Request a Demo Contact Us

Bugcrowd replaces traditional pen test for Instructure’s security audit

Instructure, from its inception, has proactively published the results of its annual security survey to add full transparency to its security posture.

Products

Next Gen Pen Test

Industry

Education

  • Challenge

    Instructure’s traditional penetration testing approach offered limited value and was not a comprehensive method to identifying critical vulnerabilities.

  • Outcome

    Instructure has seen 5X growth in vulnerability findings over traditional security testing. The team is investing in additional Bugcrowd programs to expand the footprint of their security program.

Security & Transparency for eLearning

Instructure, the provider of the leading cloud based Learning Management System (LMS), Canvas, from its inception has proactively published the results of its annual security survey to add full transparency to its security posture. Initially the survey was based on traditional penetration testing, but realizing this approach offered limited value and was not a comprehensive method to identify critical vulnerabilities, Instructure turned to Bugcrowd to provide a more leading-edge and thorough crowdsourced based assessment.

The Value of a Next Gen Pen Test


The private, managed Bugcrowd Next Gen Pen Test has delivered to Instructure the highest quality researcher talent pool available, carefully selected for their knowledge and specialized skills, all ready and able to test the Canvas application within the allotted multi-week testing window. Unlike customary penetration testing with its focus on predefined scenarios, the Bugcrowd approach employs the creativity, cleverness, and broad-based expertise and scope only a crowd of researchers can offer, with a magnitude of results to match. Bugcrowd manages all of the back-end logistics, including submissions, ratings, payment, methodology, and reporting. Additionally, Bugcrowd ensures vulnerabilities are properly validated and operationalized into the SDLC so the development team knows what vulnerabilities to fix and how to fix them.

The cybersecurity landscape is an ever evolving one, so we knew we had to do something different, something innovative with this year’s audit, and that is what Bugcrowd offered us. We’ve continued with the Bugcrowd program because it consistently delivers quantifiable results and practical reports, tools that we then can use to internally remediate issues before they become customer problems. We now know what to tackle first.

Wade Billings, VP, Technology Services

Working with Bugcrowd

As an online education enablement organization, Instructure is slated with delivering instruction and training to thousands of students in groundbreaking ways, all while protecting curriculum content and individual learner information. Instructure desired to affirm its commitment to its user base with a meaningful, actionable way to uncover and repair security issues, all while validating a publicly proactive security stance.

Working together with Bugcrowd, Instructure was able to incorporate the Crowdcontrol bug tracking platform into an ongoing security program, using the most innovative and effective technology available. This moved them beyond checkbox boilerplate pen tests to the results delivered by a cadre of human researchers with vast experience, knowledge and purpose.

Year after year, Instructure has acknowledged the ROI the Bugcrowd solution provides and the collaborative effort in which they excel, and is investing in additional Bugcrowd programs to expand the footprint of their security program.

Program Learnings

Instructure has experienced ongoing success and has adopted Bugcrowd’s Next Gen Pen Test Program as an essential part of its annual security survey. The newly realized collaboration between the vulnerability detection group and the remediation process engineering team has expedited faster bug remediation.

Instructure and its learning management system Canvas have continued to lead in the tech-ed space, a vertical market where security concerns loom large. With Bugcrowd’s assistance, Instructure has been able to attract, engage and retain researchers who have a growing and ongoing understanding of the product and the intricacies of their customer’s needs. This association adds long-term brainpower, cumulative value and better results for Instructure and the ongoing security of its users.

Subscribe for updates

Get Started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.