand, freeing buyers from having to settle for low-impact vuln assessments in disguise. We’ve also talked about how our platform makes Pen Testing as a Service (PTaaS) real by offering an interactive, data-driven experience that looks and feels like SaaS, instead of a clumsy consulting project that is slow and painful for everyone involved.
Now, we’re taking our PTaaS vision one step further: Starting immediately, you can buy, configure, launch, and see real-time results from a human-driven Bugcrowd Standard Pen Test–with a pentester team matched to your precise needs–via a few clicks. No more sales calls, scoping calls, and other backs-and-forths that delay your pen test launch. Instead, thanks to new capabilities in our platform, you’ll cut setup time from days to hours, start seeing prioritized findings in a rich Pen Test Dashboard fast, and get a final report within days of test completion. That’s how pen testing should work!
To give you a flavor of how easy this is, we’ve captured a couple steps in the brief demo below:
The Need for Standards
Why have we taken up this mission? Because everyone in the industry knows that the penetration testing experience for buyers and pentesters alike needs an upgrade. Traditional penetration testing has roots in consulting, so buying, scoping, sourcing pentesters, and report delivery depend on numerous manual, ad hoc interactions that delay what everyone wants: results. Too often, other PTaaS providers rely on automated, low-impact testing to streamline this process, while leaving the procurement and setup process largely manual–giving buyers the worst of both worlds.
Instead, we believe the solution to this problem is to standardize how human-driven, high-impact pen testing is delivered for common asset types, just like the construction industry adopted standards to make it faster and easier to build things at scale. That standardization is what makes it possible for us to orchestrate the setup process in software, for customers to buy Bugcrowd Standard pen tests in three sizes for external web apps or networks (with access to exactly the right pentester skills), and to easily organize and manage multiple pen tests in groups. Our platform’s unique ability to crowd-source the right pentesters for the job (CrowdMatchTM) based on data, and rotate them on demand, is special value in the bargain.
So what does this development mean for the pen testing industry? The way we see it, the choices are clearer than ever:
With this announcement, we’ve transformed the pen test experience from procurement through report delivery, but we won’t stop there. In the future, we’ll expand the types of pen tests that can be purchased and set up online and make it even easier to clone, organize, and manage pen tests and other programs on our platform.
In the meantime, buy and set up a Bugcrowd Standard Pen Test that’s “just right” for your external web app or network with just a few clicks! And if you’re attending RSA Conference in San Francisco next week (April 24-27), visit us at Booth #2438 or schedule a 1:1 to learn more. Read more about our Pen Testing as a Service announcement here.