Bugcrowd is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.
With Bugcrowd integration, users can manage remediation of vulnerabilities detected by bug bounty program in Vulcan unified risk view.
How to connect
First, go to the connector page and choose "Add connector", then choose "Bugcrowd" connector to add:
After choosing to add the Bugcrowd connector, you will have to fill the following fields: API Username, API Password.
To fill those fields, to the Bugcrowd UI and choose the following: go to the user console at the top right and choose "API Credentials"
In the API Credentials, create new user credentials or use an existing one, to generate the needed fields for the Vulcan connector as following:
Now that you generate the Username and Password, fill the Vulcan side to create the connector:
Test the connection to make sure the credentials are right and hit save.
3. How to view data from Bugcrowd in Vulcan
You can view the data from Bugcrowd from 2 angles;
Go to Assets and navigate to the Websites tab. There you can find all the Applications and sites that came from either bug bounties, penetration testing, or DAST tools.
To view data from Bugcrowd CSV use the Search bar and filter by either
Source: Bugcrowd CSV or by connector name.
In this view, you can see all the targets as in the submission file, in addition to the number of pages scanned and the total number of vulnerabilities found on this target.
Clicking on each Site will open the Asset Card, where you can find more details about the vulnerabilities and the asset itself.
Go to Vulnerabilities and select on the top bar the status of the vulnerabilities you want to view (Vulnerable/Fixed/Ignored/All)
Use the search bar and filter by either
Vulnerability Source: Bugcrowd CSV or by
Asset source: Bugcrowd CSV
By clicking on the vulnerabilities, you can open the Vulnerability Card and start performing remediation actions s.a Create Jira ticket/Share via Slack and more.