SlideShare ist ein Scribd-Unternehmen logo

Innovation Sandbox 2015: Bugcrowd

Casey Ellis
Casey Ellis

Bugcrowd’s Crowdcontrol management platform centralizes communication and submission triage between companies and security researchers around the world, letting them review, validate and reward researchers in a timely and organized fashion. Crowdcontrol streamlines the submissions in one place, and allows multiple analysts to easily mark and track statuses on its secure platform. https://www.rsaconference.com/industry-topics/video/innovation-sandbox-2015-bugcrowd

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
Casey Ellis Founder and CEO Bugcrowd
© 2015 RSA Conference. All rights reserved. The defender’s dilemma is real 2 • Hacked • Stolen credentials • Hacked • Vulnerable web app • Hacked • Vulnerable web app • Hacked • Leaked credentials • Hacked • 80M Stolen SS
© 2015 RSA Conference. All rights reserved. The Solution • Large tech created bug bounties to level the playing field. • Bugcrowd brings crowdsourced security to everyone else. 3 v1 v2
© 2015 RSA Conference. All rights reserved. Crowdcontrol Platform 4 • The Crowdcontrol platform delivers enterprise grade communication and control between your team and security researchers
© 2015 RSA Conference. All rights reserved. Does it work? “Bugcrowd’s testers dig deeper in their testing than any testing previously done (either vendor provided or internally performed). ” David Levin, Director of Information Security at Western Union 5
© 2015 RSA Conference. All rights reserved. Researcher Adoption 6 33,128 Valid Submissions 726 P3 or Higher Security Vulns 211 Unknown P1’s $506,215.02 Paid Out Top Payout: $10,000
© 2015 RSA Conference. All rights reserved. Enterprise Ready Bugcrowd 7 • One platform • 16,000 researchers • Three offeringsFlex Flex Continuous Traditional Crowdcontrol Platform
© 2015 RSA Conference. All rights reserved. Core Team 8 Casey Ellis Founder and CEO 15+ years in infosec Former CSO Scriptrock Chris Raethke Founder and CTO Sold Rightcrowd to SAP Former Army Engineer Jonathan Cran VP Operations Built Metasploit QA program Former CTO Pwnie Express Brooke Motta VP Sales Took Rapid7 from $0 to $50M ARR Chris Tilton VP Marketing 17+ years in Infosec Previously: WhiteHat, Veracode, SPI Dynamics
© 2015 RSA Conference. All rights reserved. These brands (and others) trust Bugcrowd
© 2015 RSA Conference. All rights reserved. Questions? @caseyjohnellis https://bugcrowd.com casey@bugcrowd.com 10

Empfohlen

Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionHack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionCasey Ellis
 
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”Casey Ellis
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
 
Bug bounty or beg bounty?
Bug bounty or beg bounty?Bug bounty or beg bounty?
Bug bounty or beg bounty?Casey Ellis
 
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceCasey Ellis
 
Corncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCorncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCasey Ellis
 
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...Casey Ellis
 
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMECasey Ellis
 

Empfohlen

Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionHack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionCasey Ellis
 
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”Casey Ellis
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
 
Bug bounty or beg bounty?
Bug bounty or beg bounty?Bug bounty or beg bounty?
Bug bounty or beg bounty?Casey Ellis
 
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceCasey Ellis
 
Corncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCorncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCasey Ellis
 
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...Casey Ellis
 
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMECasey Ellis
 
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...Casey Ellis
 
TechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupTechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupCasey Ellis
 
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelGRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelCasey Ellis
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5Casey Ellis
 
KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?Casey Ellis
 
Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsWebinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsCasey Ellis
 
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...Casey Ellis
 
AppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting SeasonAppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting SeasonCasey Ellis
 
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESCasey Ellis
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing BugcrowdCasey Ellis
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesAusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesCasey Ellis
 
Enigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and BreakersEnigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and BreakersCasey Ellis
 
Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...Casey Ellis
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Weitere ähnliche Inhalte

Mehr von Casey Ellis

KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...Casey Ellis
 
TechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupTechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupCasey Ellis
 
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelGRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelCasey Ellis
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5Casey Ellis
 
KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?Casey Ellis
 
Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsWebinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsCasey Ellis
 
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...Casey Ellis
 
AppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting SeasonAppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting SeasonCasey Ellis
 
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESCasey Ellis
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing BugcrowdCasey Ellis
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesAusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesCasey Ellis
 
Enigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and BreakersEnigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and BreakersCasey Ellis
 
Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...Casey Ellis
 

Mehr von Casey Ellis (16)

KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
 
TechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupTechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startup
 
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelGRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5
 
KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?
 
Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsWebinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po edits
 
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
 
AppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting SeasonAppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting Season
 
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing Bugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesAusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
 
Enigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and BreakersEnigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and Breakers
 
Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...
 

Kürzlich hochgeladen

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Kürzlich hochgeladen (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Innovation Sandbox 2015: Bugcrowd

  • 1. Casey Ellis Founder and CEO Bugcrowd
  • 2. © 2015 RSA Conference. All rights reserved. The defender’s dilemma is real 2 • Hacked • Stolen credentials • Hacked • Vulnerable web app • Hacked • Vulnerable web app • Hacked • Leaked credentials • Hacked • 80M Stolen SS
  • 3. © 2015 RSA Conference. All rights reserved. The Solution • Large tech created bug bounties to level the playing field. • Bugcrowd brings crowdsourced security to everyone else. 3 v1 v2
  • 4. © 2015 RSA Conference. All rights reserved. Crowdcontrol Platform 4 • The Crowdcontrol platform delivers enterprise grade communication and control between your team and security researchers
  • 5. © 2015 RSA Conference. All rights reserved. Does it work? “Bugcrowd’s testers dig deeper in their testing than any testing previously done (either vendor provided or internally performed). ” David Levin, Director of Information Security at Western Union 5
  • 6. © 2015 RSA Conference. All rights reserved. Researcher Adoption 6 33,128 Valid Submissions 726 P3 or Higher Security Vulns 211 Unknown P1’s $506,215.02 Paid Out Top Payout: $10,000
  • 7. © 2015 RSA Conference. All rights reserved. Enterprise Ready Bugcrowd 7 • One platform • 16,000 researchers • Three offeringsFlex Flex Continuous Traditional Crowdcontrol Platform
  • 8. © 2015 RSA Conference. All rights reserved. Core Team 8 Casey Ellis Founder and CEO 15+ years in infosec Former CSO Scriptrock Chris Raethke Founder and CTO Sold Rightcrowd to SAP Former Army Engineer Jonathan Cran VP Operations Built Metasploit QA program Former CTO Pwnie Express Brooke Motta VP Sales Took Rapid7 from $0 to $50M ARR Chris Tilton VP Marketing 17+ years in Infosec Previously: WhiteHat, Veracode, SPI Dynamics
  • 9. © 2015 RSA Conference. All rights reserved. These brands (and others) trust Bugcrowd
  • 10. © 2015 RSA Conference. All rights reserved. Questions? @caseyjohnellis https://bugcrowd.com casey@bugcrowd.com 10