John is the business owner of “The World of Notebook”,one of the leading online store providing laptops to end-users. Unfortunately, the website was hacked and the business was badly affected.
However, his in-house web developers do not have the expertise in conducting web security assessment and fix the vulnerabilities.
John appointed Condition Zebra, which is highly recommended by some trusted source. Now, he has two options on the researchers to be involved in his campaign. He can make his campaign available to the entire Crowd Researcher of Condition Zebra or handpick his preferred security team from the Crowd Researcher list.
John decided to make his campaign open as he would welcome any researchers that keen to join and contribute to his campaign.
set up the mechanics for his campaign. Below are the summaries:
Date: April 1 to April 30
Rules and regulations:
- Researchers are allowed to test the website from 12.00am-6.00pm on a daily basis.
- Researchers are not allowed to take down the site at any time
- Researchers are not allowed test the internal network of “The World of Notebook”
After confirming the mechanics for his campaign, Condition Zebra provides John a login details to Crowd Testing Portal. With the login, John is allowed to login and check the latest status of the campaign with the reported vulnerabilities.
At the same time, Condition Zebra will make the announcement and notify the Crowd Researchers about John’s Campaign. Each researcher who is keen to participant in John’s campaign will need to agree to the terms and conditions. Violators will be suspended and prosecuted.
At April 1, 12.00am, John’s campaign is activated and the researchers will apply their penetration testing techniques on John’s website. The researchers will submit the vulnerability they found to the Crowd Researcher Portal throughout the campaign, meanwhile Crowd Testing “Vulnerabilities Investigation Centre” will verify and analyze the submitted vulnerabilities.
Crowd Testing “Vulnerabilities Investigation Centre” will update the tested and verified vulnerabilities to John’s account.
This process ensures that John is having the most updated status and vulnerabilities details whenever he login to his account. Each reported vulnerability is equipped with comprehensive analysis such as the URL, threat categories and proof of concept.
With the report provided by Condition Zebra, John has the option to get his in-house team to fix the vulnerabilities. However, his in-house team does not have the expertise and knowledge in this area.
In order to have the best result out of this campaign, John has opted for Condition Zebra to fix the vulnerabilities of his website. After all, Crowd Testing “Vulnerabilities Investigation Centre” has analyzed and tested the vulnerabilities.
After the campaign, John’s business is back to normal and he has practiced to conduct a penetration testing on his website once every 6 months to ensure the security of his website and the safety of his online customers.