CrowdCurity CrowdCurity

How it works

Getting Started

Simply create a vulnerabilty reward program (or we'll do it for you) and get skilled testers to give you feedback on the security of your web application. If you have not tried a reward program before, CrowdCurity even offers to do a soft launch, only inviting 1-3 top testers, before you go full crowd.

Crowdcurity softlaunch Soft Launch

  • Program is limited to 1-3 of the best testers
  • You select the reward sizes

For businesses running a security test or a reward program for the first time. We support you closely.

Crowdcurity crowdlaunch Crowd Launch

  • Full crowd program
  • You select the reward sizes

For businesses who have previously done detailed security testing or tried a reward program.

You launch the reward program

You launch a reward program by filling out an intuitive form.

  • You select the application(s) you want to have tested
  • You select the reward sizes for valid vulnerabilities
  • You review our best practice program rules and add extra rules if neccesary
Launch a reward program
Testers report security issues

Testers report vulnerabilities

The program is marketed to a skilled pool of security testers.

  • Tester submits found vulnerabilities through a structured form with all the details needed for you to evaluate it
  • You will be informed about each submission by mail and you will be able to view the submissions in your dashboard

You reward valid vulnerabilities

You decide which vulnerability reports are eligible rewards.

  • You send your evaluation and the reward size back to the tester via our vulnerability management tool
  • If you decide to give a reward, we will wire the payment to the tester and will invoice you the reward fee and the related service fee of 20%
Business reward fix

A reward program is launched

Businesses create reward programs inviting for a test.

  • You find the application(s) in scope to be tested
  • You find the reward sizes for valid vulnerabilities
  • You carefully read the rules for engaging in a test
Launch a security test
Testers report security issues

You submit vulnerabilities

You compete against other skilled testers on submitting quality vulnerabilities.

  • If you find a vulnerability, you submit it through a structured form, making sure all details are captured
  • The better quality report you provide, the higher are your chances of receiving a reward

You receive feedback and rewards

It is the business who decides which vulnerability reports are eligible rewards

  • The business send their evaluation and reward size back to you via our vulnerability management tool
  • If you receive a reward, you will receive the payment from us a couple of weeks later
Business reward fix

Protection is a challenge

Protecting yourself against malicious intruders is a big challenge.

  • The biggest threats to your web application can be found at OWASP Top 10 List
  • In order to protect yourself, you need to be able to think like the intruders
Security protection challenge
CrowdCurity budget process

The creativity of the crowd

No automatic scanner or security consultant beats the crowd.

  • By hiring a crowd of testers you get your applications tested from many angles
  • The testers are from all over the world and use different tools

A controlled test

We have a number of methods for controlling a test

  • You can do a soft launch with 1-3 of the best testers before you go full crowd
  • The testers accept terms on what they can and cannot do
Crowdcurity is safe