Crowdsourced security company Bugcrowd has released its Continuous Attack Surface Penetration Testing (CASPT) solution on the Bugcrowd Platform. The company says CASPT provides customers with a proactive security approach to continuously meet compliance goals and reduce their external risk asset exposure.
Continuous Attack Surface Penetration Testing is designed for customers with an evolving attack surface but only do pentesting once or twice a year, leaving assets in motion and at risk for new threat exposure, while being unprepared to address it immediately.
Fewer than 10% of organisations have full visibility into their evolving attack surface, yet nearly 70% have been compromised through an unknown or poorly managed asset, which suggests that adversaries know more about their attack surface than its defenders do. Organisations need to understand ongoing risk across all digital assets in motion before attackers can exploit them.
With CASPT, users can run a baseline test and then share incremental changes about new and updated assets or threats with a curated team for testing as soon as changes are detected.
CASPT is enabled by Bugcrowd’s recent acquisition of Informer. This integration combines detailed asset data acquired through external attack surface management (EASM) with the massive amount of vulnerability information Bugcrowd has processed in the past twelve years to create new and unique value for customers and hackers on the platform.
Bugcrowd customers with managed bug bounty engagements will gain the ability to manually or dynamically update scope to account for new and updated assets. They can also kick off a new pentest or bug bounty engagement for specific assets directly from their EASM dashboards.
“Our long-term vision for our platform is to continuously give customers proactive, data-driven insights and recommendations so that they have eyes on their attack surface better than their adversaries do,” said Bugcrowd CEO Dave Gerry. “At the same time, our goal is to help the brilliant hackers on our platform acquire more skills and earn more rewards by matching them with engagements that precisely reflect their interests and experience. Our ability to bring rich EASM data into the Bugcrowd platform is an important milestone in this journey and we’re excited for what’s to come.”
“Attack surfaces are not static,” added Bugcrowd’s Vice President of Advanced Services Julian Brownlow Davies. “They are constantly expanding and shifting due to shadow IT, cloud adoption, multinational organisations, and M&A, making the manual tracking of digital assets an ongoing challenge. Continuous attack surface pen testing provides customers with a uniquely high level of assurance that both compliance and risk reduction goals are being met, continuously.”