Case Study: Catawiki achieves 3x more vulnerability discoveries and stronger platform and API security with Bugcrowd

Catawiki maximizes security ROI with Bugcrowd Pen Test and Bug Bounty

Catawiki, Europe’s leading marketplace for special objects with 10 million monthly visitors, needed stronger assurance for its web platform and internal API to protect auctions and user trust. Previous pen tests and bug bounties delivered few meaningful findings, poor communication, and no pen test vulnerabilities in 2022, forcing frequent provider changes and extra onboarding workload for the security team.

Catawiki moved to Bugcrowd’s unified pen testing and bug bounty platform, gaining better communications, a larger pool of skilled testers, and one place to manage results. Bugcrowd’s pen test identified four P2 issues (including API flaws) that informed Catawiki’s security roadmap, and the managed bug bounty revealed novel vulnerabilities at 3× the industry rate in the first two months, enabling prioritized fixes and ongoing protection.

Catawiki

Aristide Bouix

Cybersecurity Architech