Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
51 reviews
from
External reviews are not included in the AWS star rating for the product.
On Demand Programs - Hit or Miss
What do you like best about the product?
Having a lot of different security researchers working on performing penetration tests on your website is helpful. A lot of different minds working on different things helps get a broader scope in a shorter amount of time. Pricing is reasonable and straight forward. The program moderators help with validating found vulnerabilities and communicating with the researchers.
What do you dislike about the product?
The moderator that is assigned to your project make be all the difference between a good and bad on demand program. One program can result in a lot of results, and the next can be very few.
What problems is the product solving and how is that benefiting you?
Traditional Penetration Testing can be very expensive. Crowd sourcing the testing is much more efficient, we have seen better results in the long run, and has cost us a fraction of the cost.
Recommendations to others considering the product:
Before jumping into a program, make sure that you have a good moderator who is going to help find good researchers. Just having a lot of researchers/invites to your program doesn't mean that you are going to have quality researchers. If you have experience with certain researchers in the past doing a good job, or a bad job, make sure you let your moderator know so they can make a specific invite or to not invite, respectively.
Bugcrowd protects you from all kind of security threats
What do you like best about the product?
It's price affordable in price and it's awesome user interface
What do you dislike about the product?
every thing looks perfect for our needs..
What problems is the product solving and how is that benefiting you?
nope not yet, we have not found any major issues.
Recommendations to others considering the product:
It's is an awesome tool makes development tracks and authentication
This is so innovative!
What do you like best about the product?
The fact that it isn't a one size fits all platform. When you crowdsource your cybersecurity, there are new sets of eyes available all the time.
What do you dislike about the product?
The platform can be a bit overwhelming at times. There is so much to look at and understand - just the basic premise took us a while to understand.
What problems is the product solving and how is that benefiting you?
Keeping everything safe and secure for a smaller company.
Recommendations to others considering the product:
It is a bit overwhelming at first but it clicks all of a sudden on how they are disrupting the cyber industry to really make it work.
Great app for contact
What do you like best about the product?
Continuous coverage surfaces more critical vulnerabilities
Automated workflows and remediation advice empower DevOps
Advanced analytics connect the right security skills to every project
Automated workflows and remediation advice empower DevOps
Advanced analytics connect the right security skills to every project
What do you dislike about the product?
No dislike but they are providing less feature
What problems is the product solving and how is that benefiting you?
Fixxing Webapp bugs and enhancing security
Recommendations to others considering the product:
Great app in using the bugcrowd
Indifferent
What do you like best about the product?
BugCrowd has managed to find a few issues that have managed to slip by me. The issues that were found though happened to be low priority. Good news.
What do you dislike about the product?
I don't really have a strong negative opinion, other than it can be somewhat expensive. I can say though that it was a little tricky with handing over information to ethical hackers whom I did not know or trust. I also realize bugcrowd's services are a little mediocre and are really great at assuring you that you at least have some sort of bug bounty program; quality of service is a little questionable though.
What problems is the product solving and how is that benefiting you?
Bug bounty programs are assiduous at demonstrating attentiveness beyond standard analysis and penetration.
Recommendations to others considering the product:
To those considering bugcrowd, I would say that you're headed in the right direction. From a personal standpoint, I've had nothing but a positive experience from bugcrowd. Bugcrowd really does bring peace of mind to you knowing that you're being proactive to protect your IP. Overall, bugcrowd does a fantastic job. I'd say the only real downside is the price tag.
Extremely disappointed with with Support and Ops Management.
What do you like best about the product?
Over the 5 months I have been using their program I did not see material results until month 4. In that month they were all very low priority bugs, some worth fixing, some not.
What do you dislike about the product?
At the end of Q2 2018 I contacted a sales rep at Bugcrowd to see if they were able to do a price cut to hit sales numbers. They obliged and gave me a great deal. The handoff to the Solutions Architect was smooth but soon after working with him I started to see the problems. I had very explicit scope I did not want tested. This scope was immediately ignored by the solutions architect and every single person I dealt with after. The scope was very explicit not to make new accounts, but to use the ones created for them. Multiple internal Bugcrowd employees ignored my request, and then followed by multiple researchers who had this scope explicit in their req. I let them know every time they didn’t follow this process, informing them it is not acceptable as they were entering our sales channels. I informed them if it continued to happen, that the benefit of using Bugcrowd would be outweighed by the negatives of researchers not following this outlined process. I then informed Bugcrowd if it continued to happen I will request a refund. The issue continued so I requested a pro-rated refund. I was denied and then was asked if I could do something on my end to prevent their process of not following directions. I informed Bugcrowd to pause the program because it doesn’t make sense for me to hardcode around their email addresses for their own lack of control and that the Bugcrowd platform from now moving forward has no use to me.
I do not recommend their products if you want anything more than a rubber stamp of having a ‘bug bounty program.’
I do not recommend their products if you want anything more than a rubber stamp of having a ‘bug bounty program.’
What problems is the product solving and how is that benefiting you?
I wanted to use Bugcrowd for security testing. Was very disappointed when I had to cancel the program for their lack of following directions and inability to control their own researchers.
Recommendations to others considering the product:
Wait until the end of a quarter to negotiate if you are dead-set on using them.
Manage your connection with the best security researchers in the world
What do you like best about the product?
Bugcrowd helps you improve your security posture by linking you with some of the best security researchers in the world. There are so many unknowns about running a bug bounty program and the relationships with researchers that BugCrowd help you become familiar with and guide you into getting the best results out of your company. While anyone can run a bug bounty program on their own, the BugCrowd team is where the value comes from and their help is invaluable.
What do you dislike about the product?
The program can be expensive. But as long as you have your processes in place and internal teams on board to deliver valuable content to the program, you will make your monies worth.
What problems is the product solving and how is that benefiting you?
Bugcrowd allows us to get more eyes and better coverage over our systems from a security view.
The Right Choice
What do you like best about the product?
The best part of my many positive experiences with Bugcrowd has been with the triage team. Based on their diligence with confirming, duplicating researcher findings, working with those researchers and finally working with us has built trust to the point that I can take and work from Bugcrowd's reports at face value. I 100% trust that the triage team is working to our benefit and challenging researchers when things that are found don't quite add up.
What do you dislike about the product?
Not so much a dislike but my initial thought in working with Bugcrowd was from the standpoint of reservation. I was worried about handing over our web applications for the purpose of intentionally trying to exploit flaws and the fear of the unknown for what could happen with ethical hackers that we neither knew nor trusted. Those concerns were put to rest within days of the team reaching out to us and through scheduled status/progress meetings. Bugcrowd "invites" researchers they trust and because I have grown to trust Bugcrowd I trust their researchers by extension.
What problems is the product solving and how is that benefiting you?
Our goals are two fold, 1) Protect our customer's information and 2) not be in a position that we ever have to explain to the public or our board of directors why we didn't do everything we possibly could to complete the first goal.
Recommendations to others considering the product:
Our experience has been very positive with the Bugcrowd platform, team and campaigns we engaged them for. Best case is their team of researchers find little to nothing wrong with what they're testing and you get the peace of mind knowing you've done what you could to protect your IP. Worst case is you get to see exactly right down to the smallest detail what you can do better to achieve that peace of mind. Bugcrowd provides a service that I am proud to report statuses back to our leadership team with.
Great program for due dilligence above and beyond standard testing
What do you like best about the product?
BugCrowd has found multiple serious issues that have managed to slip by our scanning and procedure based testing. The CrowdControl portal makes it easy to manage programs for a large number of applications like we have given our extensive online presence.
What do you dislike about the product?
It can be difficult to setup a large number of accounts for testing - not sure that's specific to BugCrowd but it is a difficulty of running Bug Bounties whether they be long or short. There have also been elements of the Bug Crowd portal that haven't worked well but have been addressed over the course of this year.
What problems is the product solving and how is that benefiting you?
Bug Bounty programs are used to demonstrate due diligence above and beyond standard static analysis, open source scanning, dynamic scanning and penetration testing.
Crowdsource your security vulnerabilities
What do you like best about the product?
Bugcrowd allows you to tap the expertise of many professionals to root out vulnerabilities in your work. I find this invaluable, as having developers security check their own code is prone to error. I find it to be a great way to discover problems rapidly and allow my teams to work on what they're good at.
What do you dislike about the product?
While highly effective, the service can be expensive, especially for small, internally-facing code. For a higher level project, it's worth it, though.
What problems is the product solving and how is that benefiting you?
Save time trying to discover security vulnerabilities with the in-house team. More effective discovery.
showing 41 - 50