Bugcrowd is fueled by the collective creativity of whitehat hackers. For continued program and researcher success, we in turn, must fuel that community. This week we’ve launched five new modules for Bugcrowd’s online learning program, added additional enhancements to our program matching capability, and introduced brand new collaboration functionality to help security researchers achieve the next level of success on our platform, and beyond.
The security skills gap continues to expand, heightening the need to make education more accessible for all. Bugcrowd University is a step in that direction. We offer free, un-gated access to a library of hacking tutorials co-curated by our Crowd and security experts to help other hackers hone their skills.
This week, we’re excited to launch five new modules:
- Burp Suite Advanced Module
- Server Side Request Forgery (SSRF)
- XML External Entity Injection
- GitHub Recon and Sensitive Data Exposure
- Recon & Discovery
Starting Thursday, the new content for Bugcrowd University can be accessed at Bugcrowd.com/university, alongside a wealth of additional learning resources for security researchers.
Skills Matching and Certification Verification
Bugcrowd’s latest enhancements to our CrowdMatch technology enables researchers to upload relevant training certifications, which are then verified by Bugcrowd and used to match Researchers to programs in need of those skills. While not necessary for program participation, this transfer of credibility means new researchers can qualify for programs faster than otherwise possible through Bugcrowd’s extensive skills assessment process alone.
#ItTakesACrowd. Bugcrowd’s favorite saying is more than just a hashtag. It reflects our belief in the power of community — specifically, our hacker community. And it’s not just customers that see strength in numbers. Some vulnerabilities can be incredibly complex and far-reaching, requiring a range of skills to surface. Through collaboration, security researchers are able to more rapidly identify insidious vulnerabilities and report them in their entirely. To encourage and facilitate this activity, Bugcrowd launched Researcher Collaboration. Available on all public programs and Bug Bashes, this new feature enables researchers to collaborate, jointly submit, and share rewards for vulnerabilities they find together.
Amazingly, almost half of all submissions at our recent Atlassian Bug Bash (which resulted in over $225,000 paid out!) were the result of a formal collaboration amongst participants, including the submission that earned “Top Bug.” Researchers with complementary skills teamed up, strategized their approach, and attacked targets together. Though this isn’t exclusive to live Bug Bashes. Many of our best vulnerabilities are found by researchers working together remotely — proving that two heads are better than one, even when separated by thousands of miles.
Bugcrowd is on a mission to change the way organizations think of security at scale, and we’re doubling down on our investment in Crowd development, and enablement to get us there.
If you’re interested in learning more about these updates or working with Bugcrowd, set up a chat with a crowdsourced security expert today: