Sold by: Bugcrowd
Bugcrowd frees organizations with a low tolerance for risk from the limits of status quo cybersecurity, including chronic talent shortages, reliance on noisy tools that breed false positives, and hidden vulnerabilities. Our platform helps organizations continuously reduce risk, meet compliance goals, and build stronger resilience by activating the world's most skilled ethical hackers, pentesters, and AI/LLM experts as an elastic resource for proactive security and safety testing. By providing curated expertise as a service along with unique crowdsource insights about vulnerabilities and assets, Bugcrowd helps innovative security and engineering teams outpace threat actors.
Bugcrowd has 12+ years of experience and 100s of customers in every industry, including OpenAI, National Australia Bank, Indeed, USAA, Twilio, and the US Department of Homeland Security.
Overview
Our multi-solution platform delivers (in any combination):
Penetration Testing as a Service The Bugcrowd Platform's modern Pen Testing as a Service (PTaaS) suite delivers fast, high-impact results for both compliance and risk reduction. Launch pen tests against any target within days with a pentester team designed for your needs, view prioritized findings and progress 24/7 in a rich dashboard, and flow issues into your DevSec workflows for remediation. (Pricing for Standard Pen Tests is shown below; for customized testing, contact us about a Plus Pen Test.)
Managed Bug Bounty Bugcrowd's platform-powered Managed Bug Bounty brings the right security researchers (the Crowd) into your workflows at the right time to find hidden flaws in the attack surface. The Bugcrowd Platform augments the bug bounty value proposition with AI-driven tester sourcing, engineered triage, and data-driven insights derived from a decade of experience across 1000s of customer experiences. (Contact us for pricing.)
Managed VDPs A vulnerability disclosure program (VDP) sets the rules of engagement for the public to submit vulnerability reports about public-facing assets and then coordinates how they're handled internally. Running on the Bugcrowd Platform (and selected by CISA as the VDP solution of record for US Federal civilian agencies), our managed VDPs provide intake channels, validation and triage, researcher relations, integration with your SDLC, and reporting. (Pricing for Basic VDP plans is shown below; contact us if you need more scale.)
Pricing for Standard Pen Tests and Basic VDP plans are shown in Pricing Information below. For pricing of other products, questions, or private offers, please contact us at partners@bugcrowd.com .
Highlights
- AI-powered crowd activation: Our platform uses data and AI to source and activate the right hackers/pentesters for your needs across 100s of dimensions, augmenting your team to continuously discover hidden critical vulnerabilities before attackers can exploit them
- Engineered triage: The Bugcrowd Platform treats triage as a core competency, rapidly removing noise and adding context for prioritization -- handling critical vulnerabilities within a single day, even during global incidents
- Rich analytics, reports, and recommendations: We've collected millions of data points about vulnerabilities, assets, and hacker skill set over a decade of experience to develop a deep Security Knowledge Graph that drives analytics, insights, recommendations, and AI models for continuous improvement
Details
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Dimension | Description | Cost/12 months |
|---|---|---|
VDP Basic 15 | Managed vulnerability disclosure program covering first 15 submissions | $3,588.00 |
VDP Basic 75 | Managed vulnerability disclosure program covering first 75 submissions | $11,988.00 |
Standard Pen Test - Small | For 1 low-complexity webapp, 50 active IPs, or 45 API endpoints | $5,000.00 |
Standard Pen Test - Medium | For 1 medium-complexity webapp, 100 active IPs, or 75 API endpoints | $8,000.00 |
Standard Pen Test - Large | For 1 high-complexity webapp, 256 active IPs, or 150 API endpoints | $15,000.00 |
Standard Pen Test - Cloud Configuration | For 1 AWS, Azure, or Google Cloud Project | $5,000.00 |
Standard Pen Test - Mobile App (1 Platform) | For 1 application (Android or iOS) | $8,000.00 |
Standard Pen Test - Mobile App (2 Platforms) | For 1 application (Android and iOS) | $13,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Our support team operates 9AM-5PM PT, Monday-Friday. All requests for support should be sent through the Bugcrowd Support ticketing portal:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Ushahidi - Crowdsourcing Crisis Information by TurnKey GNU/Linux (HVM)
By TurnKey GNU/Linux
TurnKey Ushahidi helps save you time and money by providing a ready-to-run Ushahidi solution that is secure, supported and easy to maintain. The system auto-updates itself with security fixes and is built in a transparent 100% open source process free of hidden backdoors.
HackerOne Bounty
By HackerOne
Enterprises rely on Amazon Web Services (AWS) to deliver business-critical services to customers through a broadly distributed, stable platform that's trusted around the world. However, the cloud migration journey exposes digital assets to new categories of attacks that, if exploited, could cost millions and devalue your brand.
In a sea of automated and AI-powered security tools that miss critical vulnerabilities and produce a deluge of false positives, HackerOne Bounty connects your business to a legion of ethical hackers to outmatch cybercriminals with preemptive, and continuous security feedback. HackerOne’s diverse, global community of security experts provide the skills you need to find exploits specific to AWS applications by leveraging real-world attack patterns.
HackerOne Response
By HackerOne
Vulnerability Disclosure Programs tailored to your threat profile to create an open channel for third-parties to report potentially unknown and harmful vulnerabilities directly to your security team.
HackerOne Pentest
By HackerOne
As your organization's cloud footprint expands on AWS, you need to rely on up-to-date security coverage, regardless of how dynamic, distributed or abstracted your AWS environments become. Yet, pentesting is only effective if hard-to-identify vulnerabilities are discovered,
fixed, and validated before malicious attackers exploit them. To achieve meaningful security improvements, organizations need rapid, agile pentests that go beyond check-the-box compliance and eliminate the friction so common in traditional pentesting engagements.
Customer reviews
No customer reviews yet
Be the first to write a review for this product.