Crowdsourced Penetration Testing

Crowdsourced penetration testing is a form of penetration testing that varies from the standard pen test by involving a group of invited participants, otherwise known as ethical security hackers or “white hats.” These researchers are engaged on an incentivized basis, usually paid through “bug bounties” on a sliding scale with larger amounts paid for uncovering issues of greater severity. This model differs from the legacy model of hired consultants contracted through accounting firms or IT consultancies. As such, crowdsourced penetration programs tend to involve a longer, more thorough process than the typical pentester company as several different researchers engage in the testing process in a more open-ended and consistent manner. Where the typical pentest often has the issues of only capturing the most obvious vulnerabilities and failing to account for how rapid updates tend to alter an application in ways that can make their initial tests inaccurate, crowdsourced penetration testing allows for a more in-depth and even user-centric focus. By following along with the application with consistent checks and tests, crowdsourced pentesters catch things that the standard tester can miss and are able to adapt to changes as they occur, instead of only getting a snapshot of how security may look in a specific moment.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.