By Justin Kestelyn Apr 27, 2022Fight the Fear of Shadow and Zombie APIs One of Gartner’s 2022 security predictions is focused on the adoption and growth of APIs, which will require improvements in management and security. There were some interesting planning assumptions in this research note about the challenges organizations will increasingly face in… Read More
By Justin Kestelyn Mar 24, 2022Defining Cybersecurity Team Colors (and How Bugcrowd Fits In) Originally invented for wargaming, the “oppositional teams” concept was widely adopted by the cybersecurity industry decades ago. Today, Blue Teams and Red Teams are standard concepts in security simulations and testing, especially in large companies–and more recently, we’ve seen the… Read More
By Nick Mckenzie Dec 16, 2021Living with and Learning from Log4Shell This is not a post on what Log4j is, or what controls you need to put in place. There are too many articles about that already. If that's what you’re looking for, please read this great post from our Founder,… Read More
By Santerra Holler Nov 17, 2021Todayisnew and Hx01 on Collaboration Unless you’ve been living under a rock, Bugcrowd expanded our Collaboration feature this year. To complement this extraordinarily convenient feature we also announced our first-ever #TeamHunt2021 challenge! 15 teams, 5 weeks, one grand prize! Before the competition, we caught up… Read More
By Michael Hamel Oct 1, 2021HEROES WANTED! Hack the Homeland for Challenge Coins Want to be a hero and collect some sweet challenge coins? Bugcrowd is proud to partner with the Cybersecurity and Infrastructure Security Agency (CISA). Through this partnership, we’re able to provide our community of researchers the opportunity to report vulnerabilities… Read More
By Santerra Holler Sep 27, 2021Bugcrowd Platform Behavior Standards REMEMBER THE HUMAN Over the years we’ve earned the trust of security researchers and customers through our tireless commitment to values as simple as respect, honesty, accountability, and embracing the hacker mindset. These straightforward company standards define not only our… Read More
By Erica Azad Aug 6, 2021The Trouble with Traditional Penetration Testing When it comes to pen testing, organizations require access to the skills they need when they need them. Large consultancy groups often leverage a “one-size-fits-all” approach to pen testing. Although the resumes these groups highlight may seem impressive, it’s rare… Read More
By Adam Foster Jul 23, 2021PrintNightmare: What You Need to Know PrintNightmare or PrinterNightmare is an interesting vulnerability currently impacting Microsoft systems. This vulnerability can be executed on remotely accessible systems and has a lot of potential for abuse by ransomware operators. Here are the basics: PrinterNightmare - CVE-2021-34527 CVE ID:… Read More
By Michael Skelton Jul 21, 2021The Shocking Truth You May Not Know About Being A Full-Time Bug Hunter For a lot of people, bug bounties present a way to escape the rat race. A way to exchange the handcuffs of employment for the freedom of autonomous control of one's day, and one's financial future. As appealing as that… Read More
By Casey Ellis Jul 7, 2021The Kaseya/REvil Attack Explained Why it Matters and How to Protect Yourself What Happened? At around 1400 EDT on July 2, attackers appear to have used a 0-day authentication bypass vulnerability in Internet-exposed instances of the Kaseya Virtual System Administrator (VSA) server software, a… Read More