Bugcrowd launches CASPT solution to enhance security insights

Bugcrowd has announced the introduction of its Continuous Attack Surface Penetration Testing (CASPT) solution on the Bugcrowd Platform, aimed at providing customers with a proactive approach to security. The CASPT solution is designed to help organisations achieve continuous compliance and reduce their exposure to external risks.

The CASPT solution addresses the security needs of organisations with dynamic attack surfaces, typically those that conduct penetration testing only once or twice annually, thereby leaving assets vulnerable to new threats. With CASPT, users can conduct an initial baseline test and subsequently share updates on new and modified assets or threats with a specialised team for immediate testing.

Industry data shows that less than 10% of organisations have comprehensive visibility of their evolving attack surfaces, whereas nearly 70% have faced compromises due to unknown or poorly managed assets. This suggests that attackers often have better insights into an organisation's attack surface than its own defenders. To mitigate this risk, it is essential for organisations to gain a continuous understanding of their digital assets in flux before malicious actors can exploit them.

The CASPT solution is underpinned by Bugcrowd's recent acquisition of Informer, a provider of external attack surface management (EASM) and continuous penetration testing services. This integration merges detailed asset data obtained through EASM with extensive vulnerability information that Bugcrowd has accumulated over the past twelve years, thereby delivering enhanced value to both customers and hackers on the platform.

Customers using Bugcrowd's managed bug bounty programmes will now be able to manually or dynamically update their scope to incorporate new and updated assets. Furthermore, they can initiate new penetration tests or bug bounty engagements for specific assets directly from their EASM dashboards.

"Our long-term vision for our platform is to continuously give customers proactive, data-driven insights and recommendations so that they have eyes on their attack surface better than their adversaries do," stated Dave Gerry, Chief Executive Officer of Bugcrowd. "At the same time, our goal is to help the brilliant hackers on our platform acquire more skills and earn more rewards by matching them with engagements that precisely reflect their interests and experience. Our ability to bring rich EASM data into the Bugcrowd platform is an important milestone in this journey and we're excited for what's to come."

Bugcrowd offers a unified platform for EASM, EASM-enriched penetration testing, and EASM-enriched crowdsourced testing. While standalone EASM providers, crowdsourcing providers, and traditional penetration test providers offer parts of the solution, Bugcrowd provides a comprehensive approach.

"Attack surfaces are not static—they are constantly expanding and shifting due to shadow IT, cloud adoption, multinational organisations, and mergers and acquisitions, making the manual tracking of digital assets an ongoing challenge," said Julian Brownlow Davies, Vice President of Advanced Services at Bugcrowd.

"Continuous Attack Surface Pen Testing provides customers with a uniquely high level of assurance that both compliance and risk reduction goals are being met, continuously. Our mission is to be a trusted partner providing proactive, data-driven insights that will arm them with what they need to defend their organisations."