- Lightweight vs Heavyweight
- A Lightweight Approach
- List the worst-case scenarios for the company
- List the systems that are in-scope/out-of-scope
- List the ways in which threat actors could trigger those scenarios
- List the possible preventions or mitigations.
- Follow Up with Tickets
- Frequency
- Other Threat Modeling Methodologies and Techniques
- STRIDE
- Kill chain
- OWASP Resources
- Microsoft Threat Modeling Tool
- What is a Bug Bounty Program?
- The Most Common Mistake
- What are the benefits of a Bug Bounty Program?
- What makes a Bug Bounty Program successful?
- Competitor Comparison
- Comparison of Bug Bounty Service Providers
- Program Types
- Feature Comparison
- Financial Analysis
- Price Comparison
- Theoretical Annual Spend Model
- $15K Bounty Limit Per Year
- $30K Bounty Limit Per Year
- $45K Bounty Limit Per Year
- Program Scope
- Workflow Best Practices
- Additional Advice
Security from Zero
Chapter 14:
Threat Modeling Exercises
Chapter 15:
Effective Bug Bounty Programs
This page is a preview of Security from Zero