Sold by: BugcrowdÂ
Deployed on AWS
Bugcrowd frees organizations with a low tolerance for risk from the limits of status quo cybersecurity, including chronic talent shortages, reliance on noisy tools that breed false positives, and hidden vulnerabilities. Our platform helps organizations continuously reduce risk, meet compliance goals, and build stronger resilience by activating the world's most skilled ethical hackers, pentesters, and AI/LLM experts as an elastic resource for proactive security and safety testing. By providing curated expertise as a service along with unique crowdsource insights about vulnerabilities and assets, Bugcrowd helps innovative security and engineering teams outpace threat actors.
Bugcrowd has 12+ years of experience and 100s of customers in every industry, including OpenAI, National Australia Bank, Indeed, USAA, Twilio, and the US Department of Homeland Security.
Overview
Our multi-solution platform delivers (in any combination):
Penetration Testing as a Service The Bugcrowd Platform's modern Pen Testing as a Service (PTaaS) suite delivers fast, high-impact results for both compliance and risk reduction. Launch pen tests against any target within days with a pentester team designed for your needs, view prioritized findings and progress 24/7 in a rich dashboard, and flow issues into your DevSec workflows for remediation. (Pricing for Standard Pen Tests is shown below; for customized testing, contact us about a Plus Pen Test.)
Managed Bug Bounty Bugcrowd's platform-powered Managed Bug Bounty brings the right security researchers (the Crowd) into your workflows at the right time to find hidden flaws in the attack surface. The Bugcrowd Platform augments the bug bounty value proposition with AI-driven tester sourcing, engineered triage, and data-driven insights derived from a decade of experience across 1000s of customer experiences. (Contact us for pricing.)
Managed VDPs A vulnerability disclosure program (VDP) sets the rules of engagement for the public to submit vulnerability reports about public-facing assets and then coordinates how they're handled internally. Running on the Bugcrowd Platform (and selected by CISA as the VDP solution of record for US Federal civilian agencies), our managed VDPs provide intake channels, validation and triage, researcher relations, integration with your SDLC, and reporting. (Pricing for Basic VDP plans is shown below; contact us if you need more scale.)
Pricing for Standard Pen Tests and Basic VDP plans are shown in Pricing Information below. For pricing of other products, questions, or private offers, please contact us at partners@bugcrowd.com .
Highlights
- AI-powered crowd activation: Our platform uses data and AI to source and activate the right hackers/pentesters for your needs across 100s of dimensions, augmenting your team to continuously discover hidden critical vulnerabilities before attackers can exploit them
- Engineered triage: The Bugcrowd Platform treats triage as a core competency, rapidly removing noise and adding context for prioritization -- handling critical vulnerabilities within a single day, even during global incidents
- Rich analytics, reports, and recommendations: We've collected millions of data points about vulnerabilities, assets, and hacker skill set over a decade of experience to develop a deep Security Knowledge Graph that drives analytics, insights, recommendations, and AI models for continuous improvement
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
VDP Basic 15 | Managed vulnerability disclosure program covering first 15 submissions | $3,588.00 |
VDP Basic 75 | Managed vulnerability disclosure program covering first 75 submissions | $11,988.00 |
Standard Pen Test - Small | For 1 low-complexity webapp, 50 active IPs, or 45 API endpoints | $5,000.00 |
Standard Pen Test - Medium | For 1 medium-complexity webapp, 100 active IPs, or 75 API endpoints | $8,000.00 |
Standard Pen Test - Large | For 1 high-complexity webapp, 256 active IPs, or 150 API endpoints | $15,000.00 |
Standard Pen Test - Cloud Configuration | For 1 AWS, Azure, or Google Cloud Project | $5,000.00 |
Standard Pen Test - Mobile App (1 Platform) | For 1 application (Android or iOS) | $8,000.00 |
Standard Pen Test - Mobile App (2 Platforms) | For 1 application (Android and iOS) | $13,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Our support team operates 9AM-5PM PT, Monday-Friday. All requests for support should be sent through the Bugcrowd Support ticketing portal:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
TurnKey Ushahidi helps save you time and money by providing a ready-to-run Ushahidi solution that is secure, supported and easy to maintain. The system auto-updates itself with security fixes and is built in a transparent 100% open source process free of hidden backdoors.
Data labeling service by ScaleHub AG - Numeric snippet labeling
HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.
Customer reviews
0 ratings
0 AWS reviews
|
54 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Naman M.
Enhances Security Testing and Rewards Engagement
Reviewed on Nov 20, 2025
Review provided by G2
What do you like best about the product?
I use Bugcrowd mainly because it provides an excellent platform for finding and reporting security vulnerabilities, which significantly enhances my skills as an ethical hacker while ensuring the legality of my actions. I enjoy being part of a vibrant community that allows me to connect with other ethical hackers, learn new techniques, and receive constructive feedback on my work. The platform's communication handling between researchers and companies is impressive, maintaining an organized environment with clear submission timelines and reliable payouts. I appreciate the transparency in rules and scopes for each program, so I am always aware of what I can test. The platform makes the entire process convenient, from submitting bugs to tracking rewards, allowing me to focus on hacking and skill development. I also love the variety of available programs covering web apps, APIs, mobile apps, and IoT devices, which keeps the work interesting. The additional motivation from rewards encourages me to dig deeper, while the sense of community and the feedback I receive help me refine my skills. Finally, the initial setup process was super easy, seamlessly fitting into my existing workflow with other security testing tools.
What do you dislike about the product?
I find the response time from some companies for triaging and reporting can be slow, especially in private programs. It often leaves me feeling in the dark while waiting for updates. Additionally, while Bugcrowd offers variety, not all programs are equally rewarding, and the payout rates can vary significantly. I have also encountered cases where bugs are marked as duplicates despite differences in details, leading to a need for more transparency and consistency.
What problems is the product solving and how is that benefiting you?
I use Bugcrowd to find and report security vulnerabilities, providing a platform for legal, ethical hacking with a rewarding system. It enhances my skills through feedback and collaboration, with diverse programs and clear guidelines, making the bug hunting process smoother and more professional.
Adinaresh C.
BugCrowd makes vulnerabilities management easy
Reviewed on Nov 19, 2025
Review provided by G2
What do you like best about the product?
I appreciate Bugcrowd because it provides a reliable platform for conducting security testing without requiring an in-house team of hackers. I value Bugcrowd's strong security testing community, which facilitates thorough examination of applications to uncover bugs and vulnerabilities before they become significant issues. The platform's ease of management is another aspect I find appealing. It makes communication smooth between researchers and my team, as Bugcrowd handles reports, triage, and payouts without causing any confusion. I also enjoy that the initial setup was straightforward and did not consume much of my time.
What do you dislike about the product?
NA
What problems is the product solving and how is that benefiting you?
I use Bugcrowd to test application security, find vulnerabilities early, and manage communications with researchers efficiently without an in-house team.
Abhijeet S.
Valuable Security Research Platform with Room for Improvement
Reviewed on Nov 18, 2025
Review provided by G2
What do you like best about the product?
I find Bugcrowd exceptionally helpful as it provides well-structured and legitimate security research opportunities, connecting me with programs that truly value detailed vulnerability reports. This platform offers clear program instructions, scope, and bounty structures which eliminate guesswork and allow me to focus on discovering real, in-scope vulnerabilities. The explicit bounty structures enable me to prioritize findings based on their impact, saving me time and enhancing my efficiency. Transitioning to Bugcrowd was easy and quick, simplifying the setup process and getting me started almost immediately. This streamlined setup and organized approach make Bugcrowd a highly efficient platform for my work. Additionally, compared to our previous platform, HackerOne, Bugcrowd is more cost-effective, offering substantial financial benefits.
What do you dislike about the product?
Sometimes, I find the triaging process to be slow and inconsistent across different programs. A faster, more uniform triage process would enhance the experience significantly. Additionally, I encountered a terrible experience in my last report submission where I needed to reach out to Bugcrowd's support team for mediation.
What problems is the product solving and how is that benefiting you?
Bugcrowd provides well-structured, legitimate security research opportunities and clear program instructions. It connects me with valued programs, reduces guesswork, and streamlines efforts with detailed bounty structures to prioritize findings, enhancing my efficiency.
Financial Services
Working with Bugcrowd since 2016
Reviewed on Aug 14, 2025
Review provided by G2
What do you like best about the product?
I’ve been on Bugcrowd since 2016, and it’s the only platform I actively hunt on. I’ve tried other platforms over the years, but Bugcrowd still feels the best in terms of usability, transparency, and fairness. The dashboard is simple to navigate, programs are clearly explained, and the triage team has always been professional and helpful. I also like how transparent they are with communication and how easy it is to keep track of submissions and payouts. It just feels like they’ve built it with both researchers and customers in mind.
What do you dislike about the product?
Overall, my experience has been very positive, but sometimes the triage process can take longer than I’d like, especially during busy program periods. Also, there are moments when I wish there was a more direct way to talk to program owners for quick clarifications. Reward processing has been smooth most of the time, but on rare occasions it can be delayed. None of these are dealbreakers, though — just areas where I think Bugcrowd could make an already great platform even better.
What problems is the product solving and how is that benefiting you?
Bugcrowd connects me with a wide range of real-world security programs from companies I’d never have direct access to otherwise. They take care of the legal, payment, and coordination side of things, so I can focus on hunting and improving my skills. The triage team filters reports and handles communication with program owners, which saves me time and avoids misunderstandings. Over the years, this has helped me grow as a researcher, stay motivated, and earn a steady stream of rewards while working on challenging and interesting targets.
Ankit S.
Review from 9 years of hunting on Bugcrowd
Reviewed on Aug 11, 2025
Review provided by G2
What do you like best about the product?
I've been hunting on Bugcrowd since a long time. And through all these years, the one quality I observed in the overall proceedings of Bugcrowd is about the sense of cooperation and supportive attitude that their team possess towards the crowd. Now whether it's about a support ticket or triage processes. "Cooperation" from the platform was one of the major reasons that even as a full time bug hunter, I invest a major part of my time bug hunting for the programs available on the "Bugcrowd".
What do you dislike about the product?
I dislike it when, even for a simple reported bug, the triage team places multiple blockers on researchers without fully reading the report or attempting the provided steps.
What problems is the product solving and how is that benefiting you?
Bugcrowd owns the expertise of a crowd which constitutes hundreds of thousands of skilled ethical hackers and cyber security researchers from all across the globe. This massive crowd is capable of uncovering the most unanticipated and never before seen security flaws (or bugs) in organizations critical assets which would otherwise never be possible to determine using the traditional pentests.