Learn how SEEK Limited Protects its Leading Employment Marketplace

Download Case Study

SEEK is Australia’s number one employment marketplace, bringing together a strong portfolio of online employment, educational, commercial and volunteer businesses.

With an expanding attack surface and highly motivated adversaries, SEEK recognized it needed to create a consolidated channel for vulnerability reporting and improve internal and external security testing practices.

To achieve this, they tapped Bugcrowd’s platform and community of white hat hackers, launching its crowdsourced security program in 2016.

Challenge:

  • Over the years, the team had incorporated varying technology stacks and “backend” systems for managing different parts of the business.
  • Combine that with the highly sensitive user data shared on SEEK, and you have your hands full.

Solution with Bugcrowd:

  • SEEK started working with Bugcrowd in June 2016. To get the business comfortable with running a bug bounty against the production systems, SEEK started with a small limited scope.
  • After running a wider scope private program for a few years, SEEK took the program public in 2019.

Program Results

  • Bugcrowd has enabled SEEK to identify “patterns” of vulnerabilities that no one else had. Identifying these patterns has allowed SEEK to establish secure defaults.
  • SEEK’s crowdsourced security testing coverage is wider than their other testing processes, so they were able to get valuable findings from the older, less top-of-mind, systems.
  • SEEK also increased awareness of its security maturity among its users.

 

Unlike a scheduled penetration test, time is not a factor. And given the number of researchers on the Bugcrowd platform this means eventually the majority of customer facing applications end up being discovered and further tested. This allows us to ‘even up’ the playing field between security testers and the technology teams.
Zac Sims Security Engineer

Program Facts

Industry
Employment Marketplace
Use Case
Better security for employment markets
Program Type
Private to Public Managed Bug Bounty

Empower your security team with a Crowd of white hat hackers to find vulnerabilities in your code before the bad guys do.