In this article you will find:

  • How does it work ?
  • Pre-requisites
  • Creating Bugcrowd CSV connector
  • How to view data from Bugcrowd in Vulcan

1. How does it work ?

Vulcan Bugcrowd CSV connector is very simple to use.

Each Submission in Bugcrowd is a valid file to be uploaded to Vulcan.

Once the CSV is uploaded, Vulcan is mapping in adanvced all the headers from the CSV into Vulcan fields. For example:

Each target_name in Bugcrowd CSV will be mapped into Vulcan's Site Name

Each vrt_lineage in Bugcrowd CSV will be mapped into Vulcan's Vulnerability Name

And so on.

The order of the headers does not matter when you download a Submission from Bugcrowd, but note that once you've uploaded a Bugcrowd CSV, and you want to upload an updated file of that CSV - You need to validate that same headers exists as in the previous CSV. For example:

If the first Bugcrowd CSV contained only the headers: target_name, vrt_lineage and cvss_score, then the next Bugcrowd CSV you will uploaded in order to update the first CSV will must contains exactly same headers (not necessarily by the same order).

2. Pre-requisites

  • File must be CSV format
  • File should not exceed 200MB
  • The uploaded CSV should be from the Submissions in Bugcrowd.
  • The following fields are mandatory: target_name (to determine the Site name), vrt_lineage (to determine the Vulnerability name) and bug_url (to determine the location of the vulnerability)

3. Creating Bugcrowd CSV

In the Connectors page, click on Add a Connector

Click on Bugcrowd CSV connector.

After making sure you overviewed sections 1 and 2, simply upload the Bugcrowd CSV and click on Create.

The process can take a few minutes (depends on the file size).

You can follow the progress on the connector's Log tab:

Once the connector is at Connected state, it is ready for being used.

4. How to view data from Bugcrowd in Vulcan

You can view the data from Bugcrowd from 2 angles;

  • Assets (Websites)
  • Vulnerabilities

Assets (Websites)

Go to Assets and navigate to Websites tab. There you can find all the Applications and sites that came from either bug bounties, penetration testing or DAST tools.

To view data from Bugcrowd CSV use the Search bar and filter by either Source: Bugcrowd CSV or by connector name.

In this view you can see all the targets as in the submission file, in addition to number of pages scanned and total number of vulnerabilities found on this target.

Clicking on each Site will open the Asset Card, where you can find more details about the vulnerabilities and the asset itself.

Vulnerabilities

Go to Vulnerabilities and select on the top bar the status of the vulnerabilities you want to view (Vulnerable/Fixed/Ignored/All)

Use the Search bar and filter by either Vulnerability Source: Bugcrowd CSV or by Asset source: Bugcrowd CSV

By clicking on the vulnerabilities, you can open the Vulnerability Card and start performing remediation actions s.a Create Jira ticket/Share via Slack and more.

Did this answer your question?