The first of its kind in Australasia, Capture the Bug provides organisations with an AI-powered Bug Bounty and PtaaS (Pentesting as a Service) platform with intelligent features like Patch Assistance which allows customers to launch a cost efficient pentest and patch for vulnerabilities at the click of a button.
A community of around 1500 ID-verified security researchers are then notified and can start searching for, and reporting, vulnerabilities that could lead to data breaches. Researchers are rewarded with a bounty – monetary or other – but only if a vulnerability is found.
Founder, Ankita Dhakar, explains their mission is to democratise security testing and make it accessible to everyone, not just large companies.
“There are global companies out there offering similar systems, like HackerOne in the US, but they work for big organisations and have very complex legacy systems that are expensive for businesses and hard to change,” she says.
“Our vision is to support high growth tech startups, that the likes of HackerOne can’t cater to, who will become big players in the future.”
Modernising cybersecurity testing
Ankita explains that traditionally, businesses address cybersecurity by approaching a consultancy who would search for vulnerabilities and report back. But because this is a point in time analysis, it has limitations.
“Modern SaaS businesses are making developments every few weeks but if you were to make changes to an application past this point, that report means nothing,” she says.
“Plus, the cost with periodic testing is high and resource intensive. You’ve got to go back and forward with the consultancy on the scope, how long it will take to assess, when they can expect a report and so on.”
Ankita believes that’s the reason many businesses only go through the process once or twice a year.
“It’s challenging to stay protected with that approach. But with Capture the Bug, they get continuous testing, real-time insights and a more cost efficient, scalable, faster and agile pentesting solution,” she says.
A closer look at the platform
According to Ankita, there are three aspects to the platform.
The first, she says, is the vulnerability disclosure and bug bounty programmes, which any organisation can launch through the Capture the Bug platform.
“For example, every government agency in New Zealand is required by law to have a vulnerability disclosure programme in place. And they do, without the reward aspect. The problem is security researchers don’t know about them.
“With our platform, government agencies and businesses can leverage the community and technology we already have, so they don’t have to do the hard work of setting up the disclosure programme. And they’ll only receive high quality vulnerability reports in their inbox.”
“Plus, you’re not just hiring one person, you’re getting a global community of security researchers along with their various skills and knowledge, who all have different methodologies to finding vulnerabilities.
“These agencies also don’t know how to communicate with researchers and don’t have ways to ID verify them so anyone on the internet can report a bug whereas on our platform, only registered users can report vulnerabilities.”
The second aspect to the service is the pentesting platform for businesses who need controlled security assessments on specific assets, explains Ankita.
“These companies may be using a third-party vendor to comply with security compliances like ISO 27001 SOC 2.
“They might be spending anywhere between 15 to 30 thousand on a one-time pentest. With us, they can spend the same amount but get more regular testing and more value.
“For example, an organisation can launch three full pentests for 20k + GST plus they can launch a Vulnerability Disclosure Programme and get assistance to patch the identified vulnerability – all included in the cost.”
The third aspect is the integration of AI into the platform which provides support to fix vulnerabilities once identified, says Ankita.
“If you’re a business that has received a vulnerability report from a security vendor, you still need to fix those vulnerabilities.
“There’s a huge skill gap here. A lot of developers don’t come from security backgrounds, so they have to spend a lot of time researching and understanding the vulnerability in order to fix it, and to ensure it doesn’t happen again. And they have to do it alone – security consultancies don’t provide that assistance.
“But with our platform, through the power of AI, they’re shown details about what the vulnerability is and how to fix it. That saves a lot of time for a company.”
Customer, Daniel Peake from McGregor’s Farm Services, agrees.
“We’ve spent five years building our reputation. We don’t want to be the next cyber victim in the paper. The CTB platform means lighting it up for our firm with self-service that saves us a bunch of time and money while ensuring our systems and data are secure,” he says.
The road ahead
With the global penetration testing market poised to reach a valuation of USD 5.28 billion in 2028 from USD 1.87 billion in 2021, registering a CAGR (Compound Annual Growth Rate) of 15.97% over the forecast duration, Ankita has big plans.
“We’re not just targeting companies, but government agencies as well. We want to be the go-to solution for vulnerability management in New Zealand and Australia and eventually further afield,” she says.
Growing their community of security researchers to 5000+ and raising more funds to support the growth of the business is also top of mind for Ankita.
“I’m really excited about the future of Capture the Bug – for what it offers organisations but also the opportunities it provides security researchers with too.
Reflecting on her entrepreneurial journey and the resources available to her going forward, Ankita’s positive she has what she needs to succeed.
“Waikato has everything a startup needs – access to good talent, the university, the best educators. And there’s a vibrant, growing and connected startup community here.
“I’ve been lucky to have some very supportive tech mentors here in Hamilton including Bob Stokes from CTEK and Sarah Webb, based in Tauranga, from LawVu and Ministry of Awesome.
“They’ve really gone above and beyond to help me and give me support and advice along the way which has made a huge difference to the success of my business and my enjoyment of the journey.”