Bugcrowd replaces traditional pen test for Instructure’s security audit

Security & Transparency for eLearning

Instructure, the provider of the leading cloud based Learning Management System (LMS), Canvas, from its inception has proactively published the results of its annual security survey to add full transparency to its security posture. Initially the survey was based on traditional penetration testing, but realizing this approach offered limited value and was not a comprehensive method to identify critical vulnerabilities, Instructure turned to Bugcrowd to provide a more leading-edge and thorough crowdsourced based assessment.

The Value of a Next Gen Pen Test

The private, managed Bugcrowd Next Gen Pen Test has delivered to Instructure the highest quality researcher talent pool available, carefully selected for their knowledge and specialized skills, all ready and able to test the Canvas application within the allotted multi-week testing window. Unlike customary penetration testing with its focus on predefined scenarios, the Bugcrowd approach employs the creativity, cleverness, and broad-based expertise and scope only a crowd of researchers can offer, with a magnitude of results to match. Bugcrowd manages all of the back-end logistics, including submissions, ratings, payment, methodology, and reporting. Additionally, Bugcrowd ensures vulnerabilities are properly validated and operationalized into the SDLC so the development team knows what vulnerabilities to fix and how to fix them.

Working with Bugcrowd

As an online education enablement organization, Instructure is slated with delivering instruction and training to thousands of students in groundbreaking ways, all while protecting curriculum content and individual learner information. Instructure desired to affirm its commitment to its user base with a meaningful, actionable way to uncover and repair security issues, all while validating a publicly proactive security stance.

Working together with Bugcrowd, Instructure was able to incorporate the Crowdcontrol bug tracking platform into an ongoing security program, using the most innovative and effective technology available. This moved them beyond checkbox boilerplate pen tests to the results delivered by a cadre of human researchers with vast experience, knowledge and purpose.

Year after year, Instructure has acknowledged the ROI the Bugcrowd solution provides and the collaborative effort in which they excel, and is investing in additional Bugcrowd programs to expand the footprint of their security program.

Program Learnings

Instructure has experienced ongoing success and has adopted Bugcrowd’s Next Gen Pen Test Program as an essential part of its annual security survey. The newly realized collaboration between the vulnerability detection group and the remediation process engineering team has expedited faster bug remediation.

Instructure and its learning management system Canvas have continued to lead in the tech-ed space, a vertical market where security concerns loom large. With Bugcrowd’s assistance, Instructure has been able to attract, engage and retain researchers who have a growing and ongoing understanding of the product and the intricacies of their customer’s needs. This association adds long-term brainpower, cumulative value and better results for Instructure and the ongoing security of its users.