Pen Test Methodology Checklist and Uploading Logs

For any methodology based engagements (such as Classic Pen Test), you can follow the step-by-step methodology checklist for reporting submissions. You can view the description under each checklist that provides instructions about what you must do in each step. Also, you must upload your Burp log file (or project file) in bulk at the end of the flow. This should include traffic pertaining to the in-scope targets of this engagement. Submit your Burp log as an attachment with a single submission to the program.

To submit a report for Pen Test program:

  1. After logging into Bugcrowd, click the Dashboard tab.

    Dashboard tab

  2. On the Tasks tab, click the task for pen test. The program associated with the task is displayed and lists the workflow steps that must be updated.

    Click Task tab and then click the required task

  3. Each step in the Pen Test displays a checklist along with the description. You can select Completed or N/A. If you select N/A, provide the reason why this check was not applicable in the Notes section.

    You can submit a vulnerability report for each step. The report will be linked to the step or you can link it to previously submitted report.

    Checklist for Pen Test

    The steps in the checklist are specific to a program.

    At any point, you can click Save draft to save the form.

  4. In the Notes section, add information about what was tested and observed.

  5. In the Upload log files and attachments section, attach the burp log file and any other relevant attachments. You can attach multiple files (up to 20). Individual upload size must be under 400 MB.

  6. Click Next to move to the next step in the testing process.

  7. After completing all the testing steps, you can upload log file that includes all associated traffic for the in-scope targets of this Pen Test.

    Upload logs

  8. Click Next and add the executive summary. The executive summary should be written with a high-level view of both risk and business impact. It should be concise and clear so that non-technical readers can gain insight into security concerns outlined in your report.

  9. Confirm your submission adheres to the program brief and Bugcrowd’s terms & conditions.

  10. Click Submit summary.

Note: As you work through each step in the methodology, you’ll see the progress bar updating. The progress bar updates if you select Completed or N/A. It updates even if you leave the Notes section blank. The progress bar shows the completion of steps in blue when the progress is below 33%, in orange when the progress is between 33%-66%, and in green when the progress is more than 66%.

progress bar