Scenario study: Crowd Testing

problems%20overview

scenario%20para1
John is the business owner of “The World of Notebook”,one of the leading online store providing laptops to end-users. Unfortunately, the website was hacked and the business was badly affected.

scenario%20para2
However, his in-house web developers do not have the expertise in conducting web security assessment and fix the vulnerabilities.

scenario%20para3
John appointed Condition Zebra, which is highly recommended by some trusted source. Now, he has two options on the researchers to be involved in his campaign. He can make his campaign available to the entire Crowd Researcher of Condition Zebra or handpick his preferred security team from the Crowd Researcher list.

John decided to make his campaign open as he would welcome any researchers that keen to join and contribute to his campaign.

scenario%20para4
John set up the mechanics for his campaign. Below are the summaries:

Date: April 1 to April 30

Rules and regulations:

  1. Researchers are allowed to test the website from 12.00am-6.00pm on a daily basis.
  2. Researchers are not allowed to take down the site at any time
  3. Researchers are not allowed test the internal network of “The World of Notebook”

campaign2

scenario%20para5
After confirming the mechanics for his campaign, Condition Zebra provides John a login details to Crowd Testing Portal. With the login, John is allowed to login and check the latest status of the campaign with the reported vulnerabilities. 

At the same time, Condition Zebra will make the announcement and notify the Crowd Researchers about John’s Campaign. Each researcher who is keen to participant in John’s campaign will need to agree to the terms and conditions. Violators will be suspended and prosecuted.

campaign%203

scenario%20para7
At April 1, 12.00am, John’s campaign is activated and the researchers will apply their penetration testing techniques on John’s website. The researchers will submit the vulnerability they found to the Crowd Researcher Portal throughout the campaign, meanwhile Crowd Testing “Vulnerabilities Investigation Centre” will verify and analyze the submitted vulnerabilities.

campaign%204

scenario%20para8
Crowd Testing “Vulnerabilities Investigation Centre” will update the tested and verified vulnerabilities to John’s account.

This process ensures that John is having the most updated status and vulnerabilities details whenever he login to his account. Each reported vulnerability is equipped with comprehensive analysis such as the URL, threat categories and proof of concept.

fixing

scenario%20para9
With the report provided by Condition Zebra, John has the option to get his in-house team to fix the vulnerabilities. However, his in-house team does not have the expertise and knowledge in this area.

scenario%20para10
In order to have the best result out of this campaign, John has opted for Condition Zebra to fix the vulnerabilities of his website.  After all, Crowd Testing “Vulnerabilities Investigation Centre” has analyzed and tested the vulnerabilities.

fixing2

scenario%20para11
After the campaign, John’s business is back to normal and he has practiced to conduct a penetration testing on his website once every 6 months to ensure the security of his website and the safety of his online customers.

 

Login

Password Reset
Please enter your registered e-mail address for ZEBRAGUARD Partner Portal. You will receive a new password via e-mail.