The results you want, the deliverables you need, managed by the team you know and trust. This is the next generation of penetration testing.

Supercharge your Pen Testing with the power of the Crowd, managed by Bugcrowd

Critical Vulnerabilities

Critical Vulnerabilities

Find 7x more critical issues than traditional pen testing methods and security solutions.

Continuous Coverage

Continuous Coverage

Run programs continuously, consistent with rapid code release.

Lower Operational Overhead

Lower Operational Overhead

Seamlessly integrates into your existing SDL to shift left faster.

clippingpath

Supercharge your Pen Testing with the power of the Crowd, managed by Bugcrowd

Critical Vulnerabilities

Critical Vulnerabilities

Find 7x more critical issues than traditional pen testing methods and security solutions.

Continuous Coverage

Continuous Coverage

Run programs continuously, consistent with rapid code release.

Lower Operational Overhead

Lower Operational Overhead

Seamlessly integrates into your existing SDL to shift left faster.

Next Gen Pen Test’s continuous assessments are performed by top tier Pen Testers and researchers selected specifically for your program. The results are dramatic improvements to the quality of vulnerabilities surfaced, as well as the way in which they are operationalized. Take a look at how Next Gen Pen Test features and values stack up against traditional pen testing.

Traditional Pen Testing Bugcrowd Next Gen Pen Test
Meets Compliance Requirements Provider helps you meet HIPAA, NIST, and other compliance initiatives Yes Yes
Offering is QSAC PCI Certified Sometimes Yes
Provider Certified in ISO27001, SOC2 Type 1 & 2 N/A Yes
Resource Experience Pen Testers Pen Testers + Hackers with a variety of skills
Number 2 – 3 Flexible number of Pen Testers and Hackers depending on your needs and preferences
Skill Depth or Breadth Depth AND Breadth
Selection First Available CrowdMatch™ for the right experience & skills
Test Timing Scheduling Delays Right Resources Right Now
Methodology Rigid Flexible
Coverage Analysis None Verified with TrafficControl™ + activity logs
Interaction Limited ResearcherDirect™
Duration One 2-3 week engagement On-Demand or Continuous
Results Reporting 1 Report QSAC certified Report Format + Exec Summary + Continuous Insights available in platform
Quality of Results Low severity Critical, Unusual
Triage Manual Automated Security Workflows for faster triage and a 95% Signal to Noise ratio
Delivery All vulnerabilities submitted at the end Rolling vulnerability submission + triage to promote rolling remediation
Rating Subjective VRT and CVSS Rating for objective determinations
SDLC Integration Integrations No JIRA, Slack, ServiceNow, Github
Education Remediation Advice No All vulnerabilities tagged with remediation advice to help development teams fix faster
Pen Tester Communication Sometimes ResearcherDirect™
Lifecycle Support Re-Testing Sometimes Yes, plus updated reports optional
Automated Program Health Assessments No Automated PHAs help our team ensure value today and every day
Dedicated Program Manager Light-touch interaction Hands-on throughout entire engagement

NGPT vs Traditional Pen Testing

Bugcrowd
1
Leverage the Crowd
Bugcrowd’s CrowdMatch™ connects the right resources to every program, ensuring you get the expertise you need, today.
Bugcrowd
2
BugHunter Methodology
Bugcrowd’s Bughunter Methodology™ pairs industry best practices with client-specified reporting methodologies like PCI, HIPAA, etc.
Bugcrowd
3
Continuous Coverage
Bugcrowd’s continuous coverage manages the ever-evolving risk of continually updated targets. Coverage Analysis shows what and how vulnerabilities were discovered.
Bugcrowd
4
Validate and Remediate
Bugcrowd’s Vulnerability Rating Taxonomy (VRT), dedicated triage team, and JIRA integration help reduce validation overhead while improving remediation workflow in the SDL/SDLC.
Bugcrowd’s Next Gen Pen Test Feature Table
Features
Definitions

Methodology Driven Reports

Bugcrowd’s BugHunter™ Methodology blends OWASP Top 10 (PCI, NIST, Hi Trust, etc), with industry best practices for optimal coverage and vulnerability identification

Top Pen Testers and Researchers

Bugcrowd’s crowd of top talent consists of thousands of Pen Testers and elite Researchers with a variety of skills across web, network, API, mobile device, IoT, reverse engineering, and more. Bugcrowd also delivers strict ID and/or background checks if required for any engagement

Continuous Vulnerability Assessment

Unlike time-boxed assessments, NGPT programs runs 24/7/365 to reflect agile software development cycles. Rather than being paid for time only, Pen Testers and Researchers are motivated to find critical vulnerabilities by reward for results as well as effort.

Named Customer Success Manager

Bugcrowd assigns a known person to help guide you through every program, including routine check-ins and QBRs as required

Jira Integration

Improves Security Development Lifecycle by streamlining interaction with Dev Team and their Software Development Lifecycle.

Vulnerability Rating Taxonomy (VRT™)

Bugcrowd reduces overhead for customers by leveraging years of collated learning on the severity and impact of vulnerabilities, in order to better validate and prioritize submissions.

Managed Social Model

Managed social to ensure no accidental disclosures of vulnerabilities. We work with you & the Pen Testers and Researchers to promote responsible disclosures.

Target Management

Manage multiple different programs simultaneously with platform telemetry reporting for each target.

Triage SLA

SLAs ranging from less than 8 hours to less than 48 hours depending on severity

Remediation Advice

Expert advice mapped to the VRT rankings assigned to every submission

Fair Liability Terms

Bugcrowd backs the work of its support team, without need for customers to contract separately with the Researchers and Pen Testers themselves.

Retesting

Bugcrowd includes retesting of specified targets for all engagements, free of charge.

Test Internal Targets

Bugcrowd enables testing of non-internet facing targets with the help of proxy control

Coverage Analysis

Bugcrowd ensures comprehensive coverage of all targets by analyzing the logs of Researchers and Pen Testers to ensure adherence to methodologies, as well as provide insight into how vulnerabilities were found

Direct Researcher Collaboration

Bugcrowd provides embedded chat room functionality directly within our platform for secure collaboration between researchers and customers.

Learn about Trends in Application Security in 2019Download
+