Name: The State of Vulnerability Discovery — How Bug Bounties Are Making a Difference
Start: 2016-10-22T02:15:00Z
End: 2016-10-22T03:17:32.000Z
Location: BrightTALK
Rating: 0

Bugcrowd is the force multiplier in cybersecurity, providing access to a global network of ethical hackers who help organizations maximize the impact of their security defenses. Top Fortune 500 organizations trust Bugcrowd to manage their Penetration Test, Bug Bounty, Vulnerability Disclosure, and Attack Surface Management programs. Bugcrowd helps organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place.

Organizations are moving workloads to the cloud to improve efficiency and competitive advantage. Yet, as new cloud apps and services emerge, unprotected attack surfaces expand.

The real dilemma: it’s getting harder to find the right cloud security expertise to ensure users and data are protected across multi-cloud environments.

This new webinar helps you take this daunting challenge head on. It details key insights on a modern security platform approach that harnesses crowdsourced security expertise to help you protect your cloud before attacks happen.

Attend and learn how to:

1. Leverage smart crowdsourcing and solve your cloud security skills gap
2. Meet aggressive cloud code deadlines without creating vulnerabilities
3. Manage fewer security vendors while increasing cloud risk reduction
4. Utilize a platform-driven crowd security solution to prevent cloud attacks

Scaling Cloud Security Using a Multi-solution Crowdsourced Security Platform

Social engineering is now one of the most common attack vectors in cybersecurity, with everyone from individuals to multinational corporations being targets. Without proper awareness and practices, even the most seemingly minor divulsion of information can lead to a catastrophic exploit by a skilled attacker.

In our latest Crowd Café webinar episode, Casey Ellis, Bugcrowd’s Chairman, Founder and CTO, was joined by Rachel Tobac, Co-founder and CEO of SocialProof Security, and an expert practitioner in social engineering hacks and how to prevent them.

During the webinar, Casey and Rachel discussed:

- How digital transformation has raised the stakes for social engineering risk
- What organizations can and should do to protect their customers and employees
- Rachel’s real life hacking stories from the field

There was also an open “Ask Me Anything” (AMA) session at the conclusion of the webinar.

Crowd Café: Social Engineering AMA with Rachel Tobac

Dramatic cultural shifts are taking place within the government. With the growing development of connected systems and a shortage of skills and time to protect them, this webinar explores how the government is connecting with security researchers all around the world to help secure those critical systems.

In this joint Carahsoft and Bugcrowd webinar, you’ll hear Justin Beachler, Bugcrowd’s Director, Trust and Security, discuss:

✓ How the changing landscape of remote work is affecting how we approach security
✓ The benefits of specializations beyond the walls of government
✓ How we level the playing field in terms of attackers and defenders
✓ How to secure your critical systems

Bugcrowd, How the Government is Partnering with an Ethical Army

Crowdsourced security has its roots in the bug bounty movement, which emerged years ago. Since then, it's become much more versatile, enhancing numerous security workflows (pen testing, ASM, etc.), and for many adopters, joining the mainstream development lifecycle.

In this webinar, you'll learn:

- About integrating crowdsourcing with your existing dev and security processes
- Modern use cases for crowdsourced security that go beyond bug bounty
- The difference between generalist crowds and curated crowds
- How it contributes to continuous, shift-left security

DBT Crowdsourced Security and DevOps: A Few Things You Probably Didn't Know

Use cases for crowdsourcing have multiplied since the bug bounty was invented years ago, enhancing everything from pen testing to asset risk analysis. But with these additional opportunities, as well as a huge expansion in the complexity of attack surfaces, it’s now critical to have access to the right trusted experts, for the right problems, at the right times.

In this episode in our “Meet the Experts” series, Bugcrowd’s Director of Product Management, Farzad Eskafi, will explain:

- The differences between generalist and precisely curated crowds
- How Bugcrowd thinks about crowd matching and activation, and how they’re implemented in the platform
- Why precisely curated crowds lead to better findings and results

Meet the Experts: Activating the Right Crowd at the Right Time

SANS and Bugcrowd recently partnered up for a webinar which explored the versatility of crowdsourced security and the bug bounty movement.

During the webinar SANS Certified Instructor and Author, Jorge Orchilles, and Bugcrowd’s Manager of Solutions Architecture, Kevin Hemmingsen, discussed:

- Modern use cases for crowdsourced security that go beyond bug bounty
- The difference between generalist crowds and curated crowds
- How crowdsourced security contributes to continuous, shift-left security
- How to think about integrating crowdsourcing with your existing dev and security processes

Crowdsourced Security and DevOps: A Few Things You Probably Didn't Know

In this Infosecurity webinar sponsored by Bugcrowd, an expert panel, including Bugcrowd’s Chairman, Founder and CTO Casey Ellis, discuss the need for security teams to prioritize the most important areas of their organizations. Security teams should also seek outside help, leveraging the skills of crowdsourced white hat hackers, to identify the new vulnerabilities across their networks.

The expert panel also discusses:

-The evolving threat landscape and expected trends for 2022
-The importance of adopting a risk-based approach
-The growth of crowdsourced security and how it works

Evolving your security strategy to challenges of 2022

Lessons have been learned from the Log4Shell vulnerability. But what is next? Another vulnerability discovery, rushing to understand it and trying to remediate it. With digital transformation showing no signs of slowing in 2022, organizations need to evolve their security practices along with the current landscape. Static vulnerability scanning, traditional penetration testing are not effective. Platform-powered crowdsourcing, where the crowd and the platform are foundational, is the approach organizations need to take when it comes to security maturity.

Hear from Bugcrowd’s Justin Beachler, Dir. of Trust & Security at Bugcrowd, as he is on the front lines helping organizations evolve their security strategy by adopting a platform-powered crowdsourcing approach to navigate through the uncharted waters of crowdsourced security.

Navigating the Uncharted Waters of Crowdsourced Security

The recently discovered Log4j vulnerability (“The vuln that stole Christmas”) was a massive wake-up call. Now that we have the benefit of security researcher report data compiled over the last few months, we can draw some conclusions about what happened and why. 
In this keynote session, you’ll learn:

-What those reports tell us about how the incident unfolded
-Why this incident constitutes a new class of vulnerability, and why that matters
-Whether we should think about open source software vulnerability management differently now

What We Learned From The Log4j Vuln

Penetration testing as you know it is broken: It’s too slow, limited, cumbersome, and noisy. The result? Poor results, including late or incomplete reports and missed vulnerabilities, and lackluster ROI.
 
Attend this “Meet the Experts” webinar on Thursday, Feb. 17, to hear from Bugcrowd's Director of Product, Kaushik Srinivas explain Bugcrowd’s vision for modern, platform-powered Penetration Testing as a Service. Among other things, you will learn how the Bugcrowd Security Knowledge Platform helps customers quickly launch efficient, effective, and agile pen tests for web apps & APIs, cloud services, networking, mobile, and IoT. Topics will include:
 
-The unique benefits of the crowdsourcing model for penetration testing
-Why and how Bugcrowd’s platform-powered approach modernizes the penetration testing experience
-New Bugcrowd PTaaS capabilities, functionality, and high-level roadmap

Meet the Experts: Re-defining Penetration Testing at Bugcrowd

The most glamourized aspect of cybersecurity is detection and response as software and security professionals chase after attackers in their environments. However, one could argue that a strong cybersecurity posture thwarts all but the most nefarious actors. In that vein, important preventative measures include device and application vulnerability management, penetration testing (or pentests), and a bug bounty program that offers rewards to the ethical hacker community to find vulnerabilities.

Join us for this audio webcast, titled “The Business Value of Crowd-Sourced Security Solutions” brought to you by Bugcrowd and IDC.

The Business Value of Crowd-Sourced Security Solutions

Accenture recently found that a large majority of business leaders (81%) believe that the cost of staying ahead of cybersecurity attackers is “unsustainable”. This perception of a losing battle continued to fuel an interest in more innovative and proactive approaches to cybersecurity, like that of Bugcrowd, in 2021.

Our new Priority One Report focuses on vulnerability trends as reflected by growing security researcher activity on our platform last year. Tune into this webinar featuring Bugcrowd Founder, Chairman, and CTO Casey Ellis to learn:

-What were the top vulnerability types in 2021?
-Which industries led the way to increase investment in crowdsourced cybersecurity?
-How did vulnerability severity levels change?
-What were the industry and policy trends that will influence adoption in 2022 and beyond?

The Top Software Vulnerabilities of 2021

We are excited to invite you to Bugcrowd’s Crowd Cafe webinar series featuring key experts discussing critical and timely cybersecurity topics. 

Join us for the episode on January 13th with Bugcrowd's Chairman, Founder and CTO Casey Ellis. He will be discussing his perspective and predictions on cybersecurity for this year. Will cybercriminals or nation-states be the bigger threat? What parts of an organization’s attack surface will see more activity? We’ll also be discussing how the cybersecurity industry, organizations and consumers will be reacting to the changing cybersecurity landscape.

Join Bugcrowd for our 2022 Cybersecurity Predictions

Your organization’s assets are continuously changing. Consequently, your traditional security assessments must evolve from point-in-time, yearly assessments to continuous ones. And because security is more than just technology, you need to rely on people and processes, as well.

Join SANS Certified Instructor and Author Jorge Orchilles and Bugcrowd Product Marketing Director Toby Bussa as they explore Bugcrowd’s next-generation penetration testing offering. The webcast will cover:

-Overview and evolution of security assessments
-Current state of InfoSec
-Problems with current security assessments, compliance, and regulatory requirements
-Evolving landscape
-Benefits of next-generation penetration testing

Penetration Testing-as-a-Service

Everyone agrees that the historic Log4J vulnerability, and the associated Log4Shell exploit, is the worst Java risk we’ve seen in years–maybe ever. But why? And what will remediation look like for the countless platforms and products that touch it in some way? Furthermore, how should the ecosystem prepare for the next one before it happens? 


Join us for an impromptu AMA session with Bugcrowd Founder and CTO Casey Ellis to hear answers to those questions, insights about how hunters on the Bugcrowd Security Knowledge Platform are working 24/7 to find and understand this vuln for customers, and to ask Casey your own questions, as well.

Log4Shell: Your Questions Answered

Hackers are often unfairly portrayed as shady silhouettes in hoodies. In fact, most ethical hackers are curious, committed security researchers from a broad range of backgrounds, willing and able to join the global fight against attackers.

Join us to hear Bugcrowd CTO Casey Ellis and security researchers Chris Inzinga and Majd Atiyat discuss what motivates this global and diverse community in 2021. You’ll learn:

-Who becomes an ethical hacker, and why
-What motivates/what’s on the minds of ethical hackers today
-The critical role of ethical hackers in the cybersecurity ecosystem

Inside the Mind of a Hacker

We are excited to launch the Meet the Experts series for Bugcrowd customers.  During this fireside chat we will discuss top updates to the platform.  In this first session on December 07 at 10 am PST, learn about Bugcrowd's crowdsourced security platform's vulnerability disclosure program to learn how we:

1. Find the vulnerabilities that matter
2. Keep the noise out with the superior triage and validation capabilities
3. Make it easy to get started with the self-service approach

Meet the Experts Series

Crowdsourced participation has a multitude of benefits for pen testers whether you're starting out in the field or you have years of experience. Learn how and why to get started in crowdsourced initiatives, whether it's hacking for fun and profit, or just to level-up your skills and experience.

Crowdsourced Pen Testing for the Win

Bug bounty programs are moving from the realm of novelty towards becoming best practice. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. Bug bounty programs have increased 210% percent since 2013.

Bug bounties provide an opportunity to level the cybersecurity playing field, strengthen the security of products, and cultivate a mutually rewarding relationship with the security researcher community.

Join Bugcrowd, SANS, and a customer panel as we discuss the momentum behind crowdsourced security.

Topics covered:
1. How bug bounties fit with a robust security strategy
2. Why bug bounties are being adopted by all types of organizations
3. How Okta saved the equivalent cost of two full-time employees with Bugcrowd

The State of Vulnerability Discovery — How Bug Bounties Are Making a Difference

information

security

infosec

cybersecurity

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The State of Vulnerability Discovery — How Bug Bounties Are Making a Difference

Presented by

About this talk

More from this channel