4 Reasons to Crowdsource Your Pen Test

•

0 likes•1,169 views

Crowdsourcing a penetration test through Bugcrowd's Flex model offers four main benefits: 1) You pay only for valid vulnerabilities found rather than researcher time spent; 2) Engaging many skilled researchers across different specialties increases the likelihood of finding issues; 3) The reward structure encourages in-depth testing by incentivizing top submissions; 4) This results in significantly more testing effort within similar timeframes as a traditional penetration test.

Internet

4 REASONS TO CROWDSOURCE YOUR PENETRATION TEST
The premier platform for crowdsourced cybersecurity.
casey@bugcrowd.com
jcran@bugcrowd.com

All content (c) Bugcrowd Inc, 2014 - All rights reserved.
The Problem
Security is not a
fair ﬁght.
How do you level
your playing ﬁeld?
HACKED
HACKED
HACKED HACKED
HACKED
HACKED

All content (c) Bugcrowd Inc, 2014 - All rights reserved.
About your presenters
@caseyjohnellis
Founder and CEO, Bugcrowd
Recovering pentester turned
solution architect turned sales guy
turned entrepreneur
Founder and CEO of Bugcrowd
@jcran
VP Delivery, Bugcrowd
Bugcrowd researcher turned
operations lead
Formerly @Rapid7, @Metasploit,
@PwnieExpress

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
Bugcrowd Products
Crowdsourced security to ﬁt your needs
Free
Responsible Disclosure
Capped cost
Ad-hoc or continuous
Elite tier researchers
Flex Bounty
Continuous testing
Monthly fee + transaction fee
Bug Bounty

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
What is Flex?
• A bug bounty in the format of a penetration test
• Typically a 2 week, ﬁxed cost, ﬁxed timeline project
• Private (vetted researchers) or open
• Bugcrowd does vulnerability analysis
• Deliverable:
• Report with overview and veriﬁed vulnerabilities
• Access to platform and researchers

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
Use cases
• A more effective web, mobile and/or IOT penetration test
• Lots of effort in a short timeframe
• Ideal for short testing windows
• Rapid deployment testing
• New products or features, supplier due diligence,
acquisitions, etc
• Precursor to a public bug bounty program (i.e. what is my
*real* security posture)

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
How does it work?
• Program Setup
• Program Kickoff and Invitations
• Program Runs [2 weeks on average]
• Analysis [96 hours on average]
• Report Delivery and Access

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
4 Reasons to Crowdsource Your
Penetration Test
• Pay for results not effort
• Engage diverse skill-sets
• A Reward model that encourages depth and breadth
• Higher total effort

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
Pay for results not effort
• 193 Average number of submissions per program
• 45 Average number of valid submissions
• $256 Average cost per bug (How much does it cost now?)
• Average Priority from 1 (showstopper) to 5 (won’t ﬁx):
3.88

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
Engage diverse skill-sets
• Vast array of specialties
• Web Application, Network, Mobile, Hardware
• Testing styles and patterns vary wildly
• Have questions? Engage the researchers at the end of
the program

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
A reward model that encourages
depth and breadth
• Top 3 issues get a signiﬁcant percentage of the
reward pool
• All “unplaced” submissions get the remainder
• Sliding scale varies on the difﬁculty of the
application and prior testing results

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
Higher total effort
• Up to 80 hours of effort in the ﬁrst 8 hours
• At least 160 man-hours per bounty
• Activity depends on incentives

CONFIDENTIAL. DO NOT DISTRIBUTE.
All content (c) Bugcrowd Inc, 2014 - All rights reserved.
Summary
• Cost effective, quick, high quality results
• Capped cost and capped timeline
• Great way to prepare for an ongoing bounty program
• Flex model incentivizes both breadth and depth

https://bugcrowd.com
sales@bugcrowd.com
@caseyjohnellis
@jcran

What's hot

5 Tips to Successfully Running a Bug Bounty Program

bugcrowd

Amy DeMartine - 7 Habits of Rugged DevOps

SeniorStoryteller

Silver Lining for Miles: DevOps for Building Security Solutions

SeniorStoryteller

The R.O.A.D to DevOps

SeniorStoryteller

The number of open source vulnerabilities hit an all-time record in 2017 with 3,500 reported vulnerabilities - that's 60% higher than the previous year, and the trend continues in 2018. Since it’s impossible to keep up with today’s pace of software production without open source, development and security teams are challenged to meet security objectives, without compromising on speed and quality. It's time for organizations to step up their open source security game. Join WhiteSource's Senior Director of Product Management, Rami Elron, as he discusses: - the current state of open source vulnerabilities management; - organizations' struggle to handle open source vulnerabilities; and - the key strategy for effective vulnerability management.

The State of Open Source Vulnerabilities Management

WhiteSource

Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future. Additionally, WhiteSource Senior Director of Product Marketing, Jeff Crum, will discuss recent analysis of the Software Composition Analysis (SCA) market, including takeaways from The Forrester Wave™: Software Composition Analysis, Q2 2019.

Taking Open Source Security to the Next Level

WhiteSource

Getting to Know Security and Devs: Keys to Successful DevSecOps

Franklin Mosley

DevSecCon Singapore 2018 - Measuring and maximizing vuln discovery efforts by...

DevSecCon

Have you considered what truly separates accidental vulnerabilities in open source from intentionally malicious releases? Although often grouped together as "vulnerabilities", malicious open source components are very different, right from their very creation through to the way you mitigate and remediate them as an end user. The past 12 months saw a record-breaking time for detection of malicious components in the world's most popular package registries. Join Rhys Arkins, Director of Product at WhiteSource, as he will discuss: The key differences between accidental vulnerabilities and malicious releases, How to manage the risk for each type of vulnerability, Lessons learned from the most interesting malicious packages spotted during 2019.

Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk

WhiteSource

Ops Happen: Improve Security Without Getting in the Way

SeniorStoryteller

Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements. However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software. Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses: 1. The four layers of open-source security 2. How to integrate continuous security into your SDLC 3. Best practices for organizations to own and execute the security process

Open Source Security: How to Lay the Groundwork for a Secure Culture

WhiteSource

Penetration Testing

jananya213

Bug Bounty Tipping Point: Strength in Numbers

bugcrowd

The Journey to DevSecOps

SeniorStoryteller

You don’t need a license for bug hunting season anymore. Bug bounty programs are becoming well established as a valuable tool in identifying vulnerabilities early. The Department of Defense has authorized its first bug bounty program, and many vendors are taking a fresh look. While the programs are highly effective, many questions remain about how to structure bug bounty programs to address the concerns that vendors and researchers have about controlling bug hunters, security and privacy, contractual issues with bug hunters, what happens if there is a rogue hacker in the crowd, and liability and compliance concerns. This presentation will cover the best practices for structuring effective bug bounty programs. Talk originally given at AppSecUSA 2016 | October 13, 2016

AppSecUSA 2016: 'Your License for Bug Hunting Season'

bugcrowd

Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery. Now some good news: you can easily integrate security into your existing processes to solve this challenge. In this session, Shiri Ivtsan, Senior Product Manager at WhiteSource, will discuss: - Leveraging the DevSecOps approach to help speed up security - Scaling security into your agile processes - 5 easy ways to start driving DevSecOps in your organization

The Challenges of Scaling DevSecOps

WhiteSource

Open source components have become a key building block for application development in today’s market where companies are under constant pressure to deploy products as fast as possible. The recent increase in open source usage, however, has introduced many new security challenges. In this webinar Learn how open source security vulnerabilities are found, how to address any open source security concerns within your organization and understand the difference between securing your open source components and your proprietary code.

The State of Open Source Vulnerabilities - A WhiteSource Webinar

WhiteSource

Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these? Join Codefresh and WhiteSource, as they embark on a journey to tackle: The container iceberg - learn what are your blind spots The main security challenges when using open source in containerized applications The role of automation in open source security in containers A live demo showing how WhiteSource & Codefresh can allow you to automate open source security in containers throughout the DevOps pipeline

Tackling the Container Iceberg:How to approach security when most of your sof...

WhiteSource

The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...

WhiteSource

6 Most Common Threat Modeling Misconceptions

Cigital

What's hot (20)

5 Tips to Successfully Running a Bug Bounty Program

Amy DeMartine - 7 Habits of Rugged DevOps

Silver Lining for Miles: DevOps for Building Security Solutions

The R.O.A.D to DevOps

The State of Open Source Vulnerabilities Management

Taking Open Source Security to the Next Level

Getting to Know Security and Devs: Keys to Successful DevSecOps

DevSecCon Singapore 2018 - Measuring and maximizing vuln discovery efforts by...

Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk

Ops Happen: Improve Security Without Getting in the Way

Open Source Security: How to Lay the Groundwork for a Secure Culture

Penetration Testing

Bug Bounty Tipping Point: Strength in Numbers

The Journey to DevSecOps

AppSecUSA 2016: 'Your License for Bug Hunting Season'

The Challenges of Scaling DevSecOps

The State of Open Source Vulnerabilities - A WhiteSource Webinar

Tackling the Container Iceberg:How to approach security when most of your sof...

The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...

6 Most Common Threat Modeling Misconceptions

Similar to 4 Reasons to Crowdsource Your Pen Test

Owasp LA

leifdreizler

Technology has come a long way and with it, the daunting task of delivering even quicker software releases. How can you keep up with the demand of ever increasing development cycles, agile methodologies and a desire to move as fast as possible while maintaining quality? Crowdsourced testing delivers a unique, scalable and affordable option to deliver exactly the kind of quality your mobile apps and websites deserve. Find out the fundamentals of crowdsourced testing and determine exactly how to implement it within your own organisation. Want to know more? Visit https://www.globalapptesting.com to learn more.

Fundamentals of crowdsourced testing

Nicholas Roberts

Shifting left: Continuous testing for better app quality and security

NowSecure

In many organizations, agile development processes are driving the pursuit of faster software releases, which has spawned a set of new practices called DevOps. DevOps stresses communications and integration between development and operations, including continuous integration, continuous delivery, and rapid deployments. Because DevOps practices require confidence that changes made to the code base will function as expected. automated testing is an essential ingredient Join Jeff Payne as he discusses the unique challenges associated with integrating automated testing into continuous integration/continuous delivery (CI/CD) environments. Learn the internals of how CI/CD works, appropriate tooling, and test integration points. Find out howpto integrate your existing test automation frameworks into a DevOps environment and leave with roadmap for integrating test automation with continuous integration and delivery.

Integrating Automated Testing into DevOps

TechWell

It’s been more than a decade since the term “DevOps” was coined. Since then, DevOps has evolved, with more tools, technologies and processes to enable unparalleled digital transformation. The next decade and beyond promise even more innovation as DevOps becomes even more ingrained in the software delivery life cycle. But what’s next? And how can organizations prepare? Join this webinar as we explore: How development and operations have changed in the last decade. Trends impacting the IT landscape and business processes. What these trends mean for the evolution of DevOps and for your implementation strategy. Discover the key tenets and best practices to ensure your DevOps strategy remains relevant even in the face of massive business and technological upheaval. Join Jay Lyman, Principal Analyst, Cloud Native and DevOps at 451 Research, and Loreli Cadapan, Sr. Director Product Management at JFrog, as they share design patterns and tips for future-proofing your DevOps strategy.

A Decade of DevOps: Design Patterns for Future-Proofing Your DevOps Strategy

DevOps.com

Web Application Security And Getting Into Bug Bounties

kunwaratul hax0r

CrikeyCon 2017 - Rumours of our Demise Have Been Greatly Exaggerated

eightbit

Many organizations are introducing test automation only to discover it is more difficult than they anticipated. The fact is that good test automation requires good coding practices. Good test automation requires good design. To do anything else will lead to spaghetti code that is hard to maintain or update. If you’re new to coding or new to automation, it is difficult to know where to begin. Join Cheezy as he describes and demonstrates lessons he has learned while helping numerous organizations adopt test automation. Cheezy shows the patterns he uses to keep automation code simple and clean, and demonstrates techniques you can use to make your automation code more maintainable. Finally, Cheezy writes code (without a net) to implement these patterns, taking them from theory to implementation.

Patterns of Automation: Simplify Your Test Code

TechWell

Bug Bounty #Defconlucknow2016

Shubham Gupta

Continuous delivery is more than dev ops

Agile Montréal

Quality Assurance and its Importance in Software Industry by Aman Shukla

AbhishekKumar773294

Web and mobile test cycles typically leverage automation frameworks like Selenium and Appium that are mostly focused on functional testing with end-to-end scenarios. But what about nonfunctional testing — including performance, accessibility, security, and UX? Unfortunately, nonfunctional testing is either left to the end of the cycle or done only partially. Or, it’s outsourced externally, where it is performed manually due to a lack of time and automation abilities. When nonfunctional testing is overlooked or left until the end of cycle, performance, accessibility, and UX defects can cause brand damage and are more expensive to fix after the fact. Specifically, accessibility defects can also result in expensive complaints or lawsuits. Learn how you can avoid damaging defects. Join our panel webinar led by Perfecto’s VP of Products Tzvika Shahaf and Chief Evangelist and author Eran Kinsbruner, together with Dylan Barrel, CTO at Deque, and Henrik Rexed, Performance Testing Advocate from Neotys, to learn how you can expand your coverage within the build cycle by shifting automated nonfunctional testing left. During the webinar, you will learn: - The key benefits of shifting performance and accessibility testing left. - Best practices and recommendations on how to succeed in shifting such tests into the build process. - How to get started with mobile and web performance and accessibility testing.

Best Practices for Shifting Left Performance and Accessibility Testing

Perfecto by Perforce

Samal biswa manual tester-functional-accessibility

samal biswa

Optimizely Product Vision: The Future of Experimentation

Optimizely

Top 10 Benefits of Crowd Testing

KiwiQA

With organizations under intense pressure to get products out to market quickly, they can’t afford to operate within operational silos. Yet communicating and collaborating across the organizational boundaries of QA and development can be difficult. Development is typically a black box to QA teams. QA has no visibility into the quality and security of the code until late in the lifecycle. Watch this recorded webcast to learn how to break down the barriers and improve visibility and transparency by integrating development testing results into the IBM Rational Team Concert and providing QA and development with a unified workflow for ensuring code quality. Explore different development testing techniques and the types of defects and security vulnerabilities they can find. About the Presenter: James Croall, Director of Product Management, Coverity Over the last 8 years, James Croall has helped a wide range of customers incorporate static analysis into their software development lifecycle. Prior to Coverity, Mr. Croall spent 10 years in the computer and network security industry as a C/C++ and Java software engineer.

Webcast Presentation: Accelerate Continuous Delivery with Development Testing...

GRUC

Should I Partner with an Outsourced QA Provider for Security Testing?

QASource

AdTech at Scale: from the classroom to the industry

Bernardo de Seabra

Product Vs Craft

MagenTys

So you’ve “gone agile” and have been relatively successful for a year or so. But how do you know how well you’re really doing? And how do you continuously improve your practices? When things get rocky, how do you handle the challenges without reverting to old habits? You realize that the path to high-performance agile testing isn’t easy or quick. It also helps to have a guide. So consider this workshop your guide to ongoing, improved, and sustained high-performance. Join seasoned agile testing coach Bob Galen as he share lessons from his most successful agile testing transitions. Explore actual team case studies for building team skills, embracing agile requirements, fostering customer interaction, building agile automation, driving business value, and testing at-scale—all building agile testing excellence. Examine the mistakes, adjustments, and the successes, and learn how to react to real-world contexts. Leave with a better view of your team’s strengths, weaknesses, and where you need to focus to improve.

Seven Keys to Navigating Your Agile Testing Transition

TechWell

Similar to 4 Reasons to Crowdsource Your Pen Test (20)

Owasp LA

Fundamentals of crowdsourced testing

Shifting left: Continuous testing for better app quality and security

Integrating Automated Testing into DevOps

A Decade of DevOps: Design Patterns for Future-Proofing Your DevOps Strategy

Web Application Security And Getting Into Bug Bounties

CrikeyCon 2017 - Rumours of our Demise Have Been Greatly Exaggerated

Patterns of Automation: Simplify Your Test Code

Bug Bounty #Defconlucknow2016

Continuous delivery is more than dev ops

Quality Assurance and its Importance in Software Industry by Aman Shukla

Best Practices for Shifting Left Performance and Accessibility Testing

Samal biswa manual tester-functional-accessibility

Optimizely Product Vision: The Future of Experimentation

Top 10 Benefits of Crowd Testing

Webcast Presentation: Accelerate Continuous Delivery with Development Testing...

Should I Partner with an Outsourced QA Provider for Security Testing?

AdTech at Scale: from the classroom to the industry

Product Vs Craft

Seven Keys to Navigating Your Agile Testing Transition

More from bugcrowd

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel

bugcrowd

Ekoparty 2017 - The Bug Hunter's Methodology

bugcrowd

Grant McCracken and Daniel Trauner's presentation on setting up and managing a successful bug bounty program. Having a bug bounty program is one of the most efficient methods of finding security vulnerabilities today. But, as anyone who has tried to run a bug bounty program knows, it's not a trivial undertaking... As professionals who have helped to manage hundreds of bug bounty programs, we're uniquely positioned to provide advice on how to succeed. Whether you're already running a bug bounty program, are looking to run a bug bounty program, or are a researcher, this talk aims to deepen your knowledge of the subject.

If You Can't Beat 'Em, Join 'Em (AppSecUSA)

bugcrowd

If You Can't Beat 'Em, Join 'Em

bugcrowd

Writing vuln reports that maximize payouts - Nullcon 2016

bugcrowd

Bug Bounty Hunter Methodology - Nullcon 2016

bugcrowd

Zephyr Health, a quickly growing company harnessing the power of global healthcare data, has spent the last year augmenting its’ product security efforts. With Bugcrowd’s help, they have transformed their development and overarching culture to prioritize security. Bugcrowd joins Zephyr Health’s CISO, Kim Green, to hear about how she came to understand and implement crowdsourced security testing within the organization.

Revitalizing Product Securtiy at Zephyr Health

bugcrowd

How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLV

bugcrowd

WATCH JASON'S TALK LIVE, 8/14 @ 11AM PDT - Register Here: http://bgcd.co/DEFCON23-haddix Jason Haddix explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools and tips that make you better at hacking websites and mobile apps to claim those bounties. Follow Jason on Twitter: http://twitter.com/jhaddix Follow Bugcrowd on Twitter: http://twitter.com/bugcrowd Check out the latest bug bounties on Bugcrowd: https://bugcrowd.com/programs

How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...

bugcrowd

How to run a kick ass bug bounty program - Node Summit 2013

bugcrowd

More from bugcrowd (10)

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel

Ekoparty 2017 - The Bug Hunter's Methodology

If You Can't Beat 'Em, Join 'Em (AppSecUSA)

If You Can't Beat 'Em, Join 'Em

Writing vuln reports that maximize payouts - Nullcon 2016

Bug Bounty Hunter Methodology - Nullcon 2016

Revitalizing Product Securtiy at Zephyr Health

How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLV

How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...

How to run a kick ass bug bounty program - Node Summit 2013

Recently uploaded

Call Girls In Defence Colony Delhi +91-8264348440 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-8264348440 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-8264348440 Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-8264348440 Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-8264348440

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝

soniya singh

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...

tanu pandey

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call Booking Contact Details :- WhatsApp Chat :- +91-9711199171 27-April-2024(SMW) Best Escorts Service in Delhi Call Us — 9711199171 —Are you Looking for Call Girls in Delhi then This's a perfect place for you. We brings Many Models and Independent Call girls who Can fulfill all your Sexual Desires by Their Complete package of sex Service and It's Absolutely safe and secure. Book Your One night Stand Call Girls : 9711199171 -SERVICES- Our Delhi Call Girls are fully cooperative and understand your needs and they Give you their complete package of Sex service like- Real girl friend experience, Lip Kiss, Lip Lock, Smooch, Sucking without Condom, Oral, Erotic Massage, Lap Dance, Threesome, 69 Licking, Sex in all Position, Anal Sex etc, -AVAILABLE GIRLS- We Bring Many Good looking Slim, Busty, Hot and Sexy Call Girls as per our client's Choice like Housewives, College girls, Russian girls, Muslim girls, Afghani girls, Bengali girls, Working girls, south Indian girls, Punjabi girls, Big Boobs Call Girls etc, -PAYMENT METHOD- C O D. If you Want to Book our Call girls Service in Delhi . We don,t ask anything in Advance, you Can simply pay to her Cash on Delivery or via any upi. In-Call: — You can reach at our Place in Delhi Our place Hotel and Flat Which Is Very Clean Hygiene And 100% safe Accommodation. Out-Call: — You Can pick up the Girl from my Place if not we Provide Door-Step Call Girls Delivery in Delhi. NOTE: — Pic Collectors Time Passers and Bargainers please Stay Away As We Respect The Value For Your Money Time And Expect The Same From You. OUR SERVICES RATE: – let you know the our Call girls price in Delhi are very affordable and Best rate in genuine market of Call girls. But as all you knows that Quality has comes with its own Price tag. One Shot — 5000/in call (time 1 hour), 6000/out call Two shot with one girl — 8000/in call (time 2 hour), 10000/out call Body to body massage with sex- 8000/in call (time 1 hour) Full night Service for one person– 12000/in call, 13000/out call (shot limit 3-4 shots) Full night Service for more than 1 person — please contact Us —9711199171 We are available 24*7 all days of the year. Call us — 9711199171 Thank you for Visiting.

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call

shivangimorya083

Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available

Seo

Call Girls In Saket Delhi +91-9667422720 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-9667422720 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-9667422720Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-9667422720Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-9667422720

Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝

soniya singh

Call Girls In Model Towh Delhi +91-8264348440 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-8264348440 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-8264348440 Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-8264348440 Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-8264348440

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝

soniya singh

₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111༒99012🔝 <J.R.P > 30/30/2024 Call Us(Call Girls in Delhi Escort Service(🔝))/WhatsApp 97111⇛99012 Call Girls in ,(Delhi) We are Provide best Genuine Normal, High class call girls. escort service at affordable price. We Are One Of The Oldest Escorts and Call girls Agencies in Delhi You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Callo Girls Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call: — You Can Come at Our Location in Delhi Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call: — You have To come and Pick Girl From My Place We are Also Provide Door Step Services in Delhi , Gurgaon, Noida. Hygienic: — Full Ac Neat And Clean Rooms Available In Hotel 24 * 7 Hour In Delhi NCR, We Are Providing : — all Types of girls Indian, North East , Foreigner , Airhostess, many More. Service type — In-call Shot 1500, 2,000– In — Call Night /Out-call Night 6,000, to 8,000 — Hi-Fi Rates Shot — 5,000 to 10,000 Full Night 10,000 to 12,000 More Details, Call//WhatsApp, 97111 🔝 ⇛99012

₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...

Diya Sharma

Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R. Why you Choose Us- +91-8264348440 I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls Delhi and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. ★ CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . ★ To Enjoy With Hot and Sexy Girls . ★ We Are Providing :- • 3* 5* 7*Hotels Service • Hygienic Full AC Neat and Clean Rooms Avail. • Daily New Escorts Staff Available • Minimum to Maximum Range Available. Our escort service •BJ (Blowjob) •FK (French kissing) •Kissing with tongue •O-Level (Oral sex) •Long Silky Brown Hair •69 (69 sex) •A-Level (5 start Escort) •Dating {{{N.M}}} 30-04-2024

Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.

soniya singh

Russian Call Girls in %(+971524965298 )# Call Girls in Dubai

Dubai call girls 971524965298 Call girls in Bur Dubai

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024

APNIC

Call Girls In Ashram Chowk Delhi +91-8264348440 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-8264348440 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-8264348440 Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-8264348440 Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-8264348440

Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝

soniya singh

Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (27-April-2024(PSS) Two shots with one girl: ₹4000/in-call, ₹7000/out-call Body to body massage with : ₹4500/in-call Full night for one person: ₹7000/in-call, ₹12000/out-call Delhi Russian Escorts provide clients with the opportunity to experience an array of activities - everything from dining at upscale restaurants to watching the latest movies. Hotel call girls are available year-round to offer unforgettable experiences and fulfill all of your erotica desires. Escort services go beyond the traditional notion of call girls by providing clients with customized experiences beyond dinner companionship to social events. (27-April-2024(PSS) Mahipalpur | Majnu Ka Tilla | Aerocity | Delhi,Noida | Gurgaon | Paharganj | GTB Nagar | Sarita Vihar | Chattarpur | Dwarka | Rajouri Garden | Connaught Place | Janakpuri ▂▃▄▅▆▇█▓▒░░▒▓█▇▆▅▄▃▂📢N-C-R⭐VIP⭐GENUINE🅰️█▬█⓿▀█▀💋 𝐆𝐈𝐑𝐋 💥ANAL SEX💥 BDSM💥69 POSE💥LIP KISS💥 DEEP SUCKING WITHOUT CONDOM💥 CUM ON FACE💥 NUDE DANCE💥 BOOBS RUBBING💥 LICKING💥HAND JOB 💏GIRLFRIEND EXPERIENCE💏 ❣️College girls, ❣️Russian girls, ❣️Working girls, ❣️North-east girls, ❣️ Punjabi girls, etc........................ EROTIC MASSAGE💥

Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶 Delhi Russian Escorts provide clients with the opportunity to experience an array of activities - everything from dining at upscale restaurants to watching the latest movies. Hotel call girls are available year-round to offer unforgettable experiences and fulfill all of your erotica desires. Escort services go beyond the traditional notion of call girls by providing clients with customized experiences beyond dinner companionship to social events. (27-April-2024(PSS) Mahipalpur | Majnu Ka Tilla | Aerocity | Delhi,Noida | Gurgaon | Paharganj | GTB Nagar | Sarita Vihar | Chattarpur | Dwarka | Rajouri Garden | Connaught Place | Janakpuri ▂▃▄▅▆▇█▓▒░░▒▓█▇▆▅▄▃▂📢N-C-R⭐VIP⭐GENUINE🅰️█▬█⓿▀█▀💋 𝐆𝐈𝐑𝐋 💥ANAL SEX💥 BDSM💥69 POSE💥LIP KISS💥 DEEP SUCKING WITHOUT CONDOM💥 CUM ON FACE💥 NUDE DANCE💥 BOOBS RUBBING💥 LICKING💥HAND JOB 💏GIRLFRIEND EXPERIENCE💏 ❣️College girls, ❣️Russian girls, ❣️Working girls, ❣️North-east girls, ❣️ Punjabi girls, etc........................ EROTIC MASSAGE💥

@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445 Why you Choose Us- +91-6378878445 Bangalore Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . (L030524]k)

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445

ruhi

Call Girl In Delhi ☎92055#41914 ¶¶ Indian,Russian Best Quality full Educated And Full Cooperative Independent Call Girls Escort Services In New Delhi- I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls and Escorts, We Are Located in 3* 4* 5* Hotels in Delhi. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency Indian Russian Call Girls In Delhi Booking Good High Profile Escorts (Call Girls) In Delhi 5 Star Hotel ,Incall Service,OutCall Service, We provide services by Call Girls,College Girls,Modals Get High Profile queens,Well Educated,Good Looking,Full Cooperative Model, Russian Models,Punjabi Girls Kashmeri Girls Services etc… We Provide Hottest Female With Safe And Consensual With Most Limits Respected Complete Satisfaction Guaranteed…Service. Call Me Spacial For Including Incall//outcall Service In New Delhi Indian Russian Escorts Service

Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...

Delhi Call girls

Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand Booking Contact Details :- WhatsApp Chat :- +91-9711199171 30-April-2024(SMW) Best Escorts Service in Delhi Call Us — 9711199171 —Are you Looking for Call Girls in Delhi then This's a perfect place for you. We brings Many Models and Independent Call girls who Can fulfill all your Sexual Desires by Their Complete package of sex Service and It's Absolutely safe and secure. Book Your One night Stand Call Girls : 9711199171 -SERVICES- Our Delhi Call Girls are fully cooperative and understand your needs and they Give you their complete package of Sex service like- Real girl friend experience, Lip Kiss, Lip Lock, Smooch, Sucking without Condom, Oral, Erotic Massage, Lap Dance, Threesome, 69 Licking, Sex in all Position, Anal Sex etc, -AVAILABLE GIRLS- We Bring Many Good looking Slim, Busty, Hot and Sexy Call Girls as per our client's Choice like Housewives, College girls, Russian girls, Muslim girls, Afghani girls, Bengali girls, Working girls, south Indian girls, Punjabi girls, Big Boobs Call Girls etc,

Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand

kumarajju5765

Call Girls In Pratap Nagar Delhi +91-8264348440 !! Best Woman Seeking Man Call Girls Service, Escorts Service in Home Hotel in Delhi NCR 24 Hours Available Service Call Girls, Contact Us +91-8264348440 (Any Time. Any Where) Call Girls in Delhi, Noida, Gurgaon, Ghaziabad,Sexy Indian Female Escorts Service Delhi NCRWelcome To Delhi Escorts Service – An All Over New Delhi Very Sexy Hot Call Girls Agency Service Escorts In South DelhiNCRDelhi’s No. 1 High Profile Independent Female Escorts Service. We Provide Good Quality Educated Profile At Very Regnebal Price 100% Safe And Original.We Are Provide Escorts Service All OYO Hotels ,3*,4*,5* Star Hotel And Home Flat, Apartment. Guest-House. Services In -Call And Out – Call Both Are Services Available. 24Hrs. Any Time Any Where. In All Over Delhi Noida Gurgaon Ghaziabad Faridabad.More Information And Contact Profile Real Pic Visit Our Website City Wise Escorts Service Agency.Good Looking Cheap And Best Models Girls U Can Get Best Click On Link……Night Call Girls Now In Hotel Le Meridien Gurgaon Near Female Escort Service – 24×7 .Call Whatsapp, +91-8264348440 Our Services and Rates: –– In call Shot 1500 Out Call Short 2000: – In call Night 6000 Out Call Night 7000Minimum To Maximum Range AvailableOnly Serious And Genuine Persons Can Contact Us : +91-8264348440 Call Girls in Delhi At All Location :– Malviya Nagar, Saket, Hauz Khas, Dwarka, Mahipalpur, Aerocity, Lajpat Nagar, Nehru Place karol Bagh, Near Metro Station :Call Us Whatapp Call Now +91-8264348440

Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝

soniya singh

INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.

CarlotaBedoya1

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...

APNIC

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R. Why you Choose Us- +91-8264348440 I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls Delhi and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. ★ CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . ★ To Enjoy With Hot and Sexy Girls . ★ We Are Providing :- • 3* 5* 7*Hotels Service • Hygienic Full AC Neat and Clean Rooms Avail. • Daily New Escorts Staff Available • Minimum to Maximum Range Available. Our escort service •BJ (Blowjob) •FK (French kissing) •Kissing with tongue •O-Level (Oral sex) •Long Silky Brown Hair •69 (69 sex) •A-Level (5 start Escort) •Dating {{{N.M}}} 30-04-2024

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.

soniya singh

Recently uploaded (20)

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call

Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available

Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝

₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...

Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.

Russian Call Girls in %(+971524965298 )# Call Girls in Dubai

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024

Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝

Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance

@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶

All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445

Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...

Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand

Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝

INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.

'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...

Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.

4 Reasons to Crowdsource Your Pen Test

1. 4 REASONS TO CROWDSOURCE YOUR PENETRATION TEST The premier platform for crowdsourced cybersecurity. casey@bugcrowd.com jcran@bugcrowd.com

3. All content (c) Bugcrowd Inc, 2014 - All rights reserved. About your presenters @caseyjohnellis Founder and CEO, Bugcrowd Recovering pentester turned solution architect turned sales guy turned entrepreneur Founder and CEO of Bugcrowd @jcran VP Delivery, Bugcrowd Bugcrowd researcher turned operations lead Formerly @Rapid7, @Metasploit, @PwnieExpress

4. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. Bugcrowd Products Crowdsourced security to ﬁt your needs Free Responsible Disclosure Capped cost Ad-hoc or continuous Elite tier researchers Flex Bounty Continuous testing Monthly fee + transaction fee Bug Bounty

5. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. What is Flex? • A bug bounty in the format of a penetration test • Typically a 2 week, fixed cost, fixed timeline project • Private (vetted researchers) or open • Bugcrowd does vulnerability analysis • Deliverable: • Report with overview and verified vulnerabilities • Access to platform and researchers

6. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. Use cases • A more effective web, mobile and/or IOT penetration test • Lots of effort in a short timeframe • Ideal for short testing windows • Rapid deployment testing • New products or features, supplier due diligence, acquisitions, etc • Precursor to a public bug bounty program (i.e. what is my *real* security posture)

7. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. How does it work? • Program Setup • Program Kickoff and Invitations • Program Runs [2 weeks on average] • Analysis [96 hours on average] • Report Delivery and Access

10. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. 4 Reasons to Crowdsource Your Penetration Test • Pay for results not effort • Engage diverse skill-sets • A Reward model that encourages depth and breadth • Higher total effort

11. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. Pay for results not effort • 193 Average number of submissions per program • 45 Average number of valid submissions • $256 Average cost per bug (How much does it cost now?) • Average Priority from 1 (showstopper) to 5 (won’t ﬁx): 3.88

12. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. Engage diverse skill-sets • Vast array of specialties • Web Application, Network, Mobile, Hardware • Testing styles and patterns vary wildly • Have questions? Engage the researchers at the end of the program

13. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. A reward model that encourages depth and breadth • Top 3 issues get a signiﬁcant percentage of the reward pool • All “unplaced” submissions get the remainder • Sliding scale varies on the difﬁculty of the application and prior testing results

14. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. Higher total effort • Up to 80 hours of effort in the ﬁrst 8 hours • At least 160 man-hours per bounty • Activity depends on incentives

15. CONFIDENTIAL. DO NOT DISTRIBUTE. All content (c) Bugcrowd Inc, 2014 - All rights reserved. Summary • Cost effective, quick, high quality results • Capped cost and capped timeline • Great way to prepare for an ongoing bounty program • Flex model incentivizes both breadth and depth

16. Questions?

17. https://bugcrowd.com sales@bugcrowd.com @caseyjohnellis @jcran

4 Reasons to Crowdsource Your Pen Test

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 4 Reasons to Crowdsource Your Pen Test

Similar to 4 Reasons to Crowdsource Your Pen Test (20)

More from bugcrowd

More from bugcrowd (10)

Recently uploaded

Recently uploaded (20)

4 Reasons to Crowdsource Your Pen Test