Cloudflare Zero Trust

• Configuring Cloudflare Integration
  • Managing Targets
  • Managing Researchers
  • Managing Logs

Bugcrowd Cloudflare Zero Trust (CF ZT) integration, provides:

• Researchers with secure access to customer environments.
• Customers with more visibility, and control on researcher activity against their targets.

More specifically, customers can:

• Start or stop researcher traffic as needed.
• Activate or deactivate targets, add or remove targets to the list.
• View researcher specific activity logs.
• See a list of URIs that researchers are using to access the targets.

The integration provides customers with more granular researcher level controls i.e. the ability to identify and track a researcher, and pause their activity.

Note: The current phase of the Cloudflare integration, researcher activity can be tracked for the public facing assets and targets. This solution will be extended in a future phase to support managing and tracking researcher activities across internal networks.

Researchers download and login to Cloudflare Zero Trust WARP client to access the test targets. Instructions to researchers on how to download and login to the WARP client are provided in the engagement brief.

Configuring Cloudflare Integration

The Cloudflare integration is set up in the program’s settings and is specified for a specific security program and the engagements present. There are no limitations to the number of programs that can be set up with the Cloudflare integration.

To configure the Cloudflare integration, follow these steps:

1. Navigate to your program Settings and select the Integrations tab.

   

2. Click on Configure to manage the cloudflare integration.

   

Note: If it is the first time setting up the Cloudflare integration for this program, the button will show Add Integration instead of Configure. .

In the Cloudflare integration, there are three tabs Targets, Researchers, and Logs.

Managing Targets

The Targets tab shows the list of targets under consideration for the testing in the security program. Targets can be added or removed, activated or deactivated for researchers. If a target is deactivated, then the target will not be reachable for the researcher through the Cloudflare Zero trust client. No log will be captured for this target, until it is activated.

To manage the targets, follow these steps:

1. Click on Add targets.

   

2. Select targets from the list in the Targets drawer.

   

   Once a target is added, a Target added successfully message is displayed.

   

3. All added targets are listed in the Targets column. Click on the three dots adjacent to View in the Actions column.

   

4. Target can be deactivated by clicking on the Deactivate menu item or toggling the button in front of the target.

   

5. The target details can be viewed by clicking View target details.

   

6. It shows all the engagements that this target is used.

   

7. If there are large number of targets present, then the search filter can be used to identify the specific targets.

8. Additional targets can also be added to this list by clicking the Add targets.

   

9. Targets can be removed from this list by clicking on the Deactivate and Remove from list in the menu.

   A confirmation message appears. Click Remove to confirm.

   

Managing Researchers

1. To view the current set of researchers, click on the Researchers tab.

   

   Researchers are added to the engagements when it is set up by the Bugcrowd Staff. Researchers can be added or removed only by the Bugcrowd team.

2. After the researchers are added, they are listed in the Researchers tab.

   

3. Click on the three dots next to the researcher to view the menu.

   

4. Click the Deactivate option in the menu to deactivate the researcher from doing further tests on the targets . A researcher can be activated again by clicking on Activate.

   

   

5. Click on View researcher details to view the list of engagements that the researcher belong to which has the targets in the scope.

   

Managing Logs

The Logs tab show a list of all the logs available. You can import additional log file by selecting the date. All the activities on the activated targets for that day will be imported. The imported log file will show in the list and you can download the log file. Activities up to 30 days can be imported in the log file.

1. To import logs, click on the Import logs tab.

   

2. Select the date and click Import.

   

   Once the log is imported, a Import request successful message is displayed.

   

3. Click on the Download icon to download the log file.

   

   The downloaded log file contains the following log details:

   Field in the Log file	Details
   Datetime	Date and Time of the HTTP request made
   URL	Full URL for the HTTP request
   Email	Email ID of the user who made the HTTP request, through the WARP client
   HTTP Host	Hostname present in the HTTP header for the HTTP request
   Action	Action taken based on the first rule that matched (for example Allow or Block)
   HTTP Version	HTTP version of the origin connected to on behalf of the user
   HTTP Method	HTTP method used for the request (for example, GET or POST)
   HTTP Status Code	HTTP status code returned in the response
   Destination IP	Public IP address of the destination requested
   Destination Port	Port of the destination requested
   User Agent	User agent header sent in the request by the originating device.
   Untrusted Certificate Action	What action should be taken if an untrusted origin certificate error occurs (for example, invalid certificate chain, signed by non-public CA, expired certificate, etc.) none, error, block or pass-through
   Session ID	The session identifier
   Referrer	Referrer request header containing the address of the page making the request

---