AWS CloudTrail vs. Bugcrowd vs. HackerOne

HackerOne

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
AWS CloudTrail	Score 8.8 out of 10	N/A	AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of an AWS account. With CloudTrail, users can log, continuously monitor, and retain account activity related to actions across AWS infrastructure. CloudTrail provides event history of AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking,…	N/A
Bugcrowd	Score 9.4 out of 10	Mid-Size Companies (51-1,000 employees)	Bugcrowd connects companies' security and dev teams to vetted and talented security researchers worldwide to run crowd-powered private and public bug bounty programs.	N/A
HackerOne	Score 9.0 out of 10	N/A	HackerOne is a hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited, from the company of the same name in San Francisco. The service is used for vulnerability location, pen testing, bug bounty, and vulnerability triage services.	N/A

Pricing

AWS CloudTrail

Bugcrowd

HackerOne

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
AWS CloudTrail	Bugcrowd	HackerOne
Free Trial
Yes	No	No
Free/Freemium Version
Yes	No	No
Premium Consulting/Integration Services
Yes	Yes	No

Entry-level Setup Fee

No setup fee

Additional Details

You can view, filter, and download the most recent 90 days of your account activity for all management events in supported AWS services free of charge. You can set up a trail that delivers a single copy of management events in each region free of charge. Once a CloudTrail trail is set up, Amazon S3 charges apply based on your usage. You will be charged for any data events or additional copies of management events recorded in that region. In addition, you can choose CloudTrail Insights by enabling Insights events in your trails. CloudTrail Insights analyzes write management events, and you are charged based on the number of events that are analyzed in that region.

—

For more information please email www.hackerone.com/contact or find us on the AWS Marketplace: https://aws.amazon.com/marketplace/seller-profile?id=10857e7c-011b-476d-b938-b587deba31cf

More Pricing Information

Community Pulse
	AWS CloudTrail	Bugcrowd	HackerOne
Considered Multiple Products	AWS CloudTrail No answer on this topic	Bugcrowd Chase Palmer, CISSP Security Engineer II Chose Bugcrowd Budget was ultimately the reason we went with Bugcrowd initially. Bugcrowd allowed for us to come up with our own bounty scale to fit out budget. Most other companies had a fixed scale, or the scale was not as flexible as we wanted it. Traditional penetration testing … Incentivized Helpful?	HackerOne Verified User Engineer Chose HackerOne These were very close and we liked HackerOne better. For a time we did have both and we felt the need to consolidate the information into one platform and end of life our internal offering. Overall we've been fairly happy with HackerOne. Incentivized Helpful?

Best Alternatives
	AWS CloudTrail	Bugcrowd	HackerOne
Small Businesses	Armor Score 6.0 out of 10	No answers on this topic	No answers on this topic
Medium-sized Companies	Druva Security Cloud Score 9.4 out of 10	No answers on this topic	No answers on this topic
Enterprises	Druva Security Cloud Score 9.4 out of 10	No answers on this topic	No answers on this topic
All Alternatives	View all alternatives	View all alternatives	View all alternatives

User Ratings
	AWS CloudTrail	Bugcrowd	HackerOne
Likelihood to Recommend	8.0 (4 ratings)	8.0 (1 ratings)	7.0 (2 ratings)

User Testimonials
	AWS CloudTrail	Bugcrowd	HackerOne
Likelihood to Recommend	Amazon AWS It is necessary to enable [AWS] Cloudtrail when using AWS in a production environment, otherwise you will not have any idea what is happening within your accounts. Third party monitoring applications will all require [AWS] CloudTrail to be enabled as well. I would not recommend it solely as a monitoring tool, to get the most out of it you must send the logs elsewhere. Either to Cloudwatch logs or a third party product. Incentivized Verified User Anonymous Read full review	Bugcrowd Bugcrowd is great for bug bounty programs and as a cheaper alternative to a full-blown penetration test. Small to medium-sized companies who are serious about security, but don't have the budget for a $40,000 penetration test, this is a great solution. Bugcrowd isn't going to be able to do much of the white-box penetration testing (code reviews), as they are more suited for grey-box and black-box. A program like this will need at least one dedicated person to work with the moderator, verify findings, and decide on the severity of the finding. Incentivized Chase Palmer, CISSP Security Engineer II Read full review	HackerOne It is one of the good platforms for security researchers to submit bugs and other vulnerabilities, it however, has some challenges, in terms of un-verified and duplicate submissions. Incentivized Jugpreet Talwar Technical Intern Read full review
Pros	Amazon AWS API Log User activity tracking Real-time alerts Incentivized AS Anton Smyslov Product Owner Read full review	Bugcrowd Having a pool of security researchers helps keep the penetration tests broad, getting the most bang for your buck. The integration with Slack makes it easy to keep tabs on the program and when new findings are submitted. The interface is pretty simple to use and fairly intuitive. Incentivized Chase Palmer, CISSP Security Engineer II Read full review	HackerOne Filter for spammy bug reports Nice central interface Payment/reward system is nice Incentivized Verified User Anonymous Read full review
Cons	Amazon AWS [In my experience] Cost can easily get out of control with multiple trails on full logging Logs can be difficult to decipher Incentivized Verified User Anonymous Read full review	Bugcrowd The success of your program highly depends on the moderator that is assigned to your project. A good moderator will continue to find researchers until the quota is full. Less than stellar moderators will send out one invite and sees what sticks. Not all researchers are as professional as one might hope. This can ruin the experience. Incentivized Chase Palmer, CISSP Security Engineer II Read full review	HackerOne A lot of duplicate bugs get reported, although it does offer automatic suggestion of previously reported bugs that may be duplicates, it is far from perfect. Anyone can report bugs, a lot of them are not verified before submission. This sometimes leads to a lot of time spent in verifying if the bug is really actionable. Each submission has to be treated with equal potential, a lot of time, some time gets invested in vulnerabilities that aren't as important as some others. Incentivized Jugpreet Talwar Technical Intern Read full review
Alternatives Considered	Amazon AWS I think in the end, CloudTrail has more features and you can dive deeper inside the logs so it depends on your usage and what you expect in the end to make the right choice, I would say that both tools are really useful and bring a lot of benefits to I.T. companies. Incentivized Verified User Anonymous Read full review	Bugcrowd Budget was ultimately the reason we went with Bugcrowd initially. Bugcrowd allowed for us to come up with our own bounty scale to fit out budget. Most other companies had a fixed scale, or the scale was not as flexible as we wanted it. Traditional penetration testing companies were very expensive. Incentivized Chase Palmer, CISSP Security Engineer II Read full review	HackerOne These were very close and we liked HackerOne better. For a time we did have both and we felt the need to consolidate the information into one platform and end of life our internal offering. Overall we've been fairly happy with HackerOne. Incentivized Verified User Anonymous Read full review
Return on Investment	Amazon AWS Allows us to investigate any strange api actions Increases security Audit trail of changes made in AWS Incentivized Verified User Anonymous Read full review	Bugcrowd We have received some great results for a great price. We've also received some poor results at the same price. Bugcrowd is not always recognized as a "real" penetration test, but for the most part, we have not had any problems with customer accepting our reports. Overall, Bugcrowd has been an overall good experience, but we have had a poor moderator from time-to-time that has resulted in less than ideal results. Incentivized Chase Palmer, CISSP Security Engineer II Read full review	HackerOne Bugs that can't be tracked internally are submitted by external researchers, which is an important factor for security vulnerabilities. Even if the bugs reported are duplicates, there still is provision to award reputation points, that keep the researchers engaged. It also requires a lot of verification and validation, as a lot of the submissions are unverified to begin with. Incentivized Jugpreet Talwar Technical Intern Read full review
ScreenShots	AWS CloudTrail Screenshots	Bugcrowd Screenshots