In this article you will find:

  1. Background

  2. How to connect

  3. How the Bugcrowd assets are mapping in Vulcan

  4. How the Bugcrowd Vulnerabilities are mapping in Vulcan

1. Background

Bugcrowd is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.

With Bugcrowd integration, users can manage remediation of vulnerabilities detected by bug bounty program in Vulcan unified risk view.

2. How to connect

First, go to the connector page and choose "Add connector", then choose "Bugcrowd" connector to add:

After choosing to add the Bugcrowd connector, you will have to fill the following fields: API Username, API Password.

To fill those fields, to the Bugcrowd UI and choose the following: go to the user console at the top right and choose "API Credentials"

In the API Credentials, create new user credentials or use an existing one, to generate the needed fields for the Vulcan connector as following:

Now that you generate the Username and Password, fill the Vulcan side to create the connector:

Test the connection to make sure the credentials are right and hit save.

3. How to view data from Bugcrowd in Vulcan

You can view the data from Bugcrowd from 2 angles;

  • Assets (Websites)

  • Vulnerabilities

Assets (Websites)

Go to Assets and navigate to the Websites tab. There you can find all the Applications and sites that came from either bug bounties, penetration testing, or DAST tools.

To view data from Bugcrowd CSV use the Search bar and filter by either Source: Bugcrowd CSV or by connector name.

In this view, you can see all the targets as in the submission file, in addition to the number of pages scanned and the total number of vulnerabilities found on this target.

Clicking on each Site will open the Asset Card, where you can find more details about the vulnerabilities and the asset itself.

Vulnerabilities

Go to Vulnerabilities and select on the top bar the status of the vulnerabilities you want to view (Vulnerable/Fixed/Ignored/All)

Use the search bar and filter by either Vulnerability Source: Bugcrowd CSV or by Asset source: Bugcrowd CSV

By clicking on the vulnerabilities, you can open the Vulnerability Card and start performing remediation actions s.a Create Jira ticket/Share via Slack and more.


Did this answer your question?