Listing Thumbnail

    Crowdsourced Security Platform for Pen Testing, Bug Bounty, and More

     Info
    Sold by: Bugcrowd 
    Deployed on AWS
    Bugcrowd frees organizations with a low tolerance for risk from the limits of status quo cybersecurity, including chronic talent shortages, reliance on noisy tools that breed false positives, and hidden vulnerabilities. Our platform helps organizations continuously reduce risk, meet compliance goals, and build stronger resilience by activating the world's most skilled ethical hackers, pentesters, and AI/LLM experts as an elastic resource for proactive security and safety testing. By providing curated expertise as a service along with unique crowdsource insights about vulnerabilities and assets, Bugcrowd helps innovative security and engineering teams outpace threat actors. Bugcrowd has 12+ years of experience and 100s of customers in every industry, including OpenAI, National Australia Bank, Indeed, USAA, Twilio, and the US Department of Homeland Security.

    Overview

    Our multi-solution platform delivers (in any combination):

    Penetration Testing as a Service The Bugcrowd Platform's modern Pen Testing as a Service (PTaaS) suite delivers fast, high-impact results for both compliance and risk reduction. Launch pen tests against any target within days with a pentester team designed for your needs, view prioritized findings and progress 24/7 in a rich dashboard, and flow issues into your DevSec workflows for remediation. (Pricing for Standard Pen Tests is shown below; for customized testing, contact us about a Plus Pen Test.)

    Managed Bug Bounty Bugcrowd's platform-powered Managed Bug Bounty brings the right security researchers (the Crowd) into your workflows at the right time to find hidden flaws in the attack surface. The Bugcrowd Platform augments the bug bounty value proposition with AI-driven tester sourcing, engineered triage, and data-driven insights derived from a decade of experience across 1000s of customer experiences. (Contact us for pricing.)

    Managed VDPs A vulnerability disclosure program (VDP) sets the rules of engagement for the public to submit vulnerability reports about public-facing assets and then coordinates how they're handled internally. Running on the Bugcrowd Platform (and selected by CISA as the VDP solution of record for US Federal civilian agencies), our managed VDPs provide intake channels, validation and triage, researcher relations, integration with your SDLC, and reporting. (Pricing for Basic VDP plans is shown below; contact us if you need more scale.)

    Pricing for Standard Pen Tests and Basic VDP plans are shown in Pricing Information below. For pricing of other products, questions, or private offers, please contact us at partners@bugcrowd.com .

    Highlights

    • AI-powered crowd activation: Our platform uses data and AI to source and activate the right hackers/pentesters for your needs across 100s of dimensions, augmenting your team to continuously discover hidden critical vulnerabilities before attackers can exploit them
    • Engineered triage: The Bugcrowd Platform treats triage as a core competency, rapidly removing noise and adding context for prioritization -- handling critical vulnerabilities within a single day, even during global incidents
    • Rich analytics, reports, and recommendations: We've collected millions of data points about vulnerabilities, assets, and hacker skill set over a decade of experience to develop a deep Security Knowledge Graph that drives analytics, insights, recommendations, and AI models for continuous improvement

    Details

    Delivery method

    Deployed on AWS

    Unlock automation with AI agent solutions

    Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
    AI Agents

    Features and programs

    Trust Center

    Trust Center
    Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Crowdsourced Security Platform for Pen Testing, Bug Bounty, and More

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (8)

     Info
    Dimension
    Description
    Cost/12 months
    VDP Basic 15
    Managed vulnerability disclosure program covering first 15 submissions
    $3,588.00
    VDP Basic 75
    Managed vulnerability disclosure program covering first 75 submissions
    $11,988.00
    Standard Pen Test - Small
    For 1 low-complexity webapp, 50 active IPs, or 45 API endpoints
    $5,000.00
    Standard Pen Test - Medium
    For 1 medium-complexity webapp, 100 active IPs, or 75 API endpoints
    $8,000.00
    Standard Pen Test - Large
    For 1 high-complexity webapp, 256 active IPs, or 150 API endpoints
    $15,000.00
    Standard Pen Test - Cloud Configuration
    For 1 AWS, Azure, or Google Cloud Project
    $5,000.00
    Standard Pen Test - Mobile App (1 Platform)
    For 1 application (Android or iOS)
    $8,000.00
    Standard Pen Test - Mobile App (2 Platforms)
    For 1 application (Android and iOS)
    $13,000.00

    Vendor refund policy

    All fees are non-cancellable and non-refundable except as required by law.

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Our support team operates 9AM-5PM PT, Monday-Friday. All requests for support should be sent through the Bugcrowd Support ticketing portal:

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    50 external reviews
    Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
    Ankit S.

    Review from 9 years of hunting on Bugcrowd

    Reviewed on Aug 11, 2025
    Review provided by G2
    What do you like best about the product?
    I've been hunting on Bugcrowd since a long time. And through all these years, the one quality I observed in the overall proceedings of Bugcrowd is about the sense of cooperation and supportive attitude that their team possess towards the crowd. Now whether it's about a support ticket or triage processes. "Cooperation" from the platform was one of the major reasons that even as a full time bug hunter, I invest a major part of my time bug hunting for the programs available on the "Bugcrowd".
    What do you dislike about the product?
    I dislike it when, even for a simple reported bug, the triage team places multiple blockers on researchers without fully reading the report or attempting the provided steps.
    What problems is the product solving and how is that benefiting you?
    Bugcrowd owns the expertise of a crowd which constitutes hundreds of thousands of skilled ethical hackers and cyber security researchers from all across the globe. This massive crowd is capable of uncovering the most unanticipated and never before seen security flaws (or bugs) in organizations critical assets which would otherwise never be possible to determine using the traditional pentests.
    Computer & Network Security

    The Most Trustworthy and Rewarding Bug Bounty Platform for me Since 2016

    Reviewed on Aug 01, 2025
    Review provided by G2
    What do you like best about the product?
    Bugcrowd has been the backbone of my professional journey in cybersecurity since 2016. What I appreciate most is the platform’s consistency, transparency, and strong ethical foundation. It provides a wide range of programs—from public to private—with clear scopes and structured communication. The triage team is responsive, and the support staff is genuinely helpful. Bugcrowd also stands out because it values and respects researchers—not just with monetary rewards but through recognition, community engagement, and long-term relationships. It’s more than just a platform; it’s a community I’m proud to be a part of.
    it has the most easy and understandable UI interface, so that user uses it so frequently that never goes out of the goal.
    your integration with support system on freshdesk is tremendous and now it is easy to track support tickets.
    What do you dislike about the product?
    There are occasional delays in report responses and bounty payments, especially when waiting on program owners. While this is understandable, it can sometimes be frustrating—particularly for time-sensitive research. I’d also love to see more transparency around program activity (e.g., how actively they're reviewing reports) to help researchers better allocate their time.
    What problems is the product solving and how is that benefiting you?
    Bugcrowd bridges the gap between ethical hackers and organizations by providing a secure, structured, and legal way to disclose vulnerabilities. It eliminates the uncertainty that often comes with independent disclosure, giving researchers like me confidence that our findings will be respected and rewarded. For me personally, it has provided a stable source of income, continuous learning opportunities, and direct access to real-world security challenges across industries. Bugcrowd has also helped me build my reputation in the security community through leaderboard rankings, badges, and recognition. It’s not just a platform—it's a career path.
    Computer Software

    Amazing platform

    Reviewed on Jul 30, 2025
    Review provided by G2
    What do you like best about the product?
    TPM, colleagues, support
    Imagine what you want in view of support and you get it here
    What do you dislike about the product?
    Nothing is there which can be called as dislike
    What problems is the product solving and how is that benefiting you?
    As a product security engineer i don’t get much time to look into todays hack world, bugcrwod provides me with the clients who want applications to be tested and this is what make me feel back in the game
    Abdelrhman A.

    Bugcrowd Helps Me as a Full-Time Hunter

    Reviewed on Jul 30, 2025
    Review provided by G2
    What do you like best about the product?
    The triage quality is solid, response times are fair, and the platform doesn’t get in my way when I’m focused on practical impact. I also like that programs are often more receptive to critical exploit chains, not just single-issue bugs.
    What do you dislike about the product?
    Lack of asset clarity in some programs wastes time. I also wish analytics and submission filtering had more depth to support hunters who operate at scale.
    What problems is the product solving and how is that benefiting you?
    Bugcrowd bridges the gap between skilled hunters and companies with real attack surfaces. It gives me legal, structured access to targets I’d never get otherwise, and that turns raw exploit chains into paid outcomes.
    Kheman G.

    Review for G2 bugcrowd

    Reviewed on Aug 23, 2024
    Review provided by G2
    What do you like best about the product?
    It's it security architecture that I have studied especially the big bounty program
    What do you dislike about the product?
    They can have more such incentives and add more bounties that can help people and companies grow
    What problems is the product solving and how is that benefiting you?
    It can help me in catching bugs
    View all reviews