Movember

Movember Security Testing Background

We were previously running our security testing through another organization for a few years. They provided us with the same sort of vulnerability results year after year. The opportunity came up in Feb 2013 to work with Bugcrowd, and we took it. It was a new opportunity to try something different. We felt it would find deeper vulnerabilities with Bugcrowd’s researchers at our disposal.

Overall, we are much happier with Bugcrowd and haven’t looked back.

Does the risk of a researcher exposing a vulnerability concern you?

No at all, because the environment has been locked down. The environment was segregated from the live site, which we chose to do. Nothing that was active and live that would have been affected by any of the testing or evaluation.

What are your thoughts of the Bugcrowd researcher community?

All researcher interactions were done through Bugcrowd. They facilitated all researcher communication since we wanted to focus strictly on fixing bugs. There was a situation when a researcher disclosed a scripting bug in our system that we needed to attend to. Bugcrowd promptly escalated the vuln to us, which we then fixed.

Would you recommend Bugcrowd to another company?

Yeah, I would! We haven’t had any issues and everything has been seamless. Working with the Bugcrowd team has just been simple and hassle-free. The whole process to test and undertake was very simple. Bugcrowd guided us with what we needed to enable for the interaction to occur and run through the entire testing scenario.

About Stephen Collett

As Solutions Architect at Movember, Stephen is the security lead and internal security assessor. He ensures over 1.2 million users are able to access the online solutions to register and donate, as well as ensuring that the online solutions are capable of processing over $120 million of donations with a month.